A particularly notable area in the GDPR regulations includes a section about ‘legitimate interest’. This means data that falls within a legitimate interest may not require explicit consent. A person may not have to provide permission to be contacted, if they are considered a legitimate interest.

What does this even mean?

What The GDPR Actually Says About Legitimate Interest

Taken from the ICO:

Article 6(1)(f) gives you a lawful basis for processing where:

“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

Why is this important?

A Legitimate Interest Can Be Marketing

GDPR recital 47 states: “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”

You need to follow some rules, though!

First up, you must state in your privacy policy that you may consider legitimate interests within your communications policy.

You must process data in a way that does not override the interests of the individual. For example, you may need to process personal data to create customer behaviour analyses. You cannot then share this data without anonymising it first.

However, for marketing purposes, you may consider data to be of legitimate interest even if it seems it may conflict (but not override) the rights and interests of the individual.

You may even override these fundamental rights if you are working with personal data for a public interest task, such as sharing with Government agencies upon request.

You cannot use the argument of legitimate interest if there is another way to achieve the same outcome which is less intrusive. For example, if you want to process data on customer purchases to improve a ‘recommended products’ area of your website, this data can be anonymous without the need to process identifiable factors of the individual.

What Legitimate Interest Means For Direct Mail

Legitimate interest is more flexible than explicit consent. It may be, for example, that you have never previously sent direct mail campaigns (letters, flyers, postcards: any physical communication you send to customers), and therefore have not requested explicit consent to use personal data in order to carry out such a campaign.

However, when you start using data in a new way like this, it can be considered a legitimate interest. You just need to make sure you then provide an explanation when you send your direct mail campaign about how and why you’re using data the way you are.

For example, you could add a short line that says: “You’re receiving this letter because you’re a previous customer of MyComany and we wanted to let you know about cool stuff. If you don’t want any more letters, please email [email protected]”.

Another example is that of ‘recommended purchases’ on websites. This is a legitimate interest, as is can improve the buying experience of the consumer but does involve processing personal data in order to create these recommendations.

What Does This Mean For Your Mailing Database?

Having a legitimate interest means your direct mail game is about to rocket.

You can contact your previous and new customers using direct mail under the legitimate interest clause. You can do this as long as you explain why you’re using their data in this new way (to further engage and deliver a personalised buying experience, obviously!) and provide a way for them to opt out of future direct mail campaigns.

You don’t need explicit consent to send a direct mail campaign, as long as it is considered not detrimental to the individual’s interests.

This means you can reach those who have yet to opt into your marketing or re-engage with those who have not responded to a re-consent campaign.

(Of course, just remember to NOT contact people who have already explicitly opted out of direct mail communications!).

Ready to create a killer direct mail campaign to re-engage with your customers? Keep an eye out on tomorrow’s blog, which is all about making your flyers and leaflets GDPR compliant.

Related Posts

Adult Website Blackmail Scam This week I have started receiving a new blackmail/scam email which seems to be doing the rounds This scam works on the premise that the recipient of...
Hacked Websites Report 2017 The Hacked Website Trend report is a report produced by Sucuri. It summarizes the latest trends by bad actors, identifying the latest tactics, tec...
Are you GDPR compliant? The EU General Data Protection Regulation (GDPR) takes effect on 25th May 2018, so there is not much time left to take the appropriate steps to achiev...
How to update WebsitePanel services/providers If you upgrade Windows or any of the software on your server, there is unfortunately no easy way to apply these changes within WebsitePanel, which mea...

You don't have credit card details available. You will be redirected to update payment method page. Click OK to continue.

Share This
%d bloggers like this: