As we come to the turn of the year, the General Data Protection Regulation (GDPR) is beginning to loom. Email marketing is perhaps one of the areas likely to be most impacted by the arrival of the GDPR, which has been designed to improve the standards of data protection and the way it is handled. If you haven’t yet factored the GDPR into your email marketing strategy for next year then it’s a good time to do so.

The general principle of better data management

For years, the idea that there could be consequences for poor handling of customer data has been remote from most businesses, especially SMEs. It has seemed that it’s only the really serious data breaches that are likely to attract penalties and for everything else it’s a slapped wrist or nothing at all. However, when the GDPR comes into force on 18th May 2018, every business will need to have in place proper procedures for handling personal and sensitive data, from ensuring that it has been properly obtained, to protecting it from release.

Avoiding the most serious consequences

There are now much greater financial penalties for being found in breach of the GDPR and the ICO has been given broader powers to intervene where data isn’t being properly handled. That makes it crucial to ensure that your business has a strong and transparent policy on data when it comes to email marketing – and that everyone in the company understands it and is abiding by it. Draft guidance from the ICO sets out a range of changes businesses may need to make to the way data is collected and handled in light of the GDPR that could affect email marketing strategy.

Unbundling consent

Consent should now be a separate action that consumers take apart from other terms and conditions so there is no confusion about what is being signed up for.

Actively opting in

If you’re still using pre-ticked opt in boxes then this needs to be a thing of the past. You can’t rely on the auto opt-in now when you’re looking at growing email lists as part of marketing strategy.

Giving customers control

It’s advisable to obtain separate consent to all the different ways that data can be used, including for email marketing and within email marketing. The idea is that the consumer then has a much higher degree of control over how you’re using their data.


If you’re sharing data on email lists with any third parties then your customers now need to be informed.

Withdrawing consent

You now have to make it easy for customers to withdraw consent to the use of their data, including being unsubscribed from email lists and refusing data sharing with third parties.

If you’re preparing for the arrival of the GDPR next year we can help. Contact us to find out more about where the impact points will be.