Royal Mail makes key data marketing service GDPR-compliant
- Summary:
- Close consultation with the Information Commissioner leads to fully GDPR compliant service for UK businesses, says Royal Mail
The problem: on paper, the end of May advent of the EU-wide General Data Protection Regulation, GDPR, would kill off this service - as it would involve personal data and marketing communication that you might not have requested.
So serious has this been taken that in the words of the company’s Jim Conning, Royal Mail had to quickly respond - a process that has meant a major due diligence and software rewrite project.
The indications we were getting was it had to be fully consented, where the individual actually opted in. Now as GDPR got closer - and to that end we decided that we couldn't do that, therefore we actually took the product out of the market.
Fixing HMMS was going to be a big project, though, as that’s a lot of data to look after: Royal Mail believes there are around 25,000 change of addresses per business day in the UK, and that over the last five years 30% of every businesses contact data or customer data degrades by a third every year. There was also the need to future-proof it, of course, against any possible GDPR blow-back on any company that used it then found itself inadvertently in a data compliance issue.
Conning is Managing Director of Royal Mail Data Services, the part of Royal Mail which is there to both update and protect this data and which is the business owner of HMMS, he explains what the service is all about:
The individual has to be moving home, and we check that from the point of view of the redirection service. We then work with the brands to ensure that the copy and quality of the marketing which is purely for mail, and the offer that they're making is appropriate to a home move.
We take responsibility working with the brands for that, to protect the rights of the individual, and then when the individual receives it, if they don't want to receive any more marketing or offers around the home move they can opt out via electronic means, telephones, or letters from both the Royal Mail service and/or the brand whose used that data.
Rebuilding
It was his responsibility to address the problem - and rebuild this core Royal Mail service from the ground up in the light of GDPR so as to ensure, as he told diginomica/government:
The individual has to be moving home, and we check that from the point of view of the redirection service. We then work with the brands to ensure that the copy and quality of the marketing which is purely for mail, and the offer that they're making is appropriate to a home move.
We take responsibility working with the brands for that, to protect the rights of the individual, and then when the individual receives it, if they don't want to receive any more marketing or offers around the home move they can opt out via electronic means, telephones, or letters from both the Royal Mail service and/or the brand whose used that data.”
We believe that brands can use now HMMS under the legitimate interests justification of the GDPR, as they are providing targeted marketing around relevant products and services that will be useful and relevant to them.
That’s because, he adds, the service now specifically incorporates safeguards around consumer rights, such as the right to transparency and the right to object. Royal Mail now also reviews all third-party direct mail campaigns sent by snail mail to UK homes and businesses to ensure that they are relevant to home movers.
It also now claims information is time-limited, meaning it cannot be used more than one year after a house move - a combination that means vendors can lawfully use home mover data on a “legitimate interest” basis.
This data is only available for use direct mail campaigns, claims Conning, adding that HMMS can as a result go back to being a great way for marketers to increase prospect conversion, improve retention rates and reactivate lapsed customers - and, he says, preventing untargeted, unwanted marketing junk mail coming through your new letter box:
Brands can run HMMS direct mail campaigns to effectively target those who have while upholding their rights to how their data will be processed and to object, as they can choose to opt out of communications from either individual brands or all campaigns.
A helping hand
As stated, the help the ICO gave Conning was invaluable:
The information Commissioner's Office explained that legitimate interest was a valid GDPR way of doing HMMS. When the product was out of the market we spent a long time reviewing that to make sure that we could do it, because there's the rights of the there's the individual, who we have to be transparent with when we collect the data, as well as the brand that we're going to sell this to: we didn't want to sell data to brands that hadn't gone through a very rigorous process first.
Because we're over 500 years old, we didn't want to ruin a brand by doing anything that was even slightly risky, for both the customer and the individual who are both obviously customers of Royal Mail.
What we've done is we've created a more transparent, fair processing notice in the collection of the redirection journey.
My Take
At a time when the GDPR is causing marketers to have to really think hard on how they target new customers, it’s significant that as big a communications and data player as Royal Mail took the time to fix what is clearly a key product to protect both its customers and citizens. Allied to its work as a prime delivery partner of the government’s GOV.UK Verify digital identity solution, this is another tick-box in a campaign to reassure users of the Mail’s commitment to data protection, too.
It’s also pretty positive to see how co-operative the ICO was in this process, as brands will be more likely to do the hard GDPR work if they feel it’s not “out to get them”.