The GDPR – The Marketing Question?
With the implementation of the GDPR Direct Mail is more important than ever in communicating with your existing and potential clients.
The GDPR states that the processing of personal data for direct marketing may be regarded as carried out for a legitimate interest.
Whilst you will need specific consent for email, SMS marketing and telesales calls, meeting the conditions for legitimate interest means you won’t need consent for postal marketing.
When posting direct mail you must include a clear opt out option for future mailings.
For more information please visit the ICO (Information Commissioners Office)
Communicate has provided a summary to help you with the requirements of the GDPR below:
The GDPR sets out stringent rules on how data can be stored and processed.
The GDPR defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
The Data Protection Principles
The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:
- Processed lawfully, fairly, and in a transparent manner.
- Collected for specified, explicit, and legitimate purposes.
- Relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate, kept up to date and when requested – is erased, or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
- Processed in a manner that ensures appropriate security of the personal data.
Accountability and Record-Keeping
Written records of all personal data collection, holding, and processing must be kept including:
- Security measures to protect all data
- Details of the Company, its Data Protection Officer, and any applicable third-party data processors
- Paying specific attention to sensitive data
- Source of data
- Why the organisation holds, and processes personal data and its retention policy
Please note the information above does not constitute specific legal advice and more information is available at https://ico.org.uk
Communicate is fully compliant with the GDPR and follows the Data Processing Principles to protect your data.
Communicate has the following in place:
- Data Impact Assessments
- Data Privacy Notice
- Data Processing Agreement
- Data Retention Policy
- Information Security Policy
- Staff GDPR Training
Copies of these are available on request.
By adhering to the GDPR data processing principles Communicate ensures your data is safe in our hands.