Skip to main content

How Will GDPR Impact Direct Mail Services?

With the 25th May drawing ever closer, businesses are doing all they can to ensure they are GDPR compliant. Data Processes and opt-in methods are being reviewed to ensure they are acceptable. There has been much speculation into the effect that GDPR will have on certain marketing avenues such as direct mail services.

Previously, we have looked into processing data under GDPR as well as looking at the effect it may have on telemarketing.

In this post, we will look at direct mail services closer to identify the impact GDPR may have. It is worth noting that GDPR will not have the exact same impact on every marketing method.

Legitimate Interest

Under the GDPR guidelines, it states that there are 6 lawful bases that an organisation can use to process personal data. An organisation needs to establish it has 1 of these 6 before it processes any data. One of these is legitimate interest. Specifically, the GDPR states the following about legitimate interest:

  • Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

A legitimate interest must be real and not vague. You will be able to market to an individual if you believe the marketing is in their legitimate interests. If you rely on this to process personal data then you must undertake a legitimate interest assessment (LIA). ICO have published some helpful information concerning LIAs if you aim to process under legitimate interests. However, in short, they include the following 3 steps:

  1. Identify a legitimate interest
  2. Undertake a necessity test
  3. Undertake a balancing test

For companies that provide direct mail services, you may be able to process under legitimate interest. This is as long as it will have minimal impact on the individual’s privacy. This also means that your company may not need to obtain explicit consent from an individual. However, whatever you send out must be relevant to those particular individuals. It must be in their interest to receive the particular content you are mailing. You are not able to use legitimate interests merely as a way around of not using one of the other 5 bases.

If in doubt, we would recommend you opt-in the records.


One of the 6 lawful bases to process personal data is consent. Previously, companies were able to ‘hide’ an opt-in in their terms and conditions. Alternatively, they may have had a pre-ticked box which opted you in unless you untick it. However, under GDPR, these practices will not be allowed.

Asking an individual for consent must be separate from any other requests on your forms/websites/marketing materials etc. It cannot be hidden away and it must state exactly what the individual’s data will be used for, by which methods and by whom. GDPR gives individual’s more rights in knowing how their personal information is to be used by companies. They must actively opt-in (by ticking a box for example) so keep records of your opt-ins and the methods you use to obtain this consent.

Consent is still achievable but your business must provide a valid reason that would make someone want to opt-in. As you may be aware, you will not be able to offer incentives such as money off, a prize draw etc. This being said, the incentive of receiving relevant, helpful and targeted information of interest or use would be a legitimate way to gain consent. Asking for an opt-in without justification is very unlikely to succeed.

Postal Marketing back on the rise

Previously, we have covered how direct mail has been making a comeback in recent years. In this digital age, having a tangible piece of content to interact with can make a welcome change. It is more memorable and has a greater impact than one of many emails sitting in your inbox.

Companies have realised this and direct mail marketing saw an increase in 2017 across the UK. With GDPR coming into effect, this rise may continue. However, due to the tighter regulations concerning personal data, companies must ensure they are compliant. The benefit that this brings to the consumer is that annoying, waste of time and more often, non-targeted marketing materials should disappear.

Direct mail services have also been evolving with the times. It is more personalised, accurate and visually appealing than ever before. Businesses will not neglect this because of GDPR, providing they are managing and processing data in accordance to the regulation.

As with any marketing communication, the individual must have the opportunity to opt-out (if they so wish). If you undertake any postal marketing, include a contact method that an individual can use to opt-out.


Compliance is an issue we talk about in all of our GDPR posts. GDPR aims to ensure that personal data is handled responsibly and for purpose by all data processors and controllers. Companies have a duty to keep records of their data processing activities to demonstrate compliance, should the authorities require it.

If you undertake direct mail or any form of marketing which involves personal data, you will need to demonstrate your compliance. Make sure that your processes are correct and keep records of everything you do concerning personal data. This includes how you opt-in and process the data. There are heavy fines in place for companies that breach GDPR regulations so this is not something that can be merely brushed under the carpet.


It is fair to say that GDPR is going to impact all aspects of direct marketing. This includes direct mail services as well. However, if a company is compliant and managing personal data correctly, postal marketing can continue. It is difficult to predict the exact effect that GDPR will have. As direct mail has been evolving in the past few years and making a comeback, we expect this to continue.

It is crucial that you regularly cleanse your data in order to be GDPR compliant. This will ensure you will not market to anyone who has opted-out.

If you would like any more information about GDPR and how it will affect your business, get in touch today and a member of the team will be happy to advise further.

Leave a Reply