GDPR regulation and Email marketing


With the new General Data Protection Regulation (GDPR), the European Union’s new privacy law, coming into effect on May 25th, 2018, now is the time for email marketers to ensure that their programs are compliant. All email marketers concerned with GDPR need to change rapidly how they seek, obtain and save consent.

In order to do email marketing communications properly (under GDPR), you must know your contacts and how you acquired them, review and disclose your data practices and look at your upcoming initiatives to ensure compliance with GDPR. GDPR not only sets the rules for how to collect consent, but also requires companies to keep a record of these consents.

Email marketing under GDPR essentially means that, as an email marketer, you need to collect freely given, specific, informed and unambiguous consent. The new European regulation applies to both B2B and B2C business methods. Important to keep in mind is also that neither soft opt-in nor soft opt-out approaches are allowed. At SquizMAIL we recommend you to use double opt-in contact lists to align with GDPR compliance requirements. For consent to be valid under GDPR, a customer must actively confirm their consent, such as ticking an unchecked opt-in box. Pre-checked boxes that use customer inaction to assume consent aren’t valid under GDPR

Email consent must be freely given—and that’s only the case if a person truly has a choice of whether or not they’d like to subscribe to marketing messages. If subscribing to a newsletter is required in order to download a whitepaper, for example, then that consent is not freely given. Under GDPR, email consent needs to be separate. Never bundle consent with your terms and conditions, privacy notices, or any of your services, unless email consent is necessary to complete that service.

The general data protection regulation doesn’t only apply to the data collected on its effective date, May 25th 2018, but also to the data gathered before. Does the consent record of your existing contact lists prove that you have clear authorization to send email marketing campaigns to each contact? Any ambiguous records would mean obtaining new and expressed permission from the outdated contacts.

While certain purchased lists with clear affirmative statement of consent within the original subscription may be allowed under GDPR, at SquizMAIL we strongly recommend against this in every way possible.

Every email marketer should ensure a proper way for their contacts to unsubscribe, in order to be compliant for the EU GDPR. The unsubscribe process under GDPR needs to be clear and simple. Allowing your contacts to easily subscribe and unsubscribe are equally important in achieving compliance with EU GDPR.

Your TO-DO list:

  • Audit your existing email list (Figure out who on your email list already provided GDPR-compliant consent, and ensure that you have a clear record of those consents.)
  • Implement a re-permission program (If for any of your contacts you don’t have GDPR-proof consent you’ll have to run a re-permission campaign to refresh that consent, or remove the subscriber from your mailing list.)
  • Keep evidence of consent, who, when, how.


6 Tips for GDPR Re-Permissioning Success:

  • Make sure that the consent collected is GDPR compliant
  • Make sure the email/sign-up form clearly explains what’s being asked for
  • Complete all efforts to re-permission before May 25, 2018
  • Don’t send to previously opted out contacts
  • Suppress any unengaged subscribers that have not opened a mailing in 12 months or more
  • Understand that this may result in a significant reduction in list size. And that is okay