GDPR: the biggest misconceptions about direct marketing

Since the introduction of the GDPR in May 2018, we’ve received many questions about the new General Data Protection Regulation. It appears there is still much confusion about the GDPR and buying mailing lists for direct marketing campaigns. We have listed the four most common misconceptions.

1. Because of the GDPR it is no longer allowed to send unsolicited emails

Wrong! The GDPR and the ePrivacy regulation are two different things.

The GDPR mostly concerns processing and updating data. Moreover companies are obliged to remove personal data when requested.

The ePrivacy regulation for email marketing says that you can’t mail people without their consent. This regulation has been in force since 2009 and is not affected by the GDPR.

In short: it has been forbidden to send unsolicited emails since 2009. But you can use opt-in email databases, which can be rented for a one-time email campaign. All compliant with local regulations.

Want to know more about how you can approach potential customers via email? Read my blog about buying email addresses.

2. Because of the GDPR you can’t use current databases of data owners without asking all the people in the database for their permission

No, that’s not necessary. Part of the GDPR is “Recital 47”. This recital describes that the legitimate interests of a controller (data owner) may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.

In short, databases with personal data composed before the GDPR, can still be used and traded. Of course you have to comply with the law concerning the use of this data. Contact us for more information about complying with the law.

3. The GDPR forbids telemarketing campaigns

Incorrect! The rules for telemarketing remain the same. You can only call consumers and sole proprietorships without permission if they’re not listed in a ‘Do not call’ register. Are you planning a telemarketing campaign? Then you must check if people in your database are enlisted in a ‘Do not call’ register. A private company, limited company or other entity cannot be enlisted in a ‘Do not call’ register, meaning you’re allowed to call them.

4. All data in databases fall under the GDPR

Incorrect! The rules for telemarketing remain the same. You can only call consumers and sole proprietorships without permission if they’re not listed in a ‘Do not call’ register. Are you planning a telemarketing campaign? Then you must check if people in your database are enlisted in a ‘Do not call’ register. A private company, limited company or other entity cannot be enlisted in a ‘Do not call’ register, meaning you’re allowed to call them.

Looking for a privacy compliant database or mailing list for your direct marketing campaign? Or do you have questions about the GDPR?

As an international data specialist BoldData makes sure that your (international) campaign always complies with the latest laws. We take privacy extremely seriously and only work with data you can trust. Need advice? Contact our privacy experts.