How has the GDPR strengthened email marketing?

Feb 7, 2020 10:49:09 AM / by PrivacyPerfect

Back in the adaptation period of the GDPR between 2016 and 2018 May, many businesses were concerned that the new EU-privacy regulation might weaken their marketing efforts, especially in the field of email marketing.  As the GDPR puts several restrictions on why and how personal data can be collected and processed, previous forms of popular marketing techniques, such as building a database of prospects for years on end, and purchasing prospect lists, had to be changed and adjusted for compliance. These types of databases were used most typically for the email marketing efforts or organisations, therefore many believed that this aspect of business marketing might actually suffer from the new regulation. After over a year since the enforcement of the GDPR though, businesses reported several benefits of the GDPR in regard to marketing, through adapting a compliant email marketing strategy. So, what steps can your organisation take to make sure to enjoy these benefits, while strengthening your compliance?

Two million Individuals receive an of 3.8 billion email messages in just 3 months on average, of which 54% are of brand promotional nature, and 28% are transactional confirmation from engaged brands. These figures are from back in 2014, so with the advancement and rising popularity of technology, we can only speculate just how much these figures have grown over the years. At the same time, the Consumer Email Tracker 2019 report by the Data Marketing Association found that email remains one of the key types of marketing on how customers engage with brands. Newsletters and other direct marketing methods are therefore widely-used tools by brands. Through these, businesses are able to keep potential customers engaged, communicate their latest offerings and news, and even direct traffic to their pages. But in order to do so, names, email addresses, personal interests, and often even user behavior details, such as daily routines, are collected, for a more customized customer experience. Let’s take a look at what the GDPR says about collecting and processing this category of information.

Making email marketing GDPR compliant

Consistent consent 

When it comes to processing and handling one’s personal data, organisations are obliged to determine the legal base for it. Once determined, organisations then can identify potential risks, and what safeguards may need to be put in place for compliance. A common legal base that is often used for email marketing is consent. By choosing to use consent, it is important that organisations take time to review their marketing databases and look at what and how they are using the collected data of individuals.

The GDPR strictly clarifies that consent is a strict obligation, Therefore, one of the questions that is frequently asked is whether with the GDPR in place, mailing lists based on opt-out consent, or those purchased, would now have to be deleted or pushed aside. The answer is that in case you have acquired and registered affirmative, specific, opt-in and informed consent recently from the individuals that are on your list, then probably you do not have to worry about it. Article 6 GDPR provides a further look into the six lawful bases that organisations should take into consideration when wanting to process people’s personal data

Opting Out

In order to make sure that your email lists are compliant, the GDPR requires organisations to present individuals with an easy way to opt-out of receiving emails, any time. Therefore this option needs to be present in all emails that are sent to prospects and/or customers. The lawful basis or legitimate interest of the data controller to process such data for marketing purposes should never outweigh the objection (choice to opt-out) of the consumer. It is important to note that according Article 95 GDPR, this aspect could apply to all data protection and data privacy related purposes. 

If you are a B2B company, and your email list includes business only, your database should be in the clear if you make sure to email directly to the corporate bodies (such as, you have their consent to do so, and their company isn’t located in the EEA. 

After you have made sure to have put all of these practices and safeguards in place for compliance, you are now ready to enjoy the benefits.

The benefits of the GDPR that strengthened email marketing

Quality over quantity
With the GDPR in place, organisations, if compliant, will now have email lists only of users who purposefully want to engage with their brand, creating a list of higher quality leads. While purchasing databases is still very much in practice, these databases now are required to be compliant before purchase, making sure that all individuals listed with their personal data have given their consent to be listed. 

Push to declutter
For a lot of companies, data is often stored in massive amounts. According to a study conducted by information management firm Veritas Technologies, 85% of all data stored by organisations are considered to be “redundant” or “obsolete”. The GDPR requires organisations to continuously review their databases, their handling of said data, and their processing procedures. Not only for consent, but for data minimisation as well. The GDPR states that personal data collection should be kept to a bare minimum by organisations, necessary for the purpose. This obligation therefore presents an opportunity for organisation to review and restructure their databases and data flows, which not only contributes to an improved data privacy compliance, but also increases efficiency and cuts additional costs: unused business data will cost organisations an estimated $3.3trillion to manage and deal with, by the end of 2020, studies say. 

Transparency and trust
People have become increasingly cautious and wary about how and why an organisation processes their data if they decide to provide it. The GDPR has not only given the incentive for organisations to embed data privacy to their cultures, but the general public, often the ‘prospect and customer base’, has high demands for it now too. At the same time, the majority of  individuals still find email the most preferred medium of engaging with brands, and compliance for email marketing, has already started to show positive results:

Acoustic’s Marketing 2019 Benchmark Report showed that email open rates and click through rates have actually increased steadily since the introduction of privacy regulations. Meanwhile, out of 2,000+ individuals surveyed in the 'Consumer email tracker 2019', 41% said that the GDPR’s enforcement had made them more confident about how organisations and brands treat consumer’s personal data. When consumers were asked about how they felt in regard to companies gathering their email addresses, in 2018, before the GDPR’s introduction, 43% were unsure how their email addresses were obtained by brands in the first place.By 2019, this figure dropped by 10%

contract check mark

Non-compliant email marketing practices can hit businesses harder than you think

One of the infamous cases of non-compliance via email marketing dates back to 2017  (a year before the GDPR’s enforcement): British airliner, Flybe, intended to do the right thing of notifying existing clients and customers about their privacy policy updates. The emails had been sent out with an intention to advise individuals to amend their personal information and update their marketing preferences. However, the company did not conduct a check for consent on their email list before pushing the send button. The UK’s ICO saw this as a violation of personal data and therefore fined the airliner with a €78,000 fine for sending 3.3 million “unwanted” emails to users.   

In February of 2019, the ICO issued further fines. An EU referendum campaign and an insurance company was fined, for what was deemed to be a “serious breach of electronic marketing laws. The ICO revealed that ‘’ and ’Eldon Insurance’ were closely linking their email database with each other. As a result, the campaign had allegedly used Eldon Insurance customers’ details unlawfully to send almost 300,000 political marketing emails. Eldon Insurance had been found to carry out two unlawful marketing campaigns, involving sending over 1 million emails to Leave.EU subscribers, without adequate and appropriate consent.


Email marketing: here to stay

Despite numerous expert predictions that the GDPR would eventually even go as far as to put an end to email marketing, it has done quite the opposite. The GDPR clearly states that it was never intended to be “anti-business”, but rather, “pro consumer” - and it has delivered just that. As some organisations continue to struggle with their GDPR compliance efforts, others see it as an opportunity to not only better themselves, but to also better their relationships with existing and potential consumers. Email marketing has been a prime example of how the GDPR has ultimately affected consumer behaviour in terms of demanding transparency and trust. At the same time, organisations are able to identify stronger relationships while meeting that particular demand.

Curious about consent? Find out more about consent through our Consent Under GDPR: All You Need to Know blogpost.

Wanting to go further in identifying your data processing scope by conducting a Data Protection Impact Assessment? Grab our free How to Conduct a DPIA whitepaper written by privacy experts, today!  

Topics: GDPR Compliance, Data Privacy, Data Protection, Compliance, Data Consent, Marketing, Marketing under GDPR, gdpr2020


Written by PrivacyPerfect

    Lists by Topic

    see all
    harmas_Rajztábla 1-1
    Keep informed!
    Sign up to the Weekly GDPR Digest now.