The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on February 10, 2018

Do’s and dont’s of sending emails under GDPR

Do’s and dont’s of sending emails under GDPR
Andrew Stellakis
Story by

Andrew Stellakis

Andrew Stellakis is managing director of IT specialist Q2Q IT and a certified GDPR practitioner. With a wealth of insight amassed from 25 ye Andrew Stellakis is managing director of IT specialist Q2Q IT and a certified GDPR practitioner. With a wealth of insight amassed from 25 years in the IT and technology industry, he delivers guidance on technical topics in a straight-talking, easy-to-action manner. With expertise in GDPR compliance, cyber security, managed IT support solutions, data recovery and back up – to name just a few areas – Q2Q IT provides services to SMEs throughout the North West of England, always with a focus on cutting through the jargon and providing excellent results.

I hate to break it to you, but the days of scattergun marketing emails are numbered — the General Data Protection Regulation (GDPR) is in sight now, and once it’s arrived, there’ll be no hiding from the major issue of consent. No longer will you be able to add new addresses to your endless email lists, or send out non-targeted comms to everyone recorded.

So, before it gets here, it’s a good idea to get your head around what will — and more importantly, what won’t — be allowed under the new legislation. But, as with all legal mumbo jumbo, it can be difficult to decipher exactly how the law translates to real-life business situations.

Whether you’re a marketing manager or are just tasked with sending out your company’s monthly e-shot, this guide is for you. Covering key dos and don’ts for email marketing, these simple rules will help you along the way to ensuring your processes are GDPR-proof, for when the 25 May finally arrives…

Do’s and don’ts

DO seek consent wherever possible — it’s better to be safe than sorry, and asking for direct, affirmative permission to contact someone via email is the most secure process under GDPR and E-Privacy legislation.

DON’T email anyone who has asked not to be contacted, unsubscribed from a list, or opted-out in any other way.

DO be aware of the difference between B2B and B2C communications, and segment your mailing lists accordingly. B2B emails should be targeted at a person’s role within a business, not at the specific person. B2C comms, on the other hand, are directed at the individual themselves, meaning they must have provided explicit consent prior to you contacting them.

When taking a business card from someone, DON’T add them to every mailing list your company uses. Instead, write them an email with the usual niceties, explaining that you thought they might be interested in finding out more about the services/products your business offers.

Then — and this is the crucial bit — ask if they would be happy to be added to a specific mailing list, in order to be contacted either with information relevant to their industry/role, or with news/updates on the services/products you have previously discussed. Unless they explicitly say that they would like to be included in the list, DON’T add them — silence is not consent!

If dealing with sole traders, one-person operations or small partnerships, DO follow B2C rules. Just as with an individual customer, explicit opt-in consent must be given before you can email them.

DON’T assume people will be interested in everything you do. Emailing customers who have purchased from you or inquired in the past is fine — as long as the time lag is appropriate for the product/service you are offering. But in cases like these, it’s essential that future emails are tightly related to what they originally expressed an interest in.

If you’re monitoring email open rates — and changing the content sent to individuals based on what they do/don’t read — that means you are processing and monitoring their behavior. Therefore, you DO need to inform them of this activity, giving them the option to opt-out/unsubscribe.

Ideally, when it comes to marketing your services/products to new contacts, DON’T be too rigid with your comms. Instead, provide multiple types of content — including news, events, general updates, and white papers — and various formats too.

Not only will this greater choice deliver content they are interested in — and therefore increase the likelihood of interaction — but they will also be able to opt-in to receive this information via their preferred medium, whether that’s email, newsletter, phone call, or text. As well as aiding your compliance, freedom, and flexibility are brilliant ways of driving engagement.


Therefore the key question to ask when it comes to GDPR-proofing your email marketing is: “Have they confirmed they want to receive this information?”

If the answer is “no”, take them off the list. If the answer is “kind of” or “well they haven’t said they don’t want to,” take them off the list. Only if the answer is “yes” should you click send — consent is crucial.

Back to top