I’ve got great news for you, email marketers of the world! The GDPR doesn’t mean the end of life as you know it. The end is NOT nigh. 

In fact, broadly speaking, the EU’s impending General Data Protection Regulation (GDPR) legislation is actually a good thing, even if we may not all understand exactly how just yet.

Here’s why:

GDPR is a good thing for consumers

The fact is, people have been giving away their personal data for free, unwittingly and ignorantly, for years.

Even those consumers who understood that their data was being collected by the companies and brands they were interacting with (which, btw, is a very small percentage) had very little understanding of why anyone would want their data in the first place, let alone what their data was being used for.  

And in a world where consumers don’t know or understand how their data is being used, can anyone really give “consent”? 

The days of living in a fantasy land where we all pretend that consent consists of requiring a consumer to click a box indicating that they’ve “read and understood” a lengthy, opaque “terms and conditions” document as part of a relatively small digital transaction, doing whatever brands want with consumer’s data – for an indefinite period of time – are over.

As well they should be.

Nobody reads those things, and even fewer understand them. You know it, I know it, and every brand that’s ever added one to a digital signup process knows it, too. That’s why those terms and conditions documents have gotten longer and more all-encompassing with every passing year, and that’s how people have been unwittingly giving up their rights, one check-box at a time, for the better part of two decades.   

That’s not the way business should be done.

Imagine walking into a shop, browsing for a few minutes then finding a pair of underwear you’d like to buy (for example, these). You walk to the checkout, only to have the cashier hand you a 20-page legal document, asking you to sign it before allowing you to make your purchase. Then imagine that you sign the document without reading it. You move on with your life, one pair of underwear richer than you were before, blissfully unaware that you’ve just given that shop permission to follow you around, recording your every move.  And then having that shop sell that information to whomever they want  for the rest of your life, all without telling you.

Sounds like an awfully strange transactional process, does it not?

underpants with t&cs

As it turns out, most consumers have no problem with companies holding their data, as long as they know what they are doing with it – and can easily make it stop whenever they want.

That’s the goal of the GDPR: data sovereignty. And it’s a noble goal that should be lauded. It allows individuals to maintain their privacy from private companies and ensures that people’s data is not used for spurious purposes.

GDPR is a good thing for brands (and email marketers!)

Although constructed by bureaucrats in Brussels with plenty of ambiguity and a pinch of overreach baked right into its 120+ pages, the hefty GDPR legislation will help brands and email marketers do their jobs better in the end.

It’s unfortunate that the ambiguous language of the GDPR has created such widespread panic and paranoia in the email marketing realm. It’s a powerful weapon, but it isn’t pointed at us. In fact, nowhere in the GDPR’s 120+ pages are the words “email marketing” used at all. Not once (or at least, not once before I got so bored of reading it that my eyes glazed over and I drooled myself into a fitful slumber). 

This is not legislation that’s focused on email marketing. Far from it, in fact. The GDPR addresses philosophical concerns about data privacy. The most important area of the legislation is the requirement for “legitimate interests” to process personal data – meaning that the data a company uses must be collected and processed in the interests of the person whose data they’re processing, or for legitimate (and non-dodgy) business reasons.

A company storing a consumer’s name, purchase dates, and addresses for warranty or repair schedule purposes is legitimate interest.

But: a smart watch company storing a consumer’s personal health data, or an ancestry site storing consumer’s DNA info? Is there a legitimate interest for the consumer there? You could easily argue not so much.

This is where GDPR will be applied. The law is not intended to stop you from marketing. The law is designed to stop companies from storing individual data for dubious purposes. That’s why fears of an email marketing witch-hunt are unfounded.

That’s not to say that the GDPR will have no impact whatsoever on email marketing. Obtaining “consent” might require a bit more work than it did before, which is a scary prospect for marketers who’ve gotten lazy.

Opt-ins (consent) will be a bit tougher to come by and opt-outs will have to be made a bit easier for subscribers.

That’s a good thing.

Under the GDPR, getting “consent” requires you to obtain a positive opt-in. That much is true. The thing is, this has been best practice in email marketing for a long time, and for good reason. If you haven’t already been doing your due diligence to obtain positive opt-ins from your subscribers, you’ve simply been doing email marketing wrong.

Why on earth would you want to trick someone into subscribing to your email list? What possible benefit can there be to sending unwanted marketing emails to someone?

It’s time to step your email marketing game up.

For brands and email marketers who are already following email marketing best practices, email marketing in a GDPR world will be much the same as it was in the pre-GDPR world.

For those that haven’t been following email marketing best practices, here are a few tough truths you need to hear:

  • It’s your job to persuade people to want to hear from you. That’s what marketing is. 
  • If your email marketing is on-point, offers your subscribers value, uses the most engaging language possible (including awesome subject lines, obv), your subscribers will trust your brand, engage with your emails and be glad to hear from you.
  • If your email marketing sucks, you offer your subscribers nothing of value, and you use boring language and lame subject lines, your subscribers will view your emails as an unwanted nuisance. Tricking more people into subscribing to your list and making it hard to opt out won’t change this and won’t improve your lot in any way. In the new GDPR reality, such tactics will ensure the ICO will be coming after you. Sorry, but it’s true. 

GDPR is encouraging brands to build trust with their subscribers, which you should’ve been endeavoring to do all along.

Stop looking for loopholes. Focus on using the most engaging language possible in your email marketing to ensure that your subscribers trust and stay engaged with your brand.

Moving forward, here are a few GDPR pointers:

  1. Don’t try to trick people into subscribing
  2. Don’t collect spurious data for dubious and opaque purposes
  3. Make your email content and subject lines as engaging as possible (Plug: Phrasee can help with this!)
  4. Make it easy for subscribers to opt out of your mailing list if/when they want to.

See? You don't need to be a lawyer or have a PhD to exist in the post-GDPR world. You just need to do your job as a marketer. That job - and let's not forget this point - is to get people to engage with you online. GDPR just makes sure you're doing it in a way that respects your audience's privacy.

If you are already doing these things you have nothing to worry about. Leave the GDPR-induced stress to the less scrupulous pholks in our amazing industry.

And you'll be able to rest at ease, knowing for certain that everything is gonna be alright.

Note that this article represents the views of the author solely, and is not intended to constitute legal advice. 

online gdpr course 

Parry Malm

Published 15 May, 2018 by Parry Malm

Parry Malm is the CEO of Phrasee and a contributor to Econsultancy. Connect with him on LinkedInTwitter or Google+.

27 more posts from this author

You might be interested in

Comments (7)

Save or Cancel
Lawrence Everard

Lawrence Everard, Director at Little Yellow Duck

Couldn't help read this without a smile on my face. Given all the misinformation out there, this article puts matters nicely into perspective. Well done.

3 months ago

Pete Austin

Pete Austin, Founder and Author at Fresh Relevance

Great article. I also hate it when I have to sign agree a 6,000 word legal page for some tiny purchase. Far too often I suspect that the extra length is deliberate, with the website adding extra verbiage to make their privacy and legal pages too long to read.

The most important part of the GDPR is, "The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language" be used. NB concise. The rest of the GDPR doesn't count for anything if most people aren't able to know what they are agreeing to.

To coin a phrase, web pages can easily be conciser and clearer. Two OK examples...
Phrasee's privacy page (about 800 words): https://phrasee.co/privacy/
My privacy page (about 400 words): https://www.freshrelevance.com/privacy-policy

3 months ago

Parry Malm

Parry Malm, CEO at Phrasee Ltd.

Ah yes - I had always hoped, when we drafted our privacy policy 3 years ago (which we don't need to change for GDPR because we weren't creepy in the first place) that someone would term it as "OK"! Mom - MOM - I MADE IT!!! :)

3 months ago


Test Test, Test at Test

What about PECR?

Interesting that to post this comment I have to register and an auto opt in for the newsletter is presented.

3 months ago


Matt Lovell, Head of Customer Data, Insight & Analytics at Eurostar International Ltd.

@Parry - I'm not sure a Privacy policy is every going to be anything more than OK for most customers as they want to use your service / buy something from you. It's a bit like buying any new item with a comprehensive manual most people either actively ignore or skim because they feel they have to have made an effort. I'd take OK as a positive...

3 months ago

Parry Malm

Parry Malm, CEO at Phrasee Ltd.

@Matt Indeed, I agree. We went for the "plain English that no one reads" approach, as opposed to the "legalese Swahili that no one reads" approach. Both have their merits.

3 months ago


Chris Turner, Owner and Principal at Bright Blue Kite

Just a quick story about how lax people can be with their data. I hired a van on Saturday and anyone who's ever done this will know you get a sheaf of paper, the very first page of which contains your name, address, date of birth, driving licence number and other sensitive data. Not just the previous hirer but the one before that had left their documentation in the van! Luckily, I'm a decent kind of chap and I gave them back to van hire company.

3 months ago

Save or Cancel

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.