New EU Data Law (GDPR) – a race against time for Email Marketers

Share this article...

The countdown to the new European Union (EU) regulation around data privacy and anti-spam is underway, now less than 1 year away to becoming enforced as law.

As it stands, there is no unifying law on data privacy across the EU. The legislation currently in place (since 2003!)  has resulted in a confusing mishmash of policy that varies greatly from country-to-country. However, the new law will unify policy across all Member States (countries). Here’s why.

Directive vs. Regulation

  • Directive: The EU provides guidance and objectives, but it’s down to the Member States to go away and write their own laws.
  • Regulation: enforced as a ‘blanket’ law.

Which explains the change better…

  • Old policy: The E-Privacy Directive
  • New policy: General Data Protection Regulation (GDPR)

Now everyone will be reading from the same book when dealing with consumer data. B2C companies across the globe will have to scrutinise how they acquire, manage and utilise the personal data of EU citizens.

“The protection of natural persons in relation to the processing of personal data is a fundamental right”.

Official Journal of the European Union

For too long, data protection has been disregarded by countless corporations, flouting privacy via legislative loopholes. The saturation of unsolicited email marketing is what has driven the EU to paint data protection as something that should be treated as a citizen’s right.

Clearer guidelines and consistency will give Marketers a more level playing field, plus will be welcomed by consumers* an era where being overwhelmed by inbox traffic is a norm.

* & commercial inboxes.

GDPR will come into action on 25th May 2018 – and you better write that into your diaries, as breaching the law will have some significant consequences – including a fine equating to 4% of your corporate revenue!

Actions as easy as ABC

The pressure is on for Marketing Professionals to ensure that their strategies will stay in line with the law. Now that the countdown to GDPR is underway, will you be prepared in just over 11 months?


Your audience will need to be grown organically. No excuses. If your organisation has mass marketed to purchased lists in the past, then this ‘shortcut’ to lead generation is coming back to bite you.

Start now by using tactics to grow your audience organically – for example, Paid Search Marketing, Social Media promotion, event presence Content Marketing – the ‘respectable’ methods of growing audience.


Is your digital marketing journey being entirely honest to the person on the receiving end? When you map the possible touchpoints out on paper, does your audience come into contact with all relevant T&Cs?

It may be the case that you may need to build and implement more data capture touchpoints that put the Privacy Policy messaging right in their line of sight. What’s more, explore the concept of a double opt-in mechanism or running a Permission Pass that will become an extra safeguard to obtaining consent.

Everyone has to abide by the new rule, regardless of where the email is actually being sent from. When marketing to other markets in addition to the EU, you have to make a choice whether to maintain multiple opt-in processes, or take a tougher opt-in approach globally. My advice would be the latter, as consistency is faster to replicate, and it’s likely that you’ll see the indirect benefits of an increasing credibility with audiences in other regions – a silver lining!


Now that you have ensured your contacts are seeing the Privacy Policy – or identified possible gaps (!) – it’s then time to consider the messaging.

The official line on this is:

“Consent should be given by a clear affirmative act establishing a freely given, specificinformed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.”

Official Journal of the European Union

If any wording of your policies are loose or unclear, seek advice from an expert in the field.

In addition, reporting on opt-ins will be imperative. A solid Marketing Automation (MA) platform is a no-brainer for pinpointing the exact touchpoint consent was given, with the messaging documented and timestamped. A good MA tool will also be able to pull reports on this data, to support your case if you get called out and sh*t hits the fan.


Clearly, it’s a good idea to have clean data by the time May 2018 rolls by. There’s no better time to do a data audit. By extracting data and assessing quantity and quality, you can ask yourself some beneficial questions, like is data that you’re holding that’s obsolete or irrelevant?

If the answer is yes, start decluttering.


Make the time investment to re-evaluate the Email Marketing strategy…which inevitably you’ll find will start a cross-departmental conversation involving multiple stakeholders. For instance, once a product is purchased, a customer can’t suddenly just be entered into an automated cross-sell campaign – how will the VP of Sales react to this? What are the potential implications on his targets?

If your company’s marketing effort are too convolutes, or simply the conversation becomes too hectic – if necessary, strip back the strategy for clarity and control. Take the responsibility of bringing GDPR into the spotlight.


As we mentioned regarding Consent wording, your policy must be specific and unambiguous. Be specific about all possible types of marketing communications – even the ones you haven’t even started to put in place yet.

Thinking long term will save unimaginable hassle down the line. Marketing techniques are evolving constantly, and you won’t want the bottleneck of re-opting in all subscribers again if you decide to make even a minute change.

There’s no time like the present.

There really is no time better to start preparing for GDPR than now. Remember that anyone who wants to market to EU citizens is affected by this law change.

Add Comment