top of page

GDPR In A Nutshell

Find out how to stay on the right side of GDPR legislation with your email marketing campaigns.

This guide can be downloaded in the "File Share" area or you can read it in blog format below.



· What is GDPR?

· What is Personal Data?

· GDPR and Email Marketing

· How to Manage Existing Customers

· Getting Consent from Contacts and Prospects

· Final Word


What is GDPR?

The General Data Protection Regulation protects an individual’s personal data, who has access to it, what it’s used for, and how safe it is. If you collect, use or store the personal data of any EU citizen, you need to comply with GDPR.

While it became EU law in May 2018, many businesses are still unclear on how GDPR affects their marketing activity.

Here’s what you need to consider in order to stay on the right side of the regulation while holding data and using it to market to existing and prospect customers.

What is Personal Data?

Personal data is anything that identifies an individual, but for the purposes of marketing, we focus on contact details, and namely email addresses.

GDPR and Email Marketing

In order to be on the right side of GDPR, you need consent from the people you wish to contact regularly with email marketing, and who’s personal data you store. This ‘consent’ must be freely given. You need proof of this consent, and a clear way for customers to request that their personal information is removed.

Using an email marketing platform, such as Mailchimp, can help you sort and keep track of customer consent, and ensure that you don’t keep contacting customers that have ‘opted out’ of your email marketing campaigns.

How to Manage Existing Customers

If you wish to send your email marketing campaigns to your existing database of customers, you have what’s called ‘legitimate interest’ to contact them. They are actively trading with you, so the emails should contain information and offers that will be relevant to them. It’s good practice to offer them an easy way to stop receiving emails, if they choose to. Simply add in an ‘unsubscribe’ button in your email footer.

Using an email marketing platform makes it easy, as the ‘opt-out’ section automatically updates your database, moving those that have unsubscribed to a separate segment, so you don’t contact them again by accident.

Getting Consent from Contacts and Prospects

If you’re looking to build a list of prospects, perhaps from trade shows or from visitors to your website, you can collect their data as long as they give you express permission to do so. It’s not enough to include a tick-box on a website contact page giving visitors to the option NOT to be contacted. You must be explicit.

If you ask for contact details, either to answer queries or in return for content or information, you must give prospects a clear choice to ‘opt-in’ to receiving marketing emails and be clear on how you will hold and secure their data.

If a prospect actively subscribes to your mailing list, it’s still good practice to issue a second ‘opt-in’ email to confirm the agreement. This process is called the ‘double-opt’ and will ensure that your email database list only contains those that want to receive your information, making that list much more targeted.

If you’ve bought in a database of contacts, things can get a little more complicated. Barbour ABI, for example, ensures that all contacts linked to live projects are asked for consent for their email addresses to be passed on as part of project reports and Insight Data regularly cleans and updates its lists.

If a client requests to opt-out from Barbour ABI, they will be removed from their database and that individual will no longer appear in extracted data. Barbour ABI advises extracting fresh data and using it within 24 hours to ensure you don’t contact anyone that has recently opted-out. That rule generally applies to all bought-in sales databases. Keep subscriptions up to date and don’t keep your list hanging around for months, even years, as many individuals will have changed roles, and many will have opted-out. You run the risk of breaching GDPR law by using old data.

Final Word

1. Use an email marketing platform to make the tracking, subscriptions, opt-outs and recording of your data activity.

2. Give all recipients (existing and prospect) a clear way to unsubscribe from your marketing emails.

3. When collecting new prospects for your mailing list, ensure they have given express permission to be contacted, and double-check if you can by sending a confirmation email.

4. Be clear on how you manage customer data, and have a clear policy within your company that is available on your website.

5. If in doubt, get professional advice. GDPR is a tricky subject and if you feel unsure, seek guidance from a reputable company. We can offer recommendations on request.


30 views0 comments

Recent Posts

See All
bottom of page