GDPR and Doordrop FAQs

Written by members of the Doordrop Hub of the DMA Print Council.

The Doordrop hub of the DMA Print Council have produced this set of FAQs to guide you through the the world of doordrops post GDPR highlighting why they are compliant.

Q: Why is doordrop media GDPR compliant?

A: Doordrop media targets groups of households rather than individuals. All of the data sets and segmentations that are used in the targeting of a doordrop campaign are anonymised and do not contain personal data.

Q: What about ICO fines? Is it risky to use doordrops?

A: Doordrops are GDPR-compliant by design. The ICO’s office has stated “If an organisation is sending mail or leaflets to every address in an area and does not know the identity of the people at those addresses, it is not processing personal data for direct marketing, and the GDPR rules will not apply.”

Q: Why don’t you need consent to send doordrops?

A: Because they do not require or contain personal data, the GDPR does not apply.

Q: Do I need to demonstrate legitimate interest to be able to send doordrops?

A: As above, the GDPR rules do not apply so no need for legitimate interest, consent or any legal basis for processing data as the postcode data we use for targeting is not subject to GDPR.

Q: Am I allowed to target postcodes using household profiles?

Yes, typical household profile software uses propensity modelling to breakdown UK households into a set of categories with similar characteristics. You can then select to target a selection of household categories based on their likelihood of matching certain criteria, such as age and income ranges. No personal data is involved, and you are not targeting a specific individual.

Q: And what about using my existing customer database as part of the door drop plan?

Some door drop businesses will offer to analyse your existing customer database, with a view to targeting similar types of people with the door drop.

This is GDPR compliant, providing the data you share cannot be used to identify the individual. Therefore, you should provide only postcode data – with no name, door number, street name or any other identifying data, such as date of birth.

Q: Is this a loophole? Sounds too good to be true!

A: No. Doordrop media is both targeted and broadcast, and just as press, TV, radio and other broadcast channels are not subject to GDPR neither are doordrops. The targeting for doordrops requires only anonymised data, making it quite unique as a channel.

Q: So why isn’t everyone using doordrops to acquire new customers?

A: Good question!

If you have a question about the use of door drops relating to GDPR regulations, please contact the DMA by emailing print@dma.org.uk