Marta from MailerLite

Marta8 min readTips and resourcesMay 29, 2019

GDPR & email marketing after one year: what it means for you

GDPR & email marketing after one year: what it means for you

They say time flies when you are having fun. Well, GDPR wasn't exactly fun, but the year did fly by quickly. So what has happened?

GDPR was one of the most discussed topics of 2018. Last May, it was searched for more times than Beyoncé and Kim Kardashian, so it must be important!

While GDPR attracted a lot of criticism from larger companies with concerns that it would destroy the digital ecosystem, the real worry was how it would affect everyday small businesses who simply wanted to send emails to their customers.

For many, these four letters may have appeared in a nightmare or two.

A year has passed and it turns out that GDPR did not have the catastrophic effects that people thought it would. In many ways, GDPR helped email marketing more than it hurt it.

Here’s a quick recap of what happened and what it means for your email marketing.

Why GDPR is a good thing

GDPR was publicly announced two years before its implementation, yet most people ignored it until a few weeks/days before the deadline. Considering the huge scope and complexity of GDPR, this mass procrastination caused a frenzy and state of confusion for businesses, lawyers, and even data protection experts.

“Procrastinate now, don't put it off.” ― Ellen DeGeneres

The 2018 GDPR Compliance Report revealed that only 40 percent of organizations were GDPR compliant by the May 2018 deadline.

gdpr year later

Despite the confusion and criticism, GDPR at its core is a good thing for everyone. Technology has transformed our lives for the better, and a driver behind the power of the information age is your personal data.

It’s been 25 years since lawmakers drafted new data protection legislation. A lot has changed since 1995.

Today, your data is a valuable asset that you willingly trade for products and services. It needs to be protected accordingly. You probably wouldn’t give your car keys to a stranger without a proper agreement. It’s the same with your data.

GDPR ensures that everyone, as an owner of his/her unique data, has appropriate rights that others must respect. Luckily for email marketers, when you respect people’s personal data, your results will flourish.

How GDPR impacted email marketing

For some reason, everyone thought that GDPR would kill email marketing by depleting their email list and making it nearly impossible to find new subscribers. Did you feel that way?

gdpr email marketing

Let’s be honest, your email list probably did get shorter after you implemented the GDPR opt-in process. But a shorter list doesn’t mean your list suffered. The people that remained are your loyal audience. They are the ones who will open your emails and click through to your content.

GDPR forced people to clean up their email list, which resulted in better email performance.

Everyone must build their list the right way by obtaining explicit consent. Now that there is a standard to follow, the number of email abusers will continue to decrease. As email marketing practices improve across the board, the sweet converting power will increase as well.

Not without its headaches

While your email effectiveness is sure to increase, GDPR is not without its challenges. One area of change that causes the biggest trouble is in collecting and storing subscriber consent.

GDPR raised the bar with specific requirements for the collection of consent, including:

  • Consent must be “freely given, specific, informed and unambiguous”;
  • Requests for consent must be “clearly distinguishable from the other matters” and presented in “clear and plain language”;
  • Data subjects can withdraw their consent whenever they want, and you have to honor their decision;
  • You must keep documentary evidence of consent.

Another source of confusion revolves around adhering to the various data rights such as portability, access, right to be forgotten, etc. To help you solve these requirements, MailerLite developed several new GDPR tools to manage your subscribers’ data.

GDPR rules to remember

According to EU statistics, email marketing is one of the top sources of GDPR complaints.  To help you avoid complaints, here are the keys to managing a compliant email marketing operation.

Checkboxes and explicit consent

Remember, checkboxes are not a requirement if you need consent for one purpose. You also don’t need to add a checkbox for a free giveaway. Just make sure you explicitly explain that the lead magnet is offered in exchange for joining the email list. Checkboxes are necessary when you need consent for two or more separate things, such as a newsletter and advertising. If you want more information, here’s a whole article dedicated to GDPR opt-in forms.

Privacy policy link

Don’t forget to add a link to your Privacy Policy in the opt-in form. Subscribers have the right to access the information explaining how you process personal data.

Subscriber requests

Never ignore your subscribers' requests. Respect their rights, which includes having a process to address and respond to their inquiries.

Transparency always wins

Keep in mind that you must clearly state which 3rd party providers you use for email marketing as well as any other business processes.

*If you haven’t included a prepared statement about your use of MailerLite in your Privacy Policy, you can cut & paste this pre-written text:

We use MailerLite to manage our email marketing subscriber list and send emails to our subscribers. MailerLite is a third-party provider, which may collect and process your data using industry standard technologies to help us monitor and improve our newsletter. MailerLite’s privacy policy is available at You can unsubscribe from our newsletter by clicking on the unsubscribe link provided at the end of each newsletter.

Examples of GDPR penalties 

European data protection agencies have issued fines amounting to 56 million EUR for GDPR breaches since regulations began to be enforced last May.

Google was hardest hit with a record 50 million EUR, which shook the whole data protection community. France’s data protection regulator (CNIL) found that Google violated the GDPR in two ways: by excessively disseminating essential information and by describing its data processing activities in a manner that was “too generic and vague”.

gdpr google fine

They were in breach of the GDPR requirement for transparency. They also failed to obtain a valid legal basis for processing personal data for ad personalization, which violates the GDPR requirements for specific and unambiguous consent for all forms of personal data processing.

This is not the first GDPR fine, but it’s by far the most significant. There have been other, smaller cases across various industries. In December, a Portuguese hospital was fined 400,000 EUR after its staff used bogus accounts to access patient records, and a German social network operator “” was fined 20,000 EUR for storing social media passwords in plain text.

GDPR cases by the numbers

The European Commission has published an interesting infographic taking a closer look at compliance, enforcement, and awareness of GDPR.  Here are some numbers that stuck out:

  • 95,180: number of complaints to Data Protection Authorities
  • 41,502: number of data breach notifications
  • 255: number of cross-border cases

Thank you, GDPR

Wait, why are we thanking GDPR? As it turned out, GDPR didn't kill email marketing. We believe that it helped many of you create more effective email campaigns. 

By respecting your subscribers and providing value with every email you send, GDPR delivers that extra layer of awareness to help you remember that your subscribers are not just a number – they are people with rights.

People own their data. When you agree to treat them and their data like you would want others to treat you and yours, good things happen.

As always, MailerLite is here for you to help answer questions and navigate GDPR for email marketing.

If you missed our other GDPR-related articles and videos, here they are:

What’s your experience? Did GDPR hurt or help your email marketing practices? Let us know in the comments!

Marta Poliakova

Hi, my name is Marta, legal counsel at MailerLite. As a legal professional, it’s my job to ensure we’re always following the rules, especially regarding GDPR compliance. To blow off steam, I enjoy kickboxing. I call my punching bag “Mr. GDPR,” and boy do I get a good workout.