Skip to main content

Door Drops and GDPR Compliance

Introduction

The General Data Protection Regulation (GDPR) came in to force in May 2018 with the intention to improve the level of protection surrounding personally identifiable information (PII) both on and offline.

The stark changes to ways in which brands could collect, store and share data, led to direct marketing and customer acquisition strategies being re-evaluated and impacted many businesses greatly with regards to their marketing strategies. Business databases across the world took a dramatic hit as entire mailing lists were required to re-opt-in, and many customers at this point chose to opt-out. In addition to the opt-in policies, the facts around what is or is not personal information under GDPR also came under scrutiny.

Unlike Direct Mail, Telemarketing, Online and Mobile marketing, Door Drop provides a data driven marketing solution without the requirement or complexities of PII. The targeting for Door Drops requires only anonymised data, making it quite unique as a channel.

The DMA Print Council have produced this set of FAQs to guide you through the world of Door Drops post GDPR highlighting why they are compliant.

FAQ

Q: Why is Door Drop media GDPR compliant?
Door Drop media targets groups of households rather than individuals. All of the data sets and segmentations that are used in the targeting of a Door Drop campaign are anonymised and do not contain personal data / PII.
Q: What about ICO fines? Is it risky to use Door Drops?
Door Drops are GDPR-compliant by design. The ICO’s office has stated “If an organisation is sending mail or leaflets to every address in an area and does not know the identity of the people at those addresses, it is not processing personal data for direct marketing, and the GDPR rules will not apply.”
Q: Why don’t you need consent to send Door Drops?
Because they do not require or contain personal data, the GDPR does not apply.
Q: Do I need to demonstrate legitimate interest to be able to send Door Drops?
As above, the GDPR rules do not apply so no need for legitimate interest, consent or any legal basis for processing data as the postcode data we use for targeting is not subject to GDPR.
Q: Am I allowed to target postcodes using household profiles?
Yes, typical household profile software uses propensity modelling to breakdown UK households into a set of categories with similar characteristics. You can then select to target a selection of household categories based on their likelihood of matching certain criteria, such as age and income ranges. No personal data is involved, and you are not targeting a specific individual.
Q: And what about using my existing customer database as part of the Door Drop plan?

Some Door Drop businesses will offer to analyse your existing customer database, with a view to targeting similar types of people with the Door Drop.

This is GDPR compliant, providing the data you share cannot be used to identify the individual. Therefore, you should provide only postcode data – with no name, door number, street name or any other identifying data, such as date of birth.

Q: What about Partially Addressed Mail?
Partially Addressed Mail is a highly targeted and responsible way to reach potential customers, without requiring their personal data. Instead, it uses data sources like geo-demographics to identify postcodes and households with potential prospects. The item is addressed to ‘the household, or to a campaign-specific name, enabling customer acquisition without the use of personal data. Partially Addressed Mail lets you target small groups of around 15 households, at postcode level.

For more information:

Click here for guidance from the ICO

https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/

Click here for full DMA Door Drop GDPR FAQs

https://dma.org.uk/article/gdpr-and-doordrop-faqs