How to become GDPR compliant in terms of email

In today's digital age, the protection and respect of user data are paramount. This is particularly true in the realm of email marketing. Enter the General Data Protection Regulation, or GDPR. Here's an overview of GDPR, its implications for email marketers, and actionable steps to ensure your emails become compliant.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law that focuses on data protection and privacy for all individuals within the European Union and the European Economic Area. Instituted on May 25, 2018, GDPR also addresses the export of personal data outside the EU and EEA areas.

GDPR is designed to:

  1. Empower individuals with more control over their personal data.
  2. Simplify the regulatory environment for international businesses by unifying the regulation within the EU.
  3. Ensure that organizations protect the personal data of EU citizens for transactions that occur within EU member states.

Who does it affect?

While GDPR is an EU-centric regulation, its influence spans the globe. Here’s who it affects:

  1. Organizations within the EU: Any company based within the EU must comply with GDPR, irrespective of where they process personal data.

  2. Organizations outside the EU: If a company offers goods or services to, or monitors the behavior of, EU data subjects, they must comply. This means that even if you're based in the US but have subscribers in the EU, GDPR applies to you.

  3. All sectors and sizes: From big corporations to small bloggers who collect user data, GDPR is indiscriminate about the size or sector of the organization.

What do you need to request from your current mail provider?

When you are migrating your data over from another provider, you’ll want to make sure you transfer the following information over from the provider regarding your subscribers (if you’re unsure of whether your list has these fields please reach out to our support team to assist):

  • Subscribed via: If you’re capturing email information via a different channel than your standard email sign up form, you need to provide where the subscriber subscribed from
  • Confirmed Date: The confirmed date is the date that the subscriber confirmed that they want to receive email communication from you, this is essentially the date that they verified their email address
  • Opt in Date: The date they opted in
  • Opt in IP: The IP address that was used to Opt in

The above data provides proof that you’ve obtained the necessary consent to email the individual on your list. You can use the list matching feature upon import to ensure that you allocate this information to the correct fields.

I don’t have access to the required info above. What now?

If you don't currently have access to the required GDPR-compliant information from your subscribers, don't panic. This is a common challenge many marketers face. Your next step should be to run a reactivation or re-opt-in campaign. A reactivation campaign will allow you to gather the necessary information from your subscribers to ensure that you have the correct proof of consent information and don’t get into trouble further down the line.

How to create a reactivation or re-opt in campaign?

A great reactivation or re-opt in campaign should follow the guidelines below:

1. Be Transparent: Clearly explain why you're reaching out and the importance of the re-opt-in. Discuss GDPR and the necessity of gathering explicit consent.

2. Incentivize: Offer a reason for subscribers to re-opt-in. This could be exclusive content, a discount, or any other valuable offering. It’s a good idea here to re-iterate the value your subscription offers a subscriber.

3. Simplify the Process: Make the re-opt-in process as straightforward as possible. Ideally, it should not be more than a click or two. We recommend linking to your email confirmation form.

4. Set a Deadline: Create urgency by setting a deadline for the re-opt-in.

5. Follow Up: Send a reminder email before the deadline to ensure maximum engagement. Please note we will allow you to send 2 emails to ensure you have the best possible chance to re-engage your subscribers, but you cannot keep requesting confirmation thereafter.

6. Accept the Results: Post-campaign, the subscribers that have not confirmed their subscription status with you will be added to your blacklist. It’s crucial to respect the subscriber’s decision and GDPR’s stipulations.

While GDPR may feel like a daunting regulation, it fundamentally exists to ensure the protection of user data. With a transparent approach, adherence to guidelines, and strategic re-opt-in campaigns, email marketers can navigate the GDPR landscape effectively.

Please note this article does not constitute legal advice and serves as a guideline to you and your team when it comes to one part of GDPR compliance.


Contact us
for help

Fill out the form and we will get back to you.

Join Our

Ready to enhance your email marketing campaigns?
Sign up to our weekly email newsletter for email marketing news, tips and tricks.