How can you protect your mailing list from GDPR?

How will GDPR affect your mailing list? Find out what you need to do to stay legal from a marketing point of view. 

February is the month of St Valentine. It is often about love, but at Pinpoint Marketing, we see it as also being about relationships. Building relationships, starting them, nurturing them and looking in for the long term.

Moving on from February and into May, we’ve also got the arrival of GDPR. And we’re often asked by our clients how this can impact their customer relationships and engagement. So we thought we’d share the advice we’ve been given from a marketing point of view.


The common myth is that data protection is only for the big boys and one-man bands do not need to worry about it. Wrong! GDPR is a new, European-wide law or directive that replaces the Data Protection Act 1998 in the UK. It is about putting people first and respecting their rights and it comes into effect on 25 May 2018.

GDPR applies to any ‘personal data’ (any information relating to an identifiable person). For example, a name, IP address, phone number etc. The directive applies to adults and children and also it is regardless of whether your customers are consumers, individuals or businesses.

How can you protect your mailing list from GDPR?

I have always said that the best practice when email marketing and building a database is to never add anyone onto your database automatically, unless you have their consent or permission first.

This best practice applies whether your customers or clients are consumers (B2C) or businesses (B2B). You must always give the customer the option to unsubscribe.

However, regardless of whether you have or haven’t walked this straight line of building your database, what should you be doing before May to be compliant – and protect your mailing list from GDPR?

Start using double opt-in forms

If you can demonstrate that all the marketing material you have used to gain sign ups to date was double opt-in, then you don’t need to do any more work on this. If not, you’ll need to ask your database to re-sign-up to continue to keep receiving mass emails from you or your company.

Email marketing tools like Drip have simple sign up forms for double opt-in which can create and send links to your database. Using these it only takes a minute for your subscribers to re-sign up and give their consent. It’s all automated and all trackable, so you are covered in the event on an audit.

This signing up process isn’t a one-off exercise, however; it should be repeated regularly (the exact frequency I believe is still to be determined).

Hopefully, if you have a loyal and engaged audience, most will sign up and then you are good to go. (Please also note that assuming a pre-ticked opt-in/tick box will not be acceptable after May – you won’t be able to auto sign up and assume the receiver will untick.)

Can you still market to existing customers?

There is an argument about ‘legitimate interest’ and how this may get around being able to keep contacting your database.

This is a woolly area still but basically it argues for marketers and business owners that if a contact is a past customer or current one or has some genuine link to your business, they can still be marketed to. I would recommend you start following the ICO to keep up to speed before acting on this.

So, you have set up a sign-up form on Drip (or your equivalent software), and you have emailed this out to your current database. Don’t despair if not everyone signs-up – some won’t and this is fine. To me, it is better to have 100 contacts signed up that all read, click and engage in your content rather than 500 who never open an email. It is easy to get obsessed by the numbers though.

Want to grow your list (WITH double opt-in)?  Discover the REAL art of list-building – and how to build yours. And here’s how to stop people unsubscribing from your list

How to re-engage customers who don’t respond

So how can you engage customers in addition to using the traditional database and email marketing route? Given GDPR and its limitations on us going forward, what else can you do to engage and grow?

Firstly, try and be positive about this. See this as an excuse to get in touch with them by phone or a meeting to engage them and catch up. You could consider:

  • Consider telemarketing to boost sign ups or chase non-responders. This could be done using an expert or yourself at home or in the office. By making these calls you never know where this may lead!
  • You could find and follow the contacts on your various social media profiles to keep connected. Then you could message them as well as posting general content to them and everyone else to engage them and draw them in.
  • You could invite them to a meeting or networking event you are attending.

Basically, all is not lost. Be inventive and innovative, but stay be on the right of the data protection laws and regulations. Good luck!

Pinpoint Marketing offers packages covering planning, email marketing and social media. Find out how they can help.

Photo by Brooke Cagle