Skip to content

6 Great Email Lessons From the GDPR Deluge of 2018

email-lessons-gdprA few weeks ago, your inbox was probably stuffed with GDPR emails. Mine was.

These emails, prompted by the European data protection and privacy law that took effect May 25, asked us to confirm our interest in continuing to receive email from the sender. Many asked us to review and accept new privacy policies. Some thanked us for being loyal subscribers. Some begged us to stay subscribed. Some let us know how so-and-so brand can help you, as a marketer, ensure GDPR compliance, avoid fines, and make millions of dollars using their tools.

A few warned we’d never get another email (please, say it ain’t so) unless we took action.

I even got an email from my mom asking if I knew anything about “this whole GDPR thing.” Bottom line, inboxes were flooded.

On the bright side, the onslaught means companies viewed the new law as an opportunity to reevaluate their business processes, work out a GDPR-compliance plan with their legal teams, and reaffirm audience interest in their content. On the not-so-bright side, some companies simply blasted out emails to anybody they could scrape from their databases. That’s never a great practice – and might have violated the law that prompted the email in the first place.

I’m not a lawyer. I am not giving legal advice on GDPR compliance (if you’re concerned about that, work with your company’s legal team).

Instead, I’m using the torrential GDPR outpouring to illustrate some do’s and don’ts for email marketing.

Use the flood of #GDPR emails as an opportunity to rethink your #email marketing, advises @jphautomation. Click To Tweet

Don’t include a CTA that leads to a dead (or wrong) end

One email I received included a call to action with these options:

  • Stay subscribed
  • Change preferences
  • Opt out

I clicked opt out and landed on a page with no opt-out option. I left all checkboxes blank and submitted the form. Then I received a thank you … for opting-in. What?

Do explain in the subject line the action required

If you require someone to take an action, emphasize the action in the subject line. “[Action Required]: GDPR” or “[Important Notice] Please Confirm Your Subscription.”


If you have an engaged audience (or audience segment) that reacts well to catchy non-specific subject lines, you can try that approach. But, for less engaged segments, clarity around the action makes sense. That’s why segmenting your engaged vs. unengaged audience is critical.

I’ve received numerous emails with content reading, “If you like hearing from us …,” or “let us know what you would like to read.” And I’ve been asked, “Are you still interested in us?” OK, but don’t you already have a sense of my interest or my historic engagement?

Your audience members who haven’t acted on your emails in the past will remain unmoved by a GDPR-related message. Instead of focusing on the less engaged, let your creative juices flow with your engaged audience. This is the audience you likely want to keep in your database.

Focus on engaged #email audience to ensure they recommit to your database. Forget non-engaged. @jphautomation Click To Tweet

Do use a consistent, recognizable “from” address

I didn’t recognize many of my GDPR-notice senders. Be consistent, especially because many people are white-listing sender addresses. Stick with the email distribution address that’s worked in the past.

Also, I get nervous when I receive an email from an individual (I don’t know) asking me to take an important action. In a world of phishing attacks and hackers, assume your audience is as skeptical as I am.

Don’t send multiple requests too close together

Most of the emails I received were either “review a privacy policy” or “stay or confirm subscriptions,” and sometimes companies sent both emails. Why not combine the request? Assuming you’re truly sending a confirm-your-subscription email to a previously consenting subscriber, asking the recipient to review a privacy policy link could be simply a secondary notification in the same email.

Do design a consistent experience

I’m a stickler for consistency. If you create a themed email with a pretty HTML design, see that design all the way through. Landing pages, return pages, and confirmation emails should have the same look even if it incorporates a slightly toned-down flare. That shows the recipient your process/request is well thought out and quickly connects to the path you want that person to take.


Do act promptly after response

If you email a forewarning that if they don’t act, they will be removed/unsubscribed from your database, the next logical step would be to follow through promptly. If somebody responds by opting to receive emails about your newsletter, think twice about sending emails about webinars or events. Remember, every non-requested email in a person’s inbox is one more reminder they can unsubscribe or mark it as spam.

Every non-requested #email is one more reminder to unsubscribe or mark it as spam, @jphautomation. Click To Tweet


These email tips are common-sense ideas that work well with or without the GDPR mandate. New regulations and laws can force us to reevaluate how we conduct ourselves as businesses and data processors, but ultimately that review can lead to better relationship-building between us and our “true” subscribers.

Content Marketing Institute invites you, one of our engaged readers, to grow your relationship with thousands of your fellow content marketers and to learn from some of the brightest in the field. Register today for Content Marketing World Sept. 4-7 using code BLOG100 to save $100.

Cover image by Joseph Kalinowski/Content Marketing Institute