GDPR, which stands for General Data Protection Regulation (and heralded as “the most important change in data privacy regulation in 20 years”) was brought into effect across the EU in late spring 2018. Its goal is to standardize the way companies use consumer data, with strict regulations on how data is collected, stored, shared, and used. It’s not just for Europe either, some American states are adopting similar laws but direct mail automation can ease the transition into the GDPR future.
Who is Impacted by GDPR
You don’t have to be headquartered in Europe for the GDPR to apply to you. The regulatory rules apply to all organizations that offer any sort of good or service in the EU and/or monitor the behavior of EU citizens. This includes any company involved in processing or holding personal data of EU citizens, no matter where the company is located.
Not doing any sort of relevant business in the European Union? You still shouldn’t ignore the principles of the GDPR. The tides are changing in terms of how businesses can utilize consumer data for marketing purposes.
California recently unanimously passed a law, called AB 375, similar in scope to the GDPR. AB 375 gives Californians greater control over who has their data and what they can do with it, in turn making it much more difficult for companies to proceed with standard marketing tactics. Other states are expected to follow suit.
It’s smart to get on board with where things are headed in relation to consumer data, even if you’re not yet affected by a legal data protection ordinance — because even if you’re not now, you probably will be soon. Here’s what you need to know to minimize your risk, including how direct mail automation can help you ease the transition to GDPR compliance.
Direct Marketing in the Age of the GDPR
The GDPR has an effect on essentially all direct marketing tactics, and two legal guidelines within the GDPR hold the most relevance in terms of achieving compliance: consent and legitimate interests.
Consent under the GDPR must be freely provided, with the consumer openly and specifically agreeing to the processing of their data. Companies can be called upon to provide proof of consent, so it’s important to keep clear records on this front.
Keep in mind that consent isn’t quite as easy to achieve as you might think. Pre-checked, opt-in consent boxes at the bottom of newsletters or hidden away in service agreements aren’t going to cut it.
You need clear agreements of consent from the individuals whose data you process and use, and you must regain consent any time you make a change to your communications policy. You also have to give consumers a clear and direct path to withdrawing consent if they choose to do so.
“Legitimate interests” is an even murkier swamp to wade in. The UK Information Commissioner’s Office defines a three-step process for determining legitimate interests:
- Identify a legitimate interest.
- Show that the data processing is necessary to achieve that interest.
- Balance that necessity against the consumer’s interests, rights, and freedom.
If that sounds to you a little tricky to define and uphold, you’re not alone. In general, your best bet in achieving GDPR compliance in direct marketing is to rely heavily on direct consumer consent. And it’s for that reason that direct mail automation, more so than other marketing efforts, holds one of the keys to successful marketing in a world guided by stricter data use regulations.
The GDPR and Direct Mail
The GDPR’s heaviest regulations are on phone and email messaging, because it can be incredibly hard to gain the necessary level of consent required through these mediums (plus, for email, the data necessary for an effective campaign is in itself protected if you don’t have consent).
The question many companies are struggling with: how do you get consent when you can’t reach out and ask for it? And the answer: direct mail.
GDPR regulations over direct mail are not as stringent as they are over either phone and email communication, primarily because direct mail is less invasive. It’s a lot easier to meet the legitimate interest requirement for direct mail, and mailers can in turn be used to obtain consent for additional and varied forms of communication.
To prove your company has a legitimate interest in pursuing a lead via direct mail you just need to be able to show that your direct marketing business interests are worth you reaching out. In other words, if you have a good reason to get in contact, you’re probably good to go.
Direct mail doesn’t just offer companies an easier opportunity to market; it also allows for a good avenue for acquiring opt-in consent for additional communications. Mailers can be used to gain consent, either through having the recipient mail something back or by directing them to landing pages where they can opt-in. As such, it’s one of the most efficient tools available for businesses marketing under the GDPR.
Easing the Compliance Transition with Direct Mail Automation
If direct mail is the key to obtaining consent in the GDPR era, then direct mail automation is the key to simplifying the process. Use it to identify leads who have yet to provide opt-in consent and send them mailers, as well as to track and store data regarding who has consented so you have the data available and can automate consent update notices when necessary.
Direct mail automation is especially helpful for companies outside of the EU, who may only have specific customers whose rights fall under the GDPR. Use it to drive separate marketing strategies for consumers within the EU, and within that group, to organize data subjects by consent status and funnel stage. Do the same for Californians protected by AB 375 and to update marketing efforts as more states and countries adopt stricter regulations around consumer data use.
The GDPR is the new kid on the block in terms of data regulations, and it’s yet to be seen how enforcement will play out. Err on the side of safety, however, and focus on achieving clear and direct consent for EU consumers. Direct mail is the best way to do it, and direct mail automation will make the confusing process a bit easier to handle.
PFL can help you implement an automated direct mail solution that works with your marketing platform. We’ve been working closely within the GDPR landscape and have helped companies like Dropbox navigate direct mail and GDPR compliance. Check out our Tactile Marketing Automation solution and see how it can help you with GDPR compliance.