Direct Mail and GDPR

We’ve heard some interesting interpretations of GDPR, particularly around how to handle consent, what legitimate interest really is, and how you manage emails and direct mail. We thought we’d provide some useful clarity:

The rules are pretty clear:

Direct marketing is allowed under GDPR, without consent, using the lawful basis of legitimate interest. You are allowed to market to customers you already have a relationship with


The e-privacy directive (PECR in the UK) states that, over and above the rules in GDPR, you cannot digitally communicate with consumers without their consent. This includes email, telephone and SMS, but excludes direct mail. For B2B contacts, while their work email is considered personal information if it contains any part of their name, you are allowed to contact them using legitimate interest, so, if you have a consumer contact database that is not opted in to receive digital communications what can you do?

You can still direct mail to them to engage them, and ask for their consent, using legitimate interest. You should also be adding legal consent wording and actions to all your communications, your website and your call centre.

When is it “legitimate interest”?

When using legitimate interest as a legal basis if you can show:

  • The way you’re using the data is proportionate
  • The communication will have minimal impact on their privacy
  • That your communication would be unlikely to cause objection

You can read the ICO guidance on legitimate interest for further information on the matter.

If you’ve got any other questions on GDPR and how it might impact your marketing we have specialists in house who can help – just get in touch.


Get in Touch

Every new relationship starts with a conversation, talk to us to see how we can help you.

Go to Top