Is GDPR still keeping you awake at night?


General Data Protection Regulation, GDPR, came into force on 25th May 2018, although if the number of headaches it has caused is anything to go by, it feels like it was so much earlier than that! Whilst GDPR is an EU framework, Brexit won’t negate its impact on businesses in the UK as the Government will retain GDPR in UK law .

For the purpose of this article, we’re looking at how GDPR affects Direct Marketing. In essence, more of a how we use data rather than what constitutes data and how we store it approach. Fortunately, the Information Commissioner’s Office announced at the beginning of 2020 that it will be carrying out a consultation on the Direct Marketing Code of Practice, so practical guidance when conducting direct marketing will be available to those operating within the broader direct marketing ecosystem. Don’t be misled by the term guidance, though; this is statutory stuff and “adherence to this code will be a key measure of your compliance with data protection laws. If you do not follow this code, you will find it difficult to demonstrate that your processing complies the GDPR or PECR.” 

The Draft Code of Practice is a long (124 pages), but detailed and comprehensive, guide to staying on the right side of the compliance auditors when it comes to your Direct Marketing. We recommend that you read through it, but your Citipost Mail account manager is always happy to answer your questions, if you’re not sure. The Direct Marketing Code of Practice is currently a draft, and we give details of how you can comment on it at the end of this article, but only as far as how it communicates the statutory requirements of GDPR and the Privacy and Electronic Regulations (PECR).

Does the Direct Marketing Code of Practice apply to me?

If you process personal data for direct marketing purposes, then yes it does. Direct marketing includes the promotion of aims and ideals as well as advertising goods or services. Any method of communication which is directed to particular individuals could constitute direct marketing. Direct marketing purposes include all processing activities that lead up to, enable or support the sending of direct marketing.

But we’re a not-for-profit/charity!

You must still comply with the Code of Practice because direct marketing is not limited to the sale of goods and services, it also includes the promotion of aims and ideas as well as advertising, so any fundraising, campaigning and promotional activities are included. The Institute of Fundraising has an interesting blog on its website on the subject and is engaging with its members to gather opinion before responding to the consultation.

What next?

The public consultation on the draft code remains open until 4th March 2020 and you can email your response to

Is it worth the hassle?

There’s no denying GDPR has made direct marketing more of a challenge but navigating GDPR just requires better planning and more thoughtful targeting. There are lots of solutions as far as getting your message out there is concerned, and here at Citipost Mail, we are always happy to talk to you about the best way to reach your audience including Partially Addressed Mail. Call us on 0203 2600240 and speak to one of our experts.