Email marketing and GDPR

Stine Mangor Tornmark
Written by
Stine Mangor Tornmark
October 15, 2019

In May 2018 the General Data Protection Regulation (“GDPR”) came into effect and even through the GDPR regulates data privacy and individuals’ data protection rights, it also affects marketers’ ability to do outreach and collect compliant email marketing consent. The reason is that you as a marketer are collecting and processing personal data about your leads, e.g. their name and email address. As a result, there are some things you need to keep in mind when collecting email marketing consent and emailing your leads.

In this article, we will give an overview of how the GDPR affects your email marketing campaigns and how, with a few simple steps, you can continue to create revenue for your business while complying with the GDPR:

Only collect the personal data you need.

The GDPR requires that you only collect and process the personal data you need - not what you think would be nice to have.

Have a legal basis for collecting and processing your lead’s personal data.

E.g. get people’s email marketing consent or make sure that one of the other ‘lawful bases’ is in place.

Give your leads information about how you process their personal data.

E.g. when you collect their consent to send them email marketing, have a link to your privacy policy so that people are informed about how you collect and process their personal data, for what purposes and how you protect it.

Make it easy to unsubscribe.

When people sign up to your newsletters, give them information about how they can unsubscribe and include an unsubscribe link in all your marketing emails.

Maintain your database, including making sure that information is updated and regularly cleansed.

According to the GDPR you can’t keep personal data that is inaccurate or too old. You therefore need to regularly update and cleanse your CRM database. What you need to do is regularly remove inactive and unresponsive leads, and check that all contacts are up-to-date. In addition, you need to make sure that the data is appropriately labeled.

Have processes in place to handle data subject access requests and complaints.

Under the GDPR, people have a right to know how you process their personal data, why you have their data and what you have on file. Data subjects may make a data subject access request and you must comply with such a request from a lead without undue delay and at the latest within one month of receipt of the request.

Have an audit trail.

Finally, you need to make sure that you can document all your consent and marketing processes. Read more about the audit trail requirements here.

Other marketing legislation

Note that GDPR isn’t the only legislation that regulates how you collect marketing consent. Local marketing legislation in each country will also influence how you need to collect email marketing consent.

Learn how Openli makes it easy for you to collect compliant email marketing consent

Learn more about how Openli can help you navigate the global legal landscape, collect compliant consent, sync your marketing tech stack and optimise for conversion.