Openli logo

Email marketing and GDPR

Written by Stine Mangor on .

In May 2018 the General Data Protection Regulation (“GDPR”) came into effect and even through the GDPR regulates data privacy and individuals’ data protection rights, it also affects marketers’ ability to do outreach and collect compliant email marketing consent. The reason is that you as a marketer are collecting and processing personal data about your leads, e.g. their name and email address. As a result, there are some things you need to keep in mind when collecting email marketing consent and emailing your leads.

In this article, we will give an overview of how the GDPR affects your email marketing campaigns and how, with a few simple steps, you can continue to create revenue for your business while complying with the GDPR:

Only collect the personal data you need.

The GDPR requires that you only collect and process the personal data you need - not what you think would be nice to have.

E.g. get people’s email marketing consent or make sure that one of the other ‘lawful bases’ is in place.

Give your leads information about how you process their personal data.

E.g. when you collect their consent to send them email marketing, have a link to your privacy policy so that people are informed about how you collect and process their personal data, for what purposes and how you protect it.

Make it easy to unsubscribe.

When people sign up to your newsletters, give them information about how they can unsubscribe and include an unsubscribe link in all your marketing emails.

Maintain your database, including making sure that information is updated and regularly cleansed.

According to the GDPR you can’t keep personal data that is inaccurate or too old. You therefore need to regularly update and cleanse your CRM database. What you need to do is regularly remove inactive and unresponsive leads, and check that all contacts are up-to-date. In addition, you need to make sure that the data is appropriately labeled.

Have processes in place to handle data subject access requests and complaints.

Under the GDPR, people have a right to know how you process their personal data, why you have their data and what you have on file. Data subjects may make a data subject access request and you must comply with such a request from a lead without undue delay and at the latest within one month of receipt of the request.

Have an audit trail.

Finally, you need to make sure that you can document all your consent and marketing processes. Read more about the audit trail requirements here.

Other marketing legislation

Note that GDPR isn’t the only legislation that regulates how you collect marketing consent. Local marketing legislation in each country will also influence how you need to collect email marketing consent.

Learn more about how Openli can help you navigate the global legal landscape, collect compliant consent, sync your marketing tech stack and optimise for conversion.

Learn more about Openli

Apply to join our community for inhouse legal

Join one of the fastest growing legal communities in Europe. Learn, share, connect and meet inspiring legal professionals, leaders and experts all for free.

Openli Community Apply to join

Vet vendors with Privacy Hub

Find GDPR information about all your vendors in one place.

Learn more about Privacy Hub

Join our free GDPR & compliance webinars

Ask question, learn from experts and become smarter about GDPR and privacy compliance by joining our free webinars.

See upcoming webinars

Join our newsletter

Join our free bi-weekly newsletter focused on news and updates from the legal landscape of data privacy.