It was obvious to everyone that the General Data Protection Regulation (GDPR) threatened the mailing list industry in a profound way. Since the new legislation was implemented in May 2018, the sector had been forced to undergo significant change. This wasn’t only down to losing a number of players but also the way list owners have adapted, which has been both interesting and surprising.
For Andy Smith, managing director at Corpdata, a mailing list provider for over 25 years, the advent of GDPR presented him with three choices – the first two being to wait and see what would unfold or simply to do nothing. Neither of those seemed like a good idea.
Instead, after really thinking through GDPR’s potential impact, he opted for the third option as it was clear real change was needed sooner rather than later. This meant dissecting the regulations to see how it might apply to direct marketing, including its influence on those supplying business lists and the clients that use them. It soon became apparent to Smith that to properly prepare the company needed to act without delay. And despite the many challenges that came with this, Smith has no doubt it was the right thing to do.
Taking action fast saw Corpdata completely re-engineer its list collation process, totally changing how the company tele-researches its business contacts so they’re based on individual preferences, on top of re-designing how it licenses its business lists. These steps weren’t to simply ensure Corpdata’s lists contained the detail clients needed but that they remained legally safe to use in a GDPR world.
Commenting on Corpdata’s approach to GDPR, Smith says: “It would appear there are list owners who essentially do now what they did before last May, meaning it’s still possible to find yourself in a mailing list because your personal information is held within a business directory or database for reasons other than for direct marketing. However, GDPR is about more than how you obtain personal information – it’s about respecting the wishes of your data subjects.”
Smith also notes the advent of GDPR will, over time, improve the sector. Historically, there’s been a tendency for list providers to talk up their own lists but now that’s very risky. Thanks to the new legislation, companies are forced to really ensure their offering complies with GDPR, so it’s no longer good enough to take someone’s word for it.
Now, users of direct marketing lists must understand the legal basis for col-lecting the personal information they intend to use, how the fairness and transparency requirements of GDPR have been applied, evidence from their list provider to help them prove they’ve done nothing wrong and to have thought through what action they will take if data subjects protest. That’s why it’s increasingly common to speak with people who have learned to live with GDPR and appreciate they need to do proper due diligence when sourcing their mailing list.
Smith closes by saying no one yet fully understands what GDPR means in the long-term. “We acted on our interpretation of GDPR and its impact on us as a business list provider and our clients but I have no doubt guidance and best practice will continue to evolve over time. There will be interesting times ahead and work to do.”
Given all the steps Corpdata’s taken, you’d be forgiven for assuming it al-ready knows what will happen with GDPR post-Brexit. Well, Smith’s opinion has always been that, deal or no deal, GDPR is here to stay. So you better take the action you need to ensure you’re compliant too. 
