GDPR and your email marketing

For this final instalment I am going to be focusing on how GDPR affects your email marketing. I know many of you use email marketing to reach your audience and GDPR is going to make you look at how you are currently doing this as there will be changes afoot. The big one is consent. As I said, many of you will be doing email marketing and most likely use Mailchimp – who by the way also have some blog posts and advice on GDPR. Looking at your email lists ask yourself this question – how did you obtain this data? Was it by them signing up to your newsletter via your website? Did you meet them at an exhibition and took their business card? Are they people who expressed interest in your collection/product/service?

Mixing Paint Colours

What? We can’t just mix it all up – oh no

Signing up via the website

If you have a sign up form on your site you need to express clearly in easy to understand plain language what a person is signing up for. So just having “Sign Up Here” Will not be enough, you need to start thinking about adding in: Sign up to join our newsletter We will be contacting you once a month with details of our new product launches, tips and ideas for wearing our range and exclusive offers just for you. If you no longer wish to receive our emails you can opt-out at any time by clicking the unsubscribe link which features on the bottom of all our emails. Your emails should always feature an Unsubscribe link – Mailchimp does put this in automatically on its email so never remove this feature.

Meeting them at an exhibition

You did an event and had a lovely chat, took their card and thought you’d add them to your mailing list – this now needs to change. You need to ask them and have recorded proof that they want to be added to your mailing list. This is why in the great days of tech being in our finger-tips it’s worth having a form, similar to your sign up form, on a tablet where the person can complete their details and “tick” if they want to sign up to your mailing list. If they don’t tick you don’t add them. You can follow up their interest by contacting them personally after the event via your business email but do not add them to your mailing list if they didn’t ask to be added.


Now, Customers are people who have done business with you, but again they might not want to be part of your mailing list, don’t think you can automatically email them because they bought from you, again you need to ask, you need to get consent. This could be a tick box to your mailing list in the e-receipt or e-invoice that then links to your list. Also, more and more consumers are expressing their “right to be forgotten”. Now, what’s this you might be thinking. This is where any individual has the right to ask for their data to be removed where there is no reason for it to be continually used. The ICO have more information on this and how you customers might exercise this right, but also you may want to with companies you deal with as well. A email sign up may not use the unsubscribe link but email you directly and ask to be taken off the list – keep a record of this request and then remove them from your list immediately. Do not add it to the to-do list because if you forget and an email goes out and that person is still on your list they could raise a complaint against you. I would strongly advise if you use a site like Shopify or Squarespace, Wix or WordPress with any data collection functions, be it email sign ups or ecommerce records that you contact these sites and check what their own compliance will be with GDPR. You need to know you are using websites that are following the new rules. The same with Mailchimp and any other email service provider. Mailchimp do go into detail about how they will be doing their own compliance in this document.

baby on the computer sorting out his email marketing lists for GDPR

“Hang on, I’ve got some business admin to do. Put my milk on hold for a minute.”

Current Email Lists

You are going to need to do some email list admin, especially if you have lists which you’ve created using some of those methods I said above i.e. the adding them to the list with no proof of consent from the individual. Look at your current lists, make a note of where you got the data from,  if you do not have written or logged proof anywhere from that individual that they wanted to be on your mailing list and receive your emails you can do 1 of 2 things:

  1. Re-consent
  2. Delete this data and do not contact these people.

Robin Adams, who runs email consultancy Perfect Blend and Chimp Answers has brilliant advice. He also runs a Facebook Group and have been doing lots of webinars on GDPR and has great advice for businesses so I definitely recommend having a look at this page and group. He has also done a lot on Re-consent as well which is worth looking at. If any individual in your lists gave consent and you have record of it and it abides by the current rules you are fine with those individuals, if it doesn’t then this is where you need to make one of those two choices with this data.

AND FINALLY…The Disclaimer once again.

I really want to add again that I am in no way an “expert” on this, there are people in this field that have trained in GDPR specifically because it is that HUGE. In these posts I have just tried to collate together what I have seen, read and heard over the last two years and my understanding of all this. So please, do read up on this yourselves, consult a legal profession or the ICO directly – they will be able to help you as remember every business will be affected by the changes in GDPR so you are not alone. Saying that, don’t think that the ICO will have their hands full and so you can go under the radar “no one will know about my little business” – do not take the risk. As a business you do have a responsibility – this isn’t just something you can pay someone to come in and magically sort out all your GDPR needs, they can help you understand and help with some preparation perhaps but you need to know as a business how to be compliant going forward and stand by that compliance. I hope these three posts have helped. It does seem rather scary and a bit intimidating I know but try to think logically about it, follow the steps in the guides you find, take the time out to get ready and do the admin because it will be better further down the line when this all comes into affect. You want to be prepared, you want to be compliant, you want to still have your business, don’t let GDPR trip you up.

baby hiding under really snazzy hat

“So if I just hide under my really snazzy hat, GDPR won’t find me right?”