Email Marketing and GDPR – How to Do It Right! [Examples]

The General Data Protection, a.k.a the GDPR, strikes fear in the hearts of marketers worldwide. Many well-established practices in the industry had to change in fear of the hefty fines issued for non-compliance. One particular practice has suffered more than others – email marketing. 

Until now users were subjected to unregulated and exploitative marketing practices that flooded their email inboxes with tons of spam and promotional materials. According to a study by Return Path an average consumer’s inbox is targeted by mainly promotional emails (53%). Given this great amount it’s no wonder that email marketing is a hot topic for GDPR.

How does GDPR affect email marketing?

The main concern of GDPR is the protection of personal data and giving data subjects control over their own data. This is mainly done through obtaining consent from said data subject to process and collect their personal data. This consent must be freely given, specific, informed, unambiguous and also can be withdrawn at any time. To achieve this, businesses need to adopt some new practices:

  1. New defined opt-in options
  2. Storage and updates of the proof of consent
  3. An easy option for data subjects to withdraw consent and have their data removed

Principles to follow

  • Confirm consent before you send any emails to data subjects.
  • Yes, this includes your current email list as well.
  • Make clear where and how you’ve obtained their consent. (e.g. including something along the lines of “You’re receiving this email because you signed up for our newsletter on www.nameofsite.com”)
  • Be clear about the function of your emails. Make clear distinctions between promotional and informative emails.
  • Passive opt-ins such as pre-ticked boxes is a definite NO.
  • Always give an option to unsubscribe in all of your emails.
  • Keep a record of data subjects who consented to continue to receive emails as well as ensure you delete those who fail to reply or who decline to provide consent.
  • Constantly update your email list.
  • Do not purchase mailing lists, this is a direct violation of the regulation.

To show you how this can be easily achieved we’ve prepared some examples:

Newsletter subscription forms

Do use separate checkboxes for each email function, If you also plan to send users targeted promotional materials using marketing automation.

Don’t use generic opt-ins with bundled up email uses.

Downloading free materials

Do ask for authorisation to send any other emails with functions other than the specified for downloading a one-time free E-book (or any other whitepaper, infographic, guidance, etc.). GDPR puts an end to automatically adding users who’ve downloaded promotional materials from your site.

Don’t use consent as a precondition to a service or contact. Consent must be freely given and separated from all other functions.

Account creation

Do use separate checkboxes if you plan to send marketing emails to new users on their Sign-Up form. This must also not be a precondition for users to create an account on your site.

Don’t automatically assume consent when a new user subscribes to your site. Consent needs to be actively and freely given in a form of a positive action, this means that an unticked checkbox is an insufficient criterion for determining proper consent.


And there you go! Following these steps will ensure that your email marketing practices are in accordance with GDPR regulations.


Still having trouble achieving compliance? Try GDPR Toolkit! A complete set of informational materials and template documents, designed to guide you through your journey towards compliance with GDPR.

Leave a Reply

Your email address will not be published.