Skip to main content

The recently published GDPR special edition of MEF’s eBulletin series, supported by CLX Communications, highlights the perspectives of the diverse MEF membership and experts on their path to preparing for GDPR compliance.

From data accuracy to consent and repermissioning, Jim Conning, Managing Director of Royal Mail Data Services, here highlights five key enterprise challenges of the General Data Protection Regulation.

Whatever stage you’re at in your GDPR preparation, 25 May 2018 represents a threshold in the way you conduct your marketing and manage the data you hold. I can sympathise with anyone who feels nervous in the run up to the GDPR deadline; we all want to know if we’ve implemented our GDPR plans properly. To recap, the GDPR requires any organisation that holds the personal data of European Union (EU) citizens – including that of UK nationals – to follow clear guidelines on how data is collected, stored and used. The individual has the right to object to the use of their personal data.

Here are five key topics around the GDPR that are likely to be high in the priorities of organisations as we enter a new era in data management.

The GDPR and the personal data value chain

Article 5(d) demands that the data organisations hold must be accurate, kept up-to-date, and any out-of-date information be refreshed or deleted.

This presents both a challenge and an opportunity for organisations with large amounts of valuable customer data. Data accuracy is not just a compliance issue; it’s a business issue too. Royal Mail Data Services’ research finds that the quality of contact data is the leading factor impacting campaign response and conversion rates. In 2017, we found that the average cost to the business of poor quality customer data equated to 6% of annual revenue.

Recent Royal Mail Data Services research also found that data quality is a problem for just under a quarter (23%) of UK businesses. While nearly half (46%) check their data daily or monthly, a third (33%) still do not have any formal data quality processes in place.

The GDPR presents the perfect opportunity for organisations to build trust with their customers by apportioning valuable time and budget to making sure their customer data is accurate. This should set a protocol for regular data accuracy updates going forward.


There are two approaches to contacting customers for marketing purposes; via consent or ‘legitimate interests’. Both have equal validity for processing customer data for marketing use. Businesses should make decisions that are appropriate for their customers’ needs, based on advice from their legal teams. Both options give brands the opportunity to re-engage with customers and update them on which approach they are using and why.

Permissioning and repermissioning

If you take the consent path, you may need to seek repermission from customers.

When seeking repermission, the safest and most reliable way is by using direct mail. Several companies have been fined for trying to gain the GDPR standard of consent by email, when they had no consent at all. Under the Privacy and Electronic Communications Regulations (PECR), an email which requests consent will be seen as a marketing message, so if it you don’t already have some form of consent it could be viewed as ‘unsolicited’ and therefore not compliant. However, you do not need consent to reach customers via postal marketing so long as the mailing can be sent under legitimate interests.

The Data Protection Network has published guidance on how you can assess whether your mailing qualifies under legitimate interests. As part of this process, you must ensure that the mailing is proportionate, has a minimal privacy impact, and that people would not be surprised or likely to object to receiving the mailing.

We’ve seen huge retail brands like IKEA use mail to great effect when seeking permission for future contact and even use mail as an opportunity to alert customers to the benefits of consenting to other forms of contact, such as email.

Whichever option you choose, the GDPR offers a real opportunity to demonstrate transparency and build trust between you and your customers.

How the GDPR will determine the quality of data that is available

We have established that data accuracy – and therefore data quality – lies at the heart of the GDPR, and that our studies show that attaining high levels of data quality is a serious challenge for many UK businesses. It is likely during the course of communicating
your chosen approach – whether consent or legitimate interests – that you could lose some contacts.

But on the upside, you know you have an engaged and invested customer base and can improve your targeting and return on investment of your marketing.

How will the GDPR affect the third-party data market?

Our study in 2017 found that 43% of marketers are ‘very’ or ‘reasonably’ confident that third-party data will be GDPR-compliant, much lower than the 78% who feel the same about their internally-held data. This is natural, as any brand that controls its own data collection and management has complete visibility over what type of data it holds and its maintenance.

I believe the GDPR will be good for the third-party data sector. The Information Commissioner’s Office (ICO) is most likely to focus on the less reputable end of the data market where collection and reselling of data is taking place outside of existing and future legislation.

The GDPR is aimed at protecting the consumer, so I anticipate that GDPR-compliant third-party data organisations will be well placed and we should see further confidence in third-party data in the GDPR world.

I see the GDPR as a big opportunity to press “refresh” for organisations, not only in the way they handle data, but also how they continue to build relationships with their customers.

Jim Conning

Managing Director, Royal Mail Data Services


Download the free GDPR Ebulletin now

With unique insight and analysis on enterprise messaging, permission and consent, the monetisation of personal data post GDPR, customer profiling and cultural and behavioral changes, the GDPR special edition eBulletin provides an invaluable glimpse into how businesses are meeting their obligations under the EU’s new data protection regulation, and how they see the industry in a post-GDPR world.

MEF’s GDPR eBulletin is available now