Prepare for the GDPR as a marketer: opt-ins and storing data

December 6, 2017 | by Nikita Smits-Jørgensen

Prepare for GDPR as a marketer.png
GDPR seems like and is a huge task to tackle. As inbound marketers, we can argue that it’s actually not all bad news as it reinforces that you should only market to people who are interested in hearing from you.

Of course, we can’t simplify it to just that statement but much of privacy law in Europe actually comes down to balancing your legitimate interest and the privacy rights and freedoms of your data subjects, or the people in your database. Funnily enough though, after following the basic rules set out in the regulation, you can come up with an answer to many cases by asking yourself ‘Does it feel right?’. Say you used to run a business, you have a list of contacts you feel match your buyer persona. Does it feel right to send marketing email to people who’ve opted into receiving marketing from your previous business? I would guess that the answer is no, and indeed according to the GDPR, even though people shared their contact details with you, they definitely did not consent to receive marketing messages from your new business. What you can do, of course, is send a personal sales email to individuals asking them if they are interested in hearing about your new venture. So here are a few things to look into.

 Preparing for GDPR as a marketer:

Opt-in and emailGDPR_optin_I_agree_tickbox.jpeg

This one is pretty straightforward. You need to record an opt-in through a clear, affirmative act from everyone that you intend to send marketing emails to. You can’t use a pre-ticked box, the opt-in has to be specific and people need to have the option to easily opt out of messages from you.


Share only relevant information

There are a few cases where you can send marketing email without an opt-in. You can do so if this person is paying customer of yours. Money actually has to exchange hands before you use this option. When you do so, you have to make sure that opting out is easy and you actually adhere to these requests. You can only send marketing email if you promote a product or service that is closely related to the product or service the customer has already purchased. If you have two completely separate business streams and you would like to send marketing messages across your entire database, you’ll want to review whether or not the products are closely (enough) related.

As always, you need to think about your reason for sending these messages, legitimate interest, balances against the right to privacy of your data subjects.

Finally, you have to consider what you do with the data of a customer whose contract has ended. You might not be in a place to keep sending them marketing messages and therefore it’s recommended to always focus on creating new content to use in opt-in campaigns, making sure that people are actively telling you that they are happy to keep receiving your emails.


How long to store dataGDPR_data_storage_Digital_devices.jpeg

We already touched upon the issue that you cannot hold on to people’s data indefinitely. The same goes for opt-ins. The GDPR states that the opt-in is relevant for the time being. So what do you do with the data in your systems? As a baseline, don’t keep data longer than you need it for the original reason of processing.

First of all, make a call on how long you store data in your systems and communicate this clearly to your audience in a well written, GDPR compliant privacy notice. You can decide on how long you keep customer data by looking at how long your customers might expect service from you. On average, they stay with you for 3 years and if they come back they do so within 2 years? This should allow you to keep the data for 5 years by default.

How about the marketing emails? Well, monitor engagement. Are your contacts opening your email, engaging with you on social media or returning to your website? That is an indication that they are still interested in what you have to say and you may argue that the opt-in is still relevant. On the other hand, when you see that engagement is dropping off, it might be time to actively focus on running an engagement campaign. Create a list of people who haven’t engaged with you in a while and reach out to them, possibly with a break-up email to let them know that you would like to hear from them. It’s a bit more work, but if you deal with high-value contacts, I like to send a personal email where I share an asset which gives me the chance to record engagement or an opt-in again.


If you’d like to know more about the GDPR and how to prepare for this as a marketer,
have a look at  our online course built for marketers.

Email marketing | Inbound marketing | Strategy

Written by Nikita Smits-Jørgensen

Nikita Smits-Jørgensen

Nikita Smits-Jørgensen is a co-founder of inbound marketing and GDPR consultancy BusinessBrew. While being ISO certified in privacy regulations for sales and marketing (GDPR / PECR) she aims to work with marketers in plain English to get GDPR-ready. Nikita met fellow BusinessBrew founder Evelyn Wolf during their tenure at inbound marketing powerhouse HubSpot where they assisted businesses of all sizes and industries as well as marketing agencies in building their lead to customer generation funnels. BusinessBrew is geared to help companies make the most out of their inbound marketing and privacy efforts in the most time and cost-efficient manner through workshops, training and the delivery of strategic playbooks.

Email Subscription

Get email updates

Recent Posts