Choose a category :

[Infographic] How to Adapt Your Email Marketing in Accordance with the GDPR

New European legislation on data privacy, known as the General Data Protection Regulation (GDPR), enters into effect in a few weeks.

If you have any European customers or subscribers, this law affects you. That means you will need to make sure your lead generation and email marketing practices are compliant to avoid being penalized. To help you get started, Sendinblue is proposing some best practices for your opt-in strategy that will help you avoid this and keep your contacts happy.

May 25, 2018 is the date to remember. This is when the GDPR goes into effect in Europe, which means you don’t have a whole lot of time to get ready.

We recommend that you start updating your signup forms, optins, and data collection practices to conform with the new requirements of this law as soon as possible.

To help streamline that process, we put together an infographic with some suggestions on how you can do this. In it, you will find:

  • The primary differences from the current requirements regarding personal data
  • Examples of best practices and common mistakes when creating opt-in forms for your site


how to comply with the GDPR infographic

Tags: , ,

13 Responses to “[Infographic] How to Adapt Your Email Marketing in Accordance with the GDPR”

  1. Lauren

    Very good blog! Do you have any suggestions
    for aspiring writers? I’m hoping to start my own site soon but
    I’m a little lost on everything. Would you recommend starting with
    a free platform like WordPress or go for
    a paid option? There are so many options out there that I’m completely confused ..
    Any suggestions? Kudos!

    • Jeff Cox

      Hey Lauren — thanks for the kind words! If you’re just starting out, using a free site isn’t a bad route, but I would always recommend starting with a true installation if you want to have more customization and control and avoid any migration headaches in the future. It’s up to you though — the only way you can really go wrong is if you wait too long! 😉

  2. Very clear and concise. The marketing integration issue is where to store those consents. They need to be stored with date, context and an expiry date based on your marketing policy. So a simple check on its not enough. This video explains the principles

  3. Catarina

    Does a private blog that doesn’t have any commercial activities, e-mail marketing activities, newsletter or anything similar really have anything to report when it comes to GDPR? It only has a feedburner subscription form for articles. Tried to add that they can unsubscribe but it wasn’t possible. Do I need to delete the feedburner subscription form. Apart from that the only data that’s collected is name and e-mail addresses of people who leave comments on articles which is optional. Do I still have to write a privacy policy page and publish it?

    • Jeff Cox

      Hi Catarina — thanks for your question.
      I am not familiar with feedburner, but if they don’t allow you to add unsubscribe links, you should find a different service to use. In general, I don’t think you’ll have too much to worry about in terms of GDPR compliance though. Just make sure you clearly communicate what people are subscribing to, how their data will be processed, and how they can amend or delete this data as needed. Your privacy policy doesn’t have to be extremely long, as long as you cover all of your bases and make sure that your readers’ data is secure and they have the necessary transparency required under the GDPR, you should be okay.

  4. Here’s a hypothetical situation: Restaurant with locations only in the US. EU Citizen joins restaurant email list while at one of the locations. Restaurant then emails customer as part of regular email marketing newsletter, but EU citizen receives the email in the EU.

    Does that email alone have to be GDPR compliant? Or does the process of collecting the email list subscription in the first place have to also be GDPR compliant?

    Or nothing has to be compliant?

    • Jeff Cox

      Hi Jesse,

      Great question! I am not a lawyer, but I will do my best to answer your question.

      The GDPR really centers on acquiring user consent for businesses to process personal data for EU citizens. This means that it really refers to the collection of this information and the processes for which the data subject has authorized this information to be used. In the case you mention above, as long as the process by which you collected the contact information of an EU citizen is GDPR-compliant (i.e. that contact gave you their information through a positive action, and that the terms of consent and types of processing this data would be used for are clear), then you should have nothing to worry about. Hope this helps!

  5. Gregory Gibbons

    Early in your infographic, under “What you need to know” there is the statement, “B2C contacts must provide consent in the form of…”.

    This makes your infographic seem only pertinent to B2C – Business to Consumer. What about Business to Business?

    • Jeff Cox

      Hi Gregory,

      Great question. The reason we mentioned B2C contacts here is that the GDPR has much less bearing on B2B communications. Most experts have agreed that professional emails (i.e. an email address in the form or something similar) does not constitute personal data at the level required for GDPR restrictions. In this case, B2B communications just need to be based on a potential legitimate interest of the recipient, which is a much more relaxed protocol.

      Hope this helps! Of course, if you’re really concerned about your B2B communications, it would still be best to seek the counsel of a lawyer who specializes in this field.

Leave a Reply

Try our free plan and send up to 300 emails/day.

No credit card. No commitment.

[Infographic] How to Adapt Your Email Marketing in Accordance with the GDPR

time to read: 1 min