The world of email marketing can be challenging enough without new, sometimes complicated (and very often dry) laws rolling out. Fortunately, these laws provide a great chance to review your email program not just to fit within the criteria of these rules, but also for tackling the gray area that involves your reputation and practices that will land your emails in your recipients’ inboxes.

The General Data Protection Regulation (GDPR) is one of those laws that email marketers have questions about because it covers a lot of different areas regarding data and privacy. We’ll focus on the areas covering email and how you can be even better than the law requires.

Respecting an individual’s choices

GDPR: As we covered in a previous post on the background of this law, it is not just the handling of personal data that is a concern, but it is also that you consent to collect and use that data (such as an email address) in a way that accords with an individual’s preferences and choices. And, similar to the previously rolled out Canadian Anti-Spam Law (CASL), you should keep records of those preferences and choices, in case they need to be evidenced in the future.

Best Practices: Provide individuals with choices regarding marketing (e.g. obtain opt-ins and maintain a preferences page on their account) and set expectations. Mail filters are getting better and better at detecting what mail is “wanted” by recipients. A major indicator of this is spam complaints (when a user marks a message as spam in their inbox). And, a major contributing factor to getting more spam complaints is when recipients aren’t clear on why they are receiving that message.

How can you help this?

Be clear that your brand has obtained the address from the recipient and what you plan to do with it.

After all, that list of 1 million addresses is actually 1 million humans who will react the way a human does when they aren’t clear on who you are, what they’re receiving from you, or why.

Subsequent opt-outs

GDPR: Again, this has always been an EU requirement and even dates back to CAN-SPAM. Recipients must be provided a method of opting out of receiving further marketing communications. And, this method must be simple and clear to the user. For example, you should always include an unsubscribe link in every marketing email or text that you send.

Best Practices: Remove recipients who have withdrawn consent and consider removing recipients who appear to have stopped engaging with your brand for a long time. Consent to send messages is not forever. If a recipient agrees to receive messages from you at some point, marketers should still consider stopping sending marketing communications after a certain point, even without blatant requests for an unsubscribe or a spam complaint. This is one of the easiest ways to maintain a good reputation at major mailbox providers.

What about GDPR is new to most marketers?

Age Restriction: GDPR focuses a bit further on parameters around the age that is required for a person to give consent to use or access their personal data. Article 8 states that where consent is being obtained from a person under the age of 16, then parental consent must be obtained. An organization must make “reasonable efforts” to verify that the consent comes from the parents, as opposed to the child. We recommend reading further to find out more about how different member states can set a lower requirement of 13 and if that is applicable to you. We realize that verifying age on an address collection page is new for most marketers and difficult to verify. We therefore recommend having a simple policy that prohibits under 16s from registering or using your product or services. This should be stated clearly in your Terms of Service or Privacy Policy. If you run a service which is likely to be used by children, then you may need to take extra measures—such as an age-gating mechanism.

Although this law isn’t going to be enforced until late May 2018, we recommend planning how you plan to adjust for it now. And, in any audits of your email program, remember that you can still offer a lot of value to your recipients and obtain a high ROI for your organization even with following the strictest guidelines.

Overall, this shouldn’t punish good marketers and will help to keep email as a trusted source for everyone to use. It may cause some extra work, but it is a good thing.

Happy Sending!



Jacob Hansen
Jacob comes from a background in technical account management and delivery analysis for the last six years, and has been with SendGrid's Deliverability Consultant team for the last two years. He enjoys spreading knowledge to help the email community send more "wanted email" and to help senders realize their full potential. Originally from Nebraska, but living in Colorado long enough for it to feel like home, Jacob enjoys a lot of what the Denver restaurant, bar, brewery and music scenes have to offer.