GDPR – How it will Impact Email Marketing

The new EU GDPR is coming on 25 May 2018


The new EU GDPR (general data protection regulation) is going to be released on 25 May 2018.

It will directly affect all marketing practices such as email marketing.

Marketers would need to rapidly alter how they seek consent from prospects, obtain and save it. If you are an online marketer, this change is something you would need to have full knowledge of.

This GDPR Compliant guide provides comprehensive information on how to prepare and comply with this new regulation well before the effective date and post that too.

What does it imply?

Email marketing under the new GDPR rules means that email marketers need to gain consent that is specific, informed, unambiguous and given freely.

In order to ensure your email marketing strategy is in compliance with the new regulation, you would have to adopt certain new practices such as:

  • New opt-in permission rules for consumers
  • Storing systems that have proof of consent
  • A method via which a consumer can ask that his/her personal information be removed

This new regulation applies to B2B as well as B2C businesses in 2018. You can use neither soft opt-in nor soft opt-out methods.

The recommendation is that you start to use the double opt-in function to ensure you are in compliance with the new GDPR rules.

It is important to change the manner in which you achieve customer consent. However, you also need to be careful about your how business works with a third-party solution provider and the data they provide.

Profiling also falls under this umbrella of this regulation as it includes a specific definition of subject’s rights.

The stringent requirements that have been set by the GDPR need to be complied with. Failing to do so can result in you being fined.

How you can manage your email marketing strategy under GDPR

Even though this new EU regulation shakes up the marketing space, you can still continue with your email marketing efforts.

In order to achieve your objectives in this respect, there are certain measures you would have to take; here is a checklist you can use:

1. Conduct a thorough audit of your existing database

The things you need to keep in view are:

  • The geographical location of your prospects
  • Capturing an audit trail of the consent you take

2. Know your customers and how you acquired those contacts

  • Are you following the practice of double opt-in?
  • Are you keeping track of when & where your prospect contact information is coming from?
  • How did these contacts come to your database?
  • Is the information on the source and permission detailed enough to hold up in court if required?

3. Review your data practices and ensure you disclose them

  • Is your business asking for consent when the data is being collected?
  • Does your privacy policy hold clear and concise details about how your business collects stores, transfers and processes data?
  • Are the recipients being informed about this privacy policy related to data collection?

4. Focus on all your upcoming initiatives to ensure that you are compliant now

Any new initiatives that you take should take this compliance requirement into consideration. This will help ensure you aren’t saddled with rework in the future.

Are you still able to continue sending email marketing campaigns to your existing contacts?

The GDPR doesn’t just apply to the data that will be collected from May 25th, 2018 (the effective date).

It applies to data that has been collected prior to that as well. You need to peruse your existing consent records.

Determine whether your current contact lists prove that you have authorisation to send-out email marketing ads to every contact.

If there are any ambiguous records, you would need to obtain new & express consent from outdated out-dated contacts on your list.

This step needs to be followed to send all email marketing communications properly.

As this regulation impacts profiling, you have to comply with its requirements in order to send any targeted & personalised emails.

Are you still permitted to purchase contact lists under GDPR?

The GDPR allows certain purchased lists that have a clear and concise statement of consent in the original subscription.

However, this can throw some deliverability concerns because the lists that are permitted might not be useful for your email marketing strategy.

Get your email unsubscribe functionality right

In order to be compliant with the GDPR, every email marketer needs to make sure they provide proper avenues to contacts that wish to unsubscribe from the email list.

The opt-out process needs to be very clear and simple. It’s best to incorporate an unsubscribe link in every marketing email you send, where the subscriber can:

  • Unsubscribe to your marketing communications
  • Unsubscribe to all the communications you send
  • Contact a valid return email address

All the points discussed above are very important aspects of maintaining compliance with the new EU GDPR.


Please consult your Data protection Consultant or Officer. This is information does not indemnify readers of their GDPR obligations.

Let’s work to achieve your goals together.

Contact Us