Life with GDPR: Data Compliance for Emails

Hand flipping wooden blocks with word GDPR.

As we wrote in our previous GDPR post, GDPR: Email Marketing Compliance Update and FAQs, the General Data Protection Regulation was like “Y2k for privacy.” In a post-GDPR deadline world, the analogy is even more fitting – like Y2k, the world didn’t end, because of the work most affected organizations put in to ensure that it didn’t. What is was, nonetheless, was a wakeup call on data collection and storage, and how companies had to change to better handle it. In this post, we’re going to look at five questions to ask yourself about your data compliance – specifically on how it handles this data in relation to the collection in our neck of the woods: email marketing.

1. Have You Created a “Privacy First” Culture?

While the GDPR had a compliance deadline, it shouldn’t be looked at as a “one and done” policy change for your business, but instead a change in how you handle user data. For many, this means not just changing how you handle data for users in the “EU28,” but how you handle changes globally. If you haven’t already, take a look at your policies and the culture they create. Encourage and reinforcing a “privacy-centric” cultures, systems and policies will provide you with both long-term competitive advantage and corporate risk reduction, no matter how large (or small) your business. The GDPR is a collection of rules and principles, that’s true; however, it will also evolve over time through further regulation and case-based interpretation.

2. What Are You Doing to Manage Your Compliance Risk?

In our GDPR blog, we went through the various areas your GDPR compliance could be weak. Revising, rebuilding, and monitoring these various areas are all part of risk management – making sure you’re not open to the liability, fines, and reputation hit of being noncompliant. Is your risk management an ongoing effort?

  • Change What You Are Collecting: Reducing the amount of personal data collected can reduce the risk. Think about removing names, locations, and birthdates from your email subscription forms to reduce risk.
  • Revisiting Old Data: What about your old email data collected before you put GDPR measures into place? The GDPR is retroactive – so that data must be reviewed and updated to meet your compliance standards.
  • Cookies and Tracking Code: Users must provide consent for data collection, including cookies and tracking for analytics. Make sure your policies are updated with any changes to your tracking systems.

3. Have You Been Affected by GDPR-Related Requests?

From responses from sent emails to data requests on your website, have you had users or visitors invoke their GDPR rights (such as right-to-forget, right-to-access, or other post-deadline consumer activity)? Each time this should be a learning experience and help you change your policies and ease of access to promote better relations with your customers.

4. How are Changes from the GDPR Affecting Your Bottom Line?

With the changes required by the GDPR, have you had to make changes or improvements in your IT or Operations departments? Have you had to change vendors or cut ties with third-party software and integrations? Not only should you be looking at how the GDPR has affected your costs, but also your profits. How has being more visibly compliant with user data protection driven traffic to your website and leads to your business?

5. How is Compliance Affecting Your Ability to Compete as a Contractor or Vendor?

Much like the GDPR can change the vendors or contractors you support, if your smaller business works as a supplier or contractor for larger or multiple companies, it’s important to look at your GDPR compliance as a useful edge, especially in the global markets where GDPR compliance is mandatory. This goes all the way down to bloggers who are looking at winning deals with international brands: meeting and exceeding these data protection requirements for email data collection and beyond can put you above the competition.

6. Bonus Perspective: GDPR is the Start of a Global Movement (or, Say Hi to the CCPA)

Just because you’re not active in Europe, don’t think you can avoid the principles of enshrining transparency and privacy in your business practices. California, the world’s fifth largest economy, has enacted its California Consumer Privacy Act (CCPA), taking effect on January 1st, 2020. If you’ve been paying attention, much of it will sound familiar, and compliance won’t be an issue. If you haven’t – well, it’s past time you did. Researching, reorganizing, redesigning established systems, and processes comply with existing and planned privacy regulations can be an enormous headache, for one important reason: the changes you may need to make are incredibly pervasive and are often hidden until you start looking for them. So start looking. Now.

Use these questions to start a conversation – either internally in your company, with your current vendors, or with us – about data collection and GDPR compliance specifically, and customer privacy generally. Take a look at our GDPR FAQ in our support center for more details on how we handle it. We pride ourselves on rigorous data standards and have the support to help you with data collection, every step of the way. Send our team an email at You can also use our chat, check out our Help Forum, or give us a call at 1.877.692.5489. Our Support and Sales Desk is available Monday – Friday from 9 am to 5 pm Eastern Time.