Uh-oh. According to the Telegraph earlier this week, businesses are at risk if they send their traditional Christmas card missives to their contact lists, all because of GDPR.

Apparently, “companies need permission to send seasonal greetings via email”, and MPs are supposedly quaking in their shiny leather shoes about sending cards to their constituents.

And don’t even think about the impact on poor old Santa, who’s had to implement data clean up protocols and consent opt-ins for his naughty and nice lists.

Except none of that is true.

The GDPR is a sensible and mostly reasonable way of protecting personal information in the information age, but its obligations are frequently taken out of context and interpreted wrongly.

Christmas cards sent to your existing customers thanking them for their business are unlikely to be seen as marketing, so should be fine to send.

When it comes to sending traditional marketing materials, contact lists should be cleaned up to remove people that haven’t engaged with you for a while, and you should always present an opt-out for receiving marketing materials. Opt-ins to send marketing are not always necessary. And other rules on email marketing (which have nothing to do with the GDPR) permit marketing in business contexts. In this area at least, the GDPR is broadly a reminder of common sense fair marketing principles, and shouldn’t be a reason for knee-jerk responses.

But Santa had better check his list twice, just in case one of the elves missed an opt-out.