What Does GDPR Mean For Email Marketing?



With the new GDPR laws coming in to effect bloody soon we should all be fully prepared for what is about to go down. However, as I am sure some of you haven’t looked at the changes yet, I thought I would run through what the new laws mean for your email marketing.

That being said, I know a lot of you won’t want to read the full article, which is cool, so a quick run through of what I’m about to say…

  • Make sure you have consent for the information you do have (recommend an audit of current database)
  • Opt-in to marketing, can no longer make the decision for them
  • Don’t buy data
  • Keep your data safe and secure, but also easy to delete information from
  • Go through your data and get them to opt-in quick!

Now for those who want to read on… please come forward

What is GDPR?

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. That was taken directly from Wikipedia.

Basically, it is a new law which was put in place by the EU that aims to improve company’s responsibility with their customers data. It forces companies to make sure they know where their data has come from, if the people in their data opted in to receiving communications and to also keep their data locked up tight like the gold in Fort Knox.

So what’s new?

Gathering data

With the new GDPR in place no longer will soft opt in or soft opt out options be allowed. The only way you can gather data on will be through ‘freely given, specific, informed and unambiguous consent’. The best way to achieve this will be:

  1. Ask the consumer to opt in during the login / account set up areas. Never assume opt in, such as a ‘tick this box to opt out’, it must be their decision to tick the box for marketing.
  2. The information you do gather needs to be logged in the correct way. You need to store how, where and when a consumer gave their consent.
  3. There needs to be a system in place whereby the consumer can ask to have their information removed.

Keep the email marketing alive

You can still produce and send email marketing campaigns, but not to just anyone. As long as you have the consent of your contacts (you can prove it) and you give them a very easy process to unsubscribe for your emails, you can email them as much as you want.

To market towards your existing databases you need to follow a few steps to make sure you’re doing it legally, and won’t be faced with a nice big fine. If I were you, I’d be looking at my data and asking myself these questions:

  1. Does my current database tell me who my contacts are and if they gave me consent?
  2. Do I know and have enough proof of where my contacts have come from and why they’re in my database to defend myself in court?
  3. Do my contacts know how their data is being stored, including a privacy policy that ensures safe and secure storage of their data?
  4. Am I logging any new contacts with the correct information, to prevent me ever having to go back audit my list again?

Following steps like this will ensure that you don’t have to face a fat fine and deal with lengthy court battle.

Opt-in again?

I would advise that you run a campaign to get those who are already in your database to opt back into your emails. If you don’t already have proof of the contact that have given direct consent to opt-in then I would recommend deleting all data on those contacts. I’m sorry, I know this will mean that you will lose quite a lot of information, but its better that, than some dirty fat fine, right?

Running a competition or something along those lines to get them to opt in should increase engagement. ‘Opt back into our mailing list to receive a free ….’ That sort of thing should encourage a better response than a direct plea for their consent.

Do you want to use your current database?

Nope, you can’t! If your current database doesn’t have the evidence that I have previously mentioned, then no don’t use it, for the love of god. Unfortunately for a lot of us the data doesn’t just have to gathered from 25th May onwards, its all data. So go ahead and email at your own peril.


Go back and look through your data, clean it through refine it and start a new campaign (pretty quickly) to get those who haven’t got proven consent to give it. Get them to opt back in, the contacts that didn’t sign back up, chances are they weren’t engaging with your previous campaigns anyway.

You will most definitely end up with a smaller database, but you know what, size isn’t everything.

Away from the terrible jokes, any new data you gather should be stored and logged so it shows when and how you got consent and it is also super easy to delete when requested.

Go forth, clean data, get some consent and get back to email marketing.

Catch up on Email Marekting Services over here for some more information on what we do. Anymore questions on the new GDPR regarding email marketing? Drop us a comment down below or send us an email, we promise we’ll keep that information safe…