GDPR will affect email marketingIn May 2018, the General Data Protection Regulation (GDPR) comes into effect. The new legislation will impact any business or organisation that uses personal data belonging to EU citizens.

If you conduct any form of email marketing for your business that includes you!

But what is the GDPR and how will it impact your marketing effort?

What is the GDPR, and is it bad news for email marketing?

Let’s answer that second question, first. No. The GDPR is not bad news for email marketers. It shouldn’t be an inconvenience. On the contrary, it will protect data owners and users .

The GDPR has taken four years to draft and will replace the Data Protection Act 1998. It brings data protection legislation up-to-date.  GDPR aims to be a worthy companion for the new and previously unforeseen ways data is used in the digital age.

A great deal of the Data Protection act remains in the GDPR.  However, the new legislation introduces tougher non-compliance fines.  It gives people a far greater say over what organisations can do with their data.

Once the GDPR comes into effect, businesses should be clearer about what they can and can’t do with personal data. People will offer data to companies they trust.  They are more likely to give data if they are assured your will not misuse their data.

Most importantly, the new regulations should result in cleaner, more relevant data. From an email marketing perspective, that’s fantastic news. It will encourage us all to judge our subscriber lists by their quality as opposed to the quantity.

How will GDPR impact my business?

In a draft guidance article published by the Information Commissioner’s Office (IOC), seven changes to the way businesses must collect, handle and store data under the GDPR have been listed. They are as follows:

  1. Unbundled. Consent should be sought separately from other terms and conditions, in order for individuals to see clearly what they’re signing up to.
  2. Active opt-in. Under GDPR legislation, pre-ticked opt-in boxes are not a valid form of consent (finally!).
  3. Granular.  If personal data is to be used in a number of ways, the ICO recommends that organisations ask for separate consent to each. Give the data owner as much control as possible over how their data is used.
  4. Named. Data owners should always be informed of who the organisation is. Likewise, the names of any third parties with whom the data will be shared.
  5. Documented. Fully record consent.  This includes method of capture.
  6. Easy to withdraw. Data owners should always be able to withdraw their consent.  Simply, and swiftly.
  7. Freely given. Individuals freely give consent.

What happens if I don’t comply?

Failure to comply with GDPR legislation will likely result in a fairly hefty fine. The GDPR states that companies in breach of the rules will be fined 4% of turnover, or €20 million – whichever is greater.

Individuals can also bring about their own lawsuits and make compensations claims in the event of a data breach.

It’s worth considering the potential brand damage that could result from non-compliance, too. Data security is high on most people’s agenda, and one slip can land you in very hot PR water.

Final thoughts

We’re a little way off the GDPR legislation coming into effect. However, there’s no time like the present to start readying your company for its arrival.

According to experts, businesses need to demonstrate ‘privacy by design’. This simply means storing data in a pseudo-anonymised way and building protection directly into processes and policies.

Thankfully, the good folk at the Direct Marketing Association have prepared a fantastic series of guides and webinars that teach organisations how to prepare effectively for the GDPR. Check them out and start your own preparations today.



This post is for information purposes and is not legal advice, we advise you speak to your own legal advisors to find out what impact the GDPR will have on your business and what action you need to take.