The enhanced consent requirements under GDPR have forced many businesses to rethink their marketing strategies. In the case of Royal Mail's Home Mover Marketing Service (HMMS), the regulation seemed to spell the bitter end.
The HMMS is a direct mail marketing campaign that allows brands to target home movers with relevant offers, products and services by drawing on Royal Mail's insights.
It combines mover contact and address data from Royal Mail's Redirection Service with property data from Zoopla to understand when people are moving house and to identify their purchase triggers. Businesses use this data to contact consumers when they're most likely to purchase moving-related goods and services, from home insurance and broadband packages, to furniture and appliances.
The service exploits a lucrative marketing opportunity. Royal Mail estimates that 11 percent of the UK's population move home every year, spending an average of £9,000 on their new property within six months of the move. Across the country, over £9 billion is spent on move-related goods and services and over £7 billion on home improvements within 12 months of people moving house.
Royal Mail's unique view of the mover market had created a distinctive marketing service, but the introduction of GDPR threatened to bring it to an end. Under GDPR, the use of personal data and sending unsolicited marketing communication looked likely to require explicit consent from each consumer.
This would force the HMMS to identify every data controller, which the service could not possibly achieve, as Jim Conning, Managing Director of Royal Mail Data Services, explains to Computerworld UK.
"We didn't see any way that we could make that work compliantly, because you're going out and speaking to a number of brands who you don't know when you're collecting the data," he says.
"From a compliance point of view, we didn't feel like we could do that. Therefore we stopped selling the Home Mover Marketing Service from the 25th of May this year."
Soon after they took the service off the market, rumblings from the Direct Marketing Association suggested that there might be an alternative way to achieve GDPR compliance.
Legitimate interests for direct marketing
"One way this form of data processing could occur legally is under the 'legitimate interests' clause within the GDPR. This can justify direct marketing campaigns where consumer's data is used in ways they would expect and which have a minimal privacy impact."
Royal Mail Data Services undertook a legitimate interests assessment to understand whether it could justify their use of data in this way, and then approached the Information Commissioner's Office (ICO) to seek their advice.
The ICO suggested that brands could use the HMMS under the legitimate interests clause, as they would be providing targeted marketing around relevant products and services that would be useful to consumers who had just moved house, but first, the service would require some improvements.
To protect the rights of consumers and prevent them from receiving unwanted marketing materials, safeguards such as the right to transparency and the right to object were incorporated in the HMMS.
Read next: How to ensure ongoing compliance with GDPR
"We've changed our fair processing notice to give greater granularity and visibility in transferring data to the individual when they're going through the redirecting service," says Conning.
"We've also put in guidelines where we actually have to approve the copy and the creative for the campaign to ensure that they are appropriate home mover offers, and we've also added in specific opt-out on any piece of campaigns that are done using our data, where the individual can opt out of Royal Mail mailing as well as the individual brand.
"So we've made it much more transferrable and we've made it much easier for the individual and therefore we've derisked it. I'd never say that it’s without risks, and brands have to do their own legitimate interests assessments, but we have minimised the risk to use our data, remembering that our data is already as low risk as it can be because we don’t pool or aggregate any third party data from the individual, who can opt out at any time."
Royal Mail Data Services also reviews all third-party direct mail campaigns before they are sent to ensure that they are relevant to home movers, and any information must be used within one year of their move.
The addition of these safeguards to a marketing service that provides consumers with specific and useful information convinced Royal Mail Data Services that brands had a legitimate interest in using the data.
"We had very little opt-out and very little complaints from the previous service, which was evidence of a valid and valuable service. So all of that, along with the extra granularity on the fair processing notice and the visibility of the campaign that we had made - I believe - the case very strong," Conning said.
As a result, the HMMS was brought back to market.
Read next: How businesses have prepared for GDPR
Conning recommends that any other organisations struggling with GDPR compliance should also seek the input of the ICO.
"My advice is go and talk to the ICO," he says. "They want to talk to you. They want to help businesses be successful. They're very pragmatic. Obviously you will never get approval from them but they will help you to derisk your service as much as you can."