The Advantages of Data Privacy in Postal Advertising 2023

There is a growing trend among users in the UK and worldwide towards seeking greater privacy. In the digital age, consumers are frequently targeted with advertisements and their personal data is collected and used by a variety of companies, leading to an increase in concern about data privacy and a heightened awareness of individuals’ rights to protect their personal information. As a result, a number of users have turned to ad blockers to protect their privacy online; in fact, recent data shows that 10% of users worldwide use ad blockers. Additionally, 87% of users who employ ad blockers would not engage in business with a company if they had concerns about its security practices.

McKinsey studies.

Along with using ad blockers, many users also take protective measures against data collection, such as clearing cookies and browser history. This is because they do not trust companies that request unrelated information or use their data in ways that are not transparent. Businesses that prioritise data privacy and are clear about their data collection and usage practices are more likely to earn the trust and credibility of their customers, resulting in increased loyalty and higher conversion rates. In this way, data privacy is beneficial for both businesses and consumers.


How Data Privacy Laws Work and What Are The Consequences on Your Business?


Data privacy refers to the safeguarding of personal information and data from unauthorised access or use. In the European Union, data privacy is regulated by the General Data Protection Regulation (GDPR), which took effect in 2018. The GDPR imposes a set of requirements on businesses operating within the EU in order to protect the personal data of individuals. In the United Kingdom, data privacy is governed by the Data Protection Act 2018 (DPA 2018). 

The DPA 2018 pertains to personal data processed by organisations and outlines the principles that organisations must follow when collecting, utilising, and storing personal data. These requirements include ensuring that personal data is collected and processed in a fair, legal, transparent manner, and solely for specific, explicit, and legitimate purposes. Personal data must be accurate, up-to-date, and not retained for longer than is necessary for the purposes for which it was collected; it must also be kept secure and protected from unauthorised access, use, or disclosure.

In addition to these requirements, businesses must obtain the consent of individuals before collecting and processing their personal data and inform individuals of their rights under the DPA 2018, including the right to access, rectify, erase, restrict, object to, or withdraw consent for the processing of their personal data. 

Source: UK Government.

Failure to comply with these requirements can result in fines and other penalties, as well as harm to a business’s reputation. It is therefore important for businesses to be fully aware of their obligations under data privacy laws and to take the necessary steps to comply with them.

Increasing user expectations and new laws related to data privacy are having significant consequences for businesses in the United Kingdom. Marketing solutions that rely on the collection and processing of personal data, such as targeted and segmented advertising, are becoming more challenging to implement due to new regulations and changing user expectations. One example of this is the recent decision by Google to prohibit the use of third-party cookies. 

Third-party cookies are small pieces of data that are stored on a user’s device and collected by a website other than the one the user is currently visiting. They are used to track a user’s browsing activity and target them with specific ads based on their interests and behaviour. The prohibition of third-party cookies by Google will likely require businesses to find alternative ways to perform targeted advertising.

In conclusion, businesses must carefully consider the impact of data privacy laws and users’ expectations on their marketing efforts and ensure that they are fully compliant with these requirements.


How to Comply With This Legislation?


Complying with data privacy law in the UK when it comes to digital marketing can be a complex task, as it depends on the marketing channels being used. It is important for businesses to carefully consider the requirements of data privacy laws when conducting any marketing activities that involve the collection and processing of personal data.

One marketing channel that requires particular consideration is email. In practice, this includes being mindful of how personal data, such as email addresses, is collected and stored. Strong encryption methods should be used to protect this data from potential breaches. Additionally, when collecting email addresses, and especially when considering using the channel to tailor promotions, it’s important to ensure that clear consent is obtained from users. This means that you can not use the email addresses for any purpose beyond what was agreed upon by the user during the collection process. 

Another way that organisations can legally use personal data for marketing is through the concept of “legitimate interest.” Legitimate interest allows organisations to use personal data for marketing purposes if it is in the interest of the organisation to do so, and if it does not unduly impact the rights and freedoms of the individual. However, in the context of email marketing, this concept of legitimate interest is only applicable when the email addresses have been obtained using a method known as “soft opt-in” , i.e. you need to seek customer permission before you market to them.

Soft opt-in is a method that allows a business to use an individual’s email address for marketing similar products or services, but only if the following criteria is met: the individual has had a previous relationship with the organisation, the email address was collected during that relationship, and the email address is being used only for the purpose of promoting similar products or services. If the email address was collected without using this method, legitimate interest cannot be leaned on as a lawful basis for processing, thus it will be required to obtain explicit consent from the individual before sending any marketing emails.

Obtaining explicit consent from users is difficult.  Many users will not be willing to provide consent which can hinder the success of any digital marketing campaign. This is where other marketing channels, such as Postal Advertising, provides a better chance of reaching a target audience whilst also adhering to data privacy laws.


What Are the Benefits of Data Privacy in Postal Advertising


Postal Advertising has an advantage in compliance, regardless of whether “legitimate interest” is used as a lawful basis for processing or not. Postal Marketing is considered an acceptable form of legitimate interest for marketers under GDPR. This is because Postal marketing is not a form of electronic marketing therefore meaning it does not face the same restrictions one-privacy laws such as the PECR which underpin GDPR. When it comes to Postal mail, there is no need to seek explicit consent from the customer even though it is usually required for SMS, emails and automated phone calls.


Marketing method

Is legitimate interest likely to be appropriate?
Post Yes
Emails to individual – obtained using “soft opt-in” Yes
Emails to individuals – without “soft opt-in” No
Emails to business contacts Yes

Source: ICO


  1. A key factor of determining the legitimate interest of your activity is the nature of processed data you are engaging in and your relationship with users. When it comes to postal marketing since the data being processed is mostly names and addresses  it would be reasonable for these individuals to expect to receive marketing materials by mail based on their previous relationship with the brand, therefore meaning a valid justification can be made.
  2.  In most cases a significant portion of your customer base has already established a prior relationship with your organisation. Direct mail is primarily utilised for retargeting efforts, as opposed to emails which may serve a broader range of communicative purposes. These customers may have recently engaged with your website and provided their name and address details in the course of making a purchase or they may be existing customers whose contact information is already in your possession. Given this context, it is unlikely that receipt of a communication from your organisation would cause dissatisfaction or offence among these individuals.


Even if postal marketing provides more flexibility relating to permissions, there are other factors that also make it a good choice for your brand.

Another, more general advantage of Direct Mail arises when the channel is used in new and innovative ways. For example by using retargeting techniques, companies can reach individuals who have previously been exposed to their brand, increasing the chances of a successful outcome. This targeted approach leads to a higher return on investment compared to more general forms of advertising, therefore making it a cost-effective marketing strategy.

Implementing any direct mail solution can be a challenging task that requires a significant logistical effort. From the design and production of the materials, to the printing and mailing of the campaign, the process is complicated and time-consuming. Additionally, managing the data and ensuring compliance with regulations also adds to the complexity of the process. Because of these difficulties, it is not advised that direct mail production and implementation is handled in-house. In most cases you should be looking to find the right partner for the direct mail stream that specialises in this type of advertising.


How Paperplanes Offers the Perfect Solution for Data Privacy in Postal Advertising


Paperplanes is a UK-based company that specialises in Data Science and Postal Advertising by leveraging its advanced automation technology. We are a leading provider of insight-driven programmatic direct mail in Europe. Our technology creates individually personalised direct mail pieces that are triggered by customer interactions on a business’s website. This approach allows companies to reach their customers in a more targeted and effective way, resulting in higher conversion rates and ROI.

One of the key advantages of Paperplanes’ technology is its ability to analyse customer interactions on a website and use this data to create personalised letters that are highly relevant to the individual receiver. This level of personalisation has been shown to increase engagement and response rates, making it an invaluable tool for businesses looking to drive growth and increase revenue.

Using Paperplanes for your direct mail effort eliminates the need to worry about data privacy law compliance. The company takes care of all the necessary server security and data encryption, so you can rest assured that your customer data is protected from breaches and other security threats. Additionally, Paperplanes adheres to strict data privacy regulations to ensure that your customer information is handled in an ethical and compliant manner. This gives you the peace of mind to know that you can run your direct mail campaigns without any concerns over data protection.

Paperplanes implements a solution that uses first-party cookies to collect users’ activity-related data. Our software then runs processes tracking scripts to determine and analyse users’ activity and interactions with your website. This enables Paperplanes to gather a significant amount of information about your customers’ behaviour, which is then utilised to create highly targeted and personalised letters. This approach provides an excellent level of personalisation that results in higher engagement and conversion rates. Re-targeting would have traditionally relied on the ability to track customer engagement via third party cookies across multiple websites to engage with consumers. Third party cookie usage is in decline following legislation changes. Paperplanes does not need to rely on such archaic methods for tracking as all cookies utilised and triggered for our technology are first party. Using first-party cookies ensures that the data collection is compliant with data privacy regulations, giving you the assurance that your customers’ data is being handled ethically and legally.

data privacy in postal advertising

Paperplanes is more than just a technical solution, it’s a team of experts that provide a full service solution for direct mail campaigns. We assist with data collection, campaign launch, monitoring, and provide expert feedback to improve performance. We work closely with our clients to understand their needs and goals, and create a customised strategy to achieve them. Whether you’re a small business or a large enterprise, Paperplanes has the expertise to help you succeed with your direct mail strategy.

View more blogs at