Over the last year, many of our clients have needed reassurance that our services continue to comply with the law in the same way as before the introduction of GDPR (General Data Protection Regulations) in May 2018.
Some organisations take the view that direct mail (DM) creates an unnecessary risk and have chosen to replace DM with expensive advertising in press, magazines and local billboards. The problem is that these media choices lack the direct communication with the target audience that only DM can provide.
A properly conducted Direct Mail campaign continues to remain just as lawful and effective as ever
In this blog post, we explore the reasons for these very real concerns and explain that the change of media strategy is not justified by the facts.
Getting ready for GDPR caused educational institutions a great effort
Although businesses from all sectors had to take steps to get ready for the May 2018 deadline, the impact on the education sector was particularly tough.
The issues surrounding data storage and the use of student and parent information created a substantial burden for many institutions. Management had to set new rules, communicate the importance of the legislation to all staff and maintain new procedures.
In many cases the task was made more difficult by compliance demands from local authorities who also faced difficulties with storage and use of data on residents’ and voters’ records.
The laws stayed the same. Only the penalties are new
Although the core of the law remained exactly the same since it was originally established in the 1998 Data Protection Act, the new GDPR gave the impression that there were major changes in the lawful use of stored data. However, the facts remain the same, because you always had to take all reasonable steps to ensure that confidential data remained confidential.
There has been almost no change in the definitions of lawful use of data
It is a fact that despite all the fuss, there has been almost no change in the definition of lawful use of data. What has changed is the price of the penalty that may be payable if a company is in breach of the lawful use of data.
Penalties have substantially increased
What’s new are the penalties that can be applied – 1, if you fail to maintain data securely and 2, if you become aware of a breach of any kind, but fail to inform the Information Commissioner of that breach promptly.
There is also considerable concern created by the fact that laws have been amended to make sure that all parties involved in a breach of legislation are liable to prosecution.
For example, if one of your students steals your data about other students, or their parents and sells it to someone else, you can’t avoid being implicated in the theft. It was your data security that was at risk!
Electronic Communications (emails)
Confusion about GDPR has been greatly amplified by the new rulings on Privacy and Electronic Communications Regulations (PECR). As the name implies, these regulations apply to emails and even the telephone, if any kind of automated delivery is used.
The ruling means that all electronic communications that are directed to consumers (or identified individuals) should only be sent with the ‘informed consent’ of the receiver.
This is where many educational institutions are forced to rethink compliance and the law. Informed consent in respect of communications to education stakeholders (parents or students) should only refer to educational activities. It is no longer strictly lawful to send around a general email about a Jumble sale in aid of a local charity!
However, any educational institution which is taking due care to use and store data lawfully is very unlikely to be in breach of the act ever. The law is there to protect people’s privacy it is not there to interfere with the conduct of education.
Postal Communications:
The GDPR rulings are not there to interfere with the lawful conduct of direct marketing activities. Please take note that the requirement for ‘informed consent’ does NOT apply to postal communications.
It is still lawful to communicate the educational advantages of your school or college directly to parents through quality direct mail. Indeed DM communications remain the most effective way to contact parents within your target group.
Scott Marketing has been responsible for direct mail to over 250,000 parents since the introduction of GDPR. These have all been cost-effectively targeted directly to parents of children of the required age group from within the school’s catchment area.
Necessarily, we make sure that all our communications are fully compliant with the law.
If we can help you with your postal campaign or with any other aspect of your marketing activities then please contact us.