How to Make Your Campaign GDPR Compliant

What does GDPR compliant mean?

The European Parliament has passed the General Data Protection Regulation (GDPR) to protect the data of individuals. Personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings. Potential fines for not being GDPR compliant are up to $23 million USD.


This blog post is under construction

What is personal data?

For the purposes of GDPR, the European Union has decided that personal data is anything that relates to a person’s private, professional or public life, including:

  • Name
  • Address
  • Photos
  • Email address
  • Bank details
  • Posts on social network sites
  • Medical information
  • Computer’s IP address.

Business processes that handle personal data must  use the highest-possible privacy settings, so that the data is not available publicly and cannot be used to identify a subject.


Non-economic activity

An enterprise has to be engaged in economic activity to be covered by the GDPR.

B2B email marketing

In regards to concerns like B2B email marketing, the GDPR regulations state:

“The processing must relate to the legitimate interests of your business or a specified third party, providing that the interests or fundamental rights of the data subject do not override the business’ legitimate interest.”


“The processing must be necessary to achieve the legitimate interests of the organisation ….. Necessary … except where such interests are overridden by the interests or fundamental rights and freedoms of the individual”.

Therefore, companies can continue to use marketing data for the purposes of B2B engagement as long as the appropriate steps are taken to ensure the data is aligned to a specific objective or campaign.

Before making a purchase, you should let the customer know that doing so will add them to a mailing list. Make sure you then include details about what they would receive. GDPR doesn’t require a checkbox, but it does say that you need to clearly communicate how you will be processing subscribers’ personal data. That can be done with a descriptive sentence or two.

However, the Digital Marketing Magazine says, “Data subjects should be able to take back their consent easily and quickly under GDPR. Marketing teams will have to make efforts to facilitate this option to withdraw in email transactions.”  Read more.

In other words, make sure you have an unsubscribe ink.

The Litmus Software website says, “All major email laws, including CASL in Canada and CAN-SPAM in the U.S., require brands to give their subscribers the opportunity to opt out from receiving emails. Each promotional email you send must include an option to unsubscribe.” Read more.

Also, the Pinpointe website says, “Every customer you reach out to has to consent to your emails. That means you’ll need an opt-in practice in place.

“For instance, if you meet potential clients at a trade show and exchange cards, you can’t add them to your email list without implied consent.” Read more.

The Mail Manager website says, “GDPR is not bad news for email marketers, nor should it be seen as an inconvenience …. Once the GDPR comes into effect, businesses should be clearer about what they can and can’t do with personal data, and there’s a good chance that people will be more inclined to offer their data to businesses if they’re confident it’s less likely to be misused.”  Read more.

Related web pages

Wikipedia article on compliance
Compliance blog from the Riddle quiz-creating company
GDPR and email marketing
Email marketing playbook
GDPR & marketing myths debunked


Legal disclaimer

This post is not legal advice. It is an article on GDPR for informational purposes only. It is within the realm of the possible that we missed some important data. If you want to make sure you are GDPR compliant, get a lawyer & a data protection specialist.