Email marketing and the GDPR: 6 mistakes from which you can learn

Estimated reading time: 3 minutes (Too long? Email me this article)
24, April 2019

The GPDR made its entry almost a year ago now. We are pleased to have been able to provide an advisory role for our customers in this. All around us we have heard, of course, lots about the GDPR and email marketing. And in May we saw a considerable increase in emails coming in. Emails that often did not really need to be sent. Oops 😉 What should or should not have been done and how can you treat the GDPR like royalty from now on? You can read that below.

1) I have to ask my current contacts for permission again due to the GDPR

No, that is not necessarily true. You can always (continue to) email your customers. You don’t per se have to ask your existing contacts for permission again as a result of the introduction of the GDPR. This is only the case if you don’t have proof of any prior permission and/or have not obtained the email addresses legitimately and/or for the purpose of sending emails. A great many organisations that had legitimately obtained data thinned out their database considerably as a result of this misunderstanding. How? By sending an opt-in email and then not receiving any opt-in back from the majority of the subscribers. Oops!

2) The term reactivation campaign is related to the GDPR

No, that’s not true. Don’t confuse subscribers with sleepers. The term reactivation campaign has been around for a long time, and is aimed at sleepers. You want to reactivate these people, who haven’t been opening your emails for quite some time now, by sending attractive emails (promotion, discount, etc.). In it, you explicitly offer them the possibility to unsubscribe. If they don’t respond, you actively remove them. It is better to have a clean short list than one filled with many useless contacts.

The term reactivation campaign often has an incorrect association with the GDPR. It is not: sending an opt-in email to your current database in order to ask for permission again by virtue of the GDPR. Did you know, by the way, that a reactivation campaign is a typical example of a campaign that you can easily set up via our Flow Builder

3) A double/confirmed opt-in process is compulsory under the GDPR

No, this is not compulsory. A double opt-in/confirmed opt-in process (sending an automatic verification email with which subscribers confirm their email address) does, however, allow you to easily prove that someone has actively given their permission for registration. If you can produce proof in another way, that is also fine. There are parties who have benefited from not using the double opt-in process. Our advice, however, is to employ the double opt-in process in view of your burden of proof under the GDPR.

4) I have to ask permission for my (changed) privacy statement

No. As long as your procedures haven’t changed (only your privacy statement), you do not have to ask permission for your privacy statement. We have received many emails from companies asking permission for (changes to) their privacy statements.

But when do you send an update? For instance, if you’re going to process customer data in a different way, for profiling purposes for example. You then send an email explaining that you are going to change your working methods and provide the recipient with the possibility of unsubscribing. Your privacy statement must always be up-to-date and never concealed. It should be visible every time you ask for permission, with the link visible on every webpage. It is also advisable to place the link to your privacy statement in the footer of every email.

5) There should always be an unsubscribe link at the bottom of my email

Yes and no. There should indeed be an opt-out in every email you send by means of an unsubscribe link. How to unsubscribe must be clear and easy. But please note: long emails tend to show only a section in the inbox of the recipient, making it slow to find the unsubscribe link. The recipient may simply mark the email as spam out of irritation. And the last thing you want is to be considered as spam. We therefore advise in the case of long emails to place the unsubscribe link at the top of your email.

6) Under the GDPR you may not use profile enrichment

This is not true. You can, of course, use profile enrichment. We would actually encourage you to do so, as it allows you to offer the recipient increasingly relevant content. Relevant content is the key to higher open rates and a higher ROI from email marketing. Profiling for direct marketing purposes may take place both on the basis of the approval of the persons involved and on the basis of the legitimate interest of the responsible party. In your permission text, you explain that the personal data will be used for sending “customised emails”. If you want to know more about profiling and email marketing under the GDPR, we suggest that you read this blog item.

Share this article

Questions about this article?

Ewald Kessler

Deliverability & Abuse Management +31 85 773 99 90