<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2091254041141547&amp;ev=PageView&amp;noscript=1">
GDPR | 4 min read

Here's Why GDPR Will Affect Your Email Marketing

27 October 2017 Written by Alexander Costello

As the GDPR clock continues to tick, businesses looking for advice on GDPR have significantly increased. After all, no one wants to be hit with a hefty fine once the deadline rolls around and they've been found to be non-compliant with the new laws.

If you didn't already know, the new GDPR laws rely heavily around data and consent. This means it would have a big impact on email marketing for any businesses dealing with EU countries.

GDPR is about genuine mutual trust between a business and an individual - and it's why it's important to get it right.

In this blog, we'll be taking a look into how GDPR is set to affect the email marketing world and what businesses need to be thinking about before the deadline hits.

Holes in Current Regulations

Currently, email spam regulations differ from country to country. Which is a problem within itself. These regulations, known as the 'Directive on Privacy and Electronic Communication' (or the 'EU E-Privacy Directive) mean that certain laws and processes can become skewed depending on the country you're sending emails from and the recipients in other countries you may be sending to.

Therefore, a business could potentially get into trouble without meaning to, especially if they were under the impression that they were abiding by the current regulation.

Right away, you can already see why GDPR is needed to plug the holes. GDPR will essentially become the one standardised law for all EU countries (and anyone who deals with EU countries) to abide by when it comes to data and consent compliance.

And if you read through our GDPR series, you'll have it all but stamped in your memory.

Consent Will Become Stricter

In order to protect the interests of both individuals and businesses, stricter consent will make up a huge part of the new GDPR stipulations - which means that email marketing is also affected going forward.

The regulations define an individual's consent that is given to a business must be "freely given, specific, informed and unambiguous."

In essence, consent simply cannot be assumed anymore. That means no more pre-selected tick-boxes, which GDPR would not view as a "positive opt-in" or as an accurate reflection of the individual's intentions. A person must given their explicit consent to handing over their data to you.

So when it comes to email marketing, your contacts will have to double opt-in in order to be sent emails from your company. That's not all: it's absolutely vital that your business provides a clear, no-nonsense information as to exactly how a person's data will be used. You would also need to give any recipient every opportunity to opt-out at any given time.

And when they do opt-out, your consent-withdrawal process needs to happen just as fast as someone opting-in.

Record Keeping is a Must

While record keeping never used to be a requirement with data processing and control, with GDPR coming into effect, it needs to become second nature for your business.

Think of it this way: keeping a record of every instance of consent being given will help show reasonable evidence of that fact, should you ever be challenged. So it's more about protecting your business from any suspected breach of the new regulations.

Will all your existing data also need to comply with GDPR? It most definitely does. If all your previous data was obtained in a way that the individual could not have consented under the GDPR standard, then you might not be able to send emails to those recipients anymore.

The best thing you can start doing is to review all your current data, determine which data subjects are not positive opt-ins, and begin requesting new consent under the new regulations. Those that don't respond or opt-in in time should be deleted from your records.

Any non-compliance could lead to fines up to €20 million or 4% of your business' annual turnover.

Time For a Review

Email marketers don't have much of a choice with GDPR going forward. If you haven't already started, now is the perfect time to review your email processes - from seeking and collecting consent to how you process and handle the data behind the consent. When it comes to email marketing, contractual, legitimate use and consent are the most important factors for a lawful process of an individual's personal data.

By adapting your email process with the GDPR-accepted opt-in processes, you'll actually be helping to ensure that your business is truly engaging with those who actually want to hear from you. Therefore, your email lists significantly improve in quality in the long run.


GDPR should be treated as a much needed way to replace both outdated and unclear regulations that are currently in place in the UK from the Data Protection Act of 1998. With one rule for everybody, it will make the process much more understandable and help to protect data privacy rights for individuals and businesses alike.

In a survey done by TrustArc, 61% of respondents stated they had not started their GDPR reviews or implementations. What's worse, only 4% said their business processes were fully compliant.

The numbers above are truly eye-opening. Email marketers in all businesses must play their part in ensuring they're adhering to best practice when it comes to consent and processes in which that consent will be used.

New call-to-action

Share this page to Facebook Share this page to Instagram Share this page to LinkedIn Share this page to Twitter

Keep up to date with Digital Media Stream – Subscribe to our weekly blogs

New call-to-action