Email Marketing and GDPR – What's the Situation?

Tanel Vetik

Head of Strategy

When can email lists be compiled and who can be added to them? Can I send an email to someone if their email address is listed on a website? At what point do I violate GDPR regulations and when I don´t? There are more questions than one can answer.

E-maili turundus ja GDPR

This is for a reason – there’s a lot of confusion surrounding the GDPR, which only lawyers and people directly working with the law seem to fully understand. Luckily for you, we do email marketing, need to stay up to date with GDPR, and will try to help make sense of it all in layman’s terms.

Email Marketing and GDPR – What's the Situation?

Tanel Vetik

Head of Strategy

When can email lists be compiled and who can be added to them? Can I send an email to someone if their email address is listed on a website? At what point do I violate GDPR regulations and when I don´t? There are more questions than one can answer.

This is for a reason – there’s a lot of confusion surrounding the GDPR, which only lawyers and people directly working with the law seem to fully understand. Luckily for you, we do email marketing, need to stay up to date with GDPR, and will try to help make sense of it all in layman’s terms.

E-maili turundus ja GDPR

When can email lists be compiled and who can be added to them? Can I send an email to someone if their email address is listed on a website? At what point do I violate GDPR regulations and when I don´t? There are more questions than one can answer.

This is for a reason – there’s a lot of confusion surrounding the GDPR, which only lawyers and people directly working with the law seem to fully understand. Luckily for you, we do email marketing, need to stay up to date with GDPR, and will try to help make sense of it all in layman’s terms.

E-maili turundus ja GDPR

What is the GDPR Regulation, aka the General Data Protection Regulation?

I might have gotten a bit carried away with the terminology already and won’t be going into too much detail on the legal documentation side, as you’re probably only interested in its practical aspects – otherwise, you’d be looking at a massive document from the UK Government, called the Data Protection Act.

The aim of this document is to identify the owner of digital data, lay out the responsibilities for safekeeping shared digital data, and stating the persons responsible. For instance, after creating an account in an e-commerce environment and entering personal data, do those data belong to the company, or are they still yours? This is the question that GDPR helps to address. In most cases, it favours the individual person or business whose data is being shared.

How does GDPR regulate email marketing?

Here, the path diverges: B2B email marketing and B2C email marketing. Different rules apply to each. When sending an email to a legal entity (a company or a company representative) – including cold emails – you don’t need prior opt-in confirmation.

However, if you send the same email to an individual, you’re likely breaking the law. Below is an illustrative table of popular questions to better understand the differences between B2B (business-to-business) and B2C (business-to-consumer):

Differences between B2B and B2C GDPR regulations for email marketing

Best practices to use in your cold email marketing campaign

Consumers often adapt faster than email marketing regulations or customs can keep up. Often, the latter’s development is a reactive response to consumer desires and behaviour. It shouldn’t be assumed that sending emails is a numbers game and that if you send out 1000 emails, you’ll be guaranteed to get 1-2 purchases per campaign. This strategy might have worked in the last decade, but the cards have been reshuffled, and the rules have changed.

If you want to reach your consumers with email marketing, start by mapping them out, creating a content strategy, modelling the journey, and segmenting your readers into relevant groups (e.g., industry, maturity, loyalty, demographics, etc.). Your goal is to achieve the highest quality possible. Do keep in mind that it must be compliant with GDPR regulations and not everyone in your email marketing list knows what their rights are. There will always be people convinced that no cold emails should ever be sent to their business email address. Here are some good practices to ensure as authentic and reasonable a cold email reception experience as possible:

  • Don’t use clickbait in the title, keep it relevant to the topic (slight clickbait is fine, as long as it doesn’t leave the reader confused after reading your email).
  • Use actual email content in your preview section of the email.
  • Make sure that all email marketing recipients genuinely need or would use your product/service. Keep your email list healthy and relevant.
  • Introduce your company or yourself in the email content as early as possible. Mention the reason you are writing to them and why you think your product/service would be a good fit for their business.
  • Don’t pressure the reader to make contact or schedule a meeting.
  • Don’t hide the unsubscribe link and add it to each email marketing segment.
  • Don’t buy email lists because they are low quality, harm your domain authority rating, and damage your brand in the eyes of the reader – lists are generally low quality and mostly irrelevant contacts. It’s like throwing spaghetti at the wall. Don’t do it.

But what about GDPR rules with existing customers or contacts who have sent inquiries?

It depends on how the customer contacts were obtained. If they’ve given a so-called soft opt-in (sent an inquiry, made a purchase, etc.), then you can only send them relevant email marketing. You definitely shouldn’t use this opportunity to introduce them to your affiliate company or a different product/service category from the one they showed interest in. Stay within the same category that the reader initially engaged with.

Traditional opt-in is giving direct confirmation that one wishes to receive email marketing. An example of this is ticking a box at the end of the purchase: “tick here if you wish to receive future offers about our products or services”.

The third option is double opt-in, or dual confirmation. It’s not required by GDPR but is recommended in many cases. A popular example is subscribing to an email newsletter via a website. First, you enter your email, and the second step is “confirming” your email in a message that arrives in your inbox.

Once opt-in or customer confirmation is obtained, you can send them topic-related email marketing. It’s important to always provide the option to unsubscribe from further emails.

If you feel this is all overwhelming, don’t hesitate to reach out and we’ll get you set up for success.

Enjoyed this article?

Join our newsletter

The money side

Continue learning

The money side

Continue learning