“Do I need consent to send a Christmas card under the GDPR?” One of the latest Google search terms trending this month.
Print companies certainly feel the festive stress, processing vast orders of corporate Christmas cards. Some people may be surprised to hear that print is not dead, people in Britain buy more Christmas cards than any other nation. Charities, in particular, use Christmas cards as a great fundraising tool, with an estimated £50 million being raised annually.
One would hope that festive cheer is enough to satisfy the ‘legitimate reasons’ clause in the regulation. Advice has come in the shape of such statements as: “You can rely on legitimate interests if you can show that how you use people’s data is proportionate, has a minimal privacy impact, people would not be surprised or likely to object and they are given the means to refuse to receive such documentation in future (NB you must adhere to any such refusal).”*
Card manufacturers are obviously eager to calm any worries and have clarified that as long as clients haven’t specifically refused to receive marketing material from the organisation then all is well with the act of festive cheer!