Is there any need to secure consent from a customer in order to send direct mail, or are Legitimate Interests enough?
Ad mail is by its very nature not electronic.
This means that it is not covered by the Privacy and Electronic Communications Directive (known as PECR), which stipulates that there is a need to secure consent to send marketing communications.
There is therefore no need to secure consent to send ad mail, and Legitimate Interests should be sufficient. But, the ad mail must have a clear unsubscribe or opt-out option.
But, that's not all.
The GDPR requires businesses to keep personal data as up-to-date as possible so you will still have to check that the person is not registered on the Mailing Preference Service (unless they are an existing customer of yours) and you should also screen against your in-house suppression file.
Lastly, before you send out the ad mail, do check that the Interests of your business does not have an impact on the recipient's right to privacy.
Normally this condition is met by including an unsubscribe or opt-out on the piece of direct mail.
To meet the Accountability requirements of the GDPR the ICO expects companies to demonstrate awareness at every level of their organisation, from boardroom to postroom.
The IDM Award in GDPR is the ideal, demonstrable, way to build GDPR awareness at every level of your organisation. Enrol now on our DMA-validated, two-hour online course.
To see the IDM's full portfolio of GDPR training courses and qualifications, click here.