GDPR Compliance for Email Marketing – 3 Critical Steps

GDPR compliance for email marketing is as important as the focus on website compliance. Consumers are concerned about their privacy when they do business with companies online. And for good reason. Personal information has been stolen or sold; financial information has been compromised.

Over time, consumers have felt less and less in control of their data and who has access to it, including data for email marketing newsletters. At the same time, email marketers are developing digital campaigns that include collecting personal data from users.

Governments have responded with regulations for personal data protection. One of the most important and thorough sets of regulations has come from the EU, in the name of General Data Privacy Regulations (GDPR).  

Any company doing business with citizens of EU countries (internal or external) must comply with these privacy protection regulations or face potential fines. 

What are the Basics of GDPR Requirements?

  1. Companies must get the consent of EU citizens before they collect and store their personal information.
  2. Businesses must clearly inform users and customers if their personal information will be shared with third parties, such as affiliates. Customers/users have the right to refuse to have their information shared with third parties.
  3. If a breach should occur, companies have 72 hours to inform their users/customers.
  4. Users may request their data profiles, and companies must supply them. This will include all data that has been collected about them.
  5. Users have the right to request that all of their personal data be deleted from a company’s system.
  6. There are regulations regarding website security measures that companies must put in place related to personal data collection.
  7. Companies of a certain size must have in-house data protection officers.

Need to make sure your website is GDPR compliant?

Admiral VRM includes a certified Consent Management Platform and can help you get compliant quickly. Find out more.


Email Marketing Subscriptions Fall Under GDPR Regulations

Multiple studies have demonstrated the value of building email newsletter subscriptions for retention and revenue diversification. Admiral's email growth solution has helped publishers add 1000's of email subscriptions quickly, and can do so in a GDPR compliance-for-email manner.

Example of Digital Trends using Admiral VRM platform to offer a choice of email signup or unlocking ad revenue:

Digital Trends Email Signups and Adblock Recovery with Admiral

Website visitors and users surrender personal data when they sign up for email newsletter subscriptions. And even though you may cover GDPR regulations in your privacy policy and your terms and conditions documents, you should take special care to ensure that those subscribers fully understand their rights within each of your emails.

Most users will not take the time to study those other documents. And less-than-ethical practices include “burying” those rights in lengthy documents written in “legalize,” especially the disclosure that personal data will be shared with third parties without opting out.

If you offer an email subscription, then you will want to squarely include your GDPR compliance requirements in each newsletter to demonstrate your integrity and maintain your reputation. Users will feel comfortable and far more trustful having an easy method of exercising their options each time they receive your emails. 

It’s All About User Consent and Choices

There is no doubt that email marketing campaigns reap big benefits. Research shows that these campaigns have an ROI that beats most other forms of marketing. But new GDPR regulations will come to play as these campaigns are designed and implemented.

As you look at being fully transparent, take a look at what your emails have and do not have relative to GDPR compliance. Here is a list of best practices:

  1. You have a secure method for collecting and storing personal data on your website. (Admiral email signup automation can help.)
  2. You have a request for user consent to which they must respond to begin receiving your emails.
  3. Your consent to opt-in is in a simple common language that anyone can understand. This can be a challenge if you have been writing policies containing legal language and style. 
  4. During the opt-in process, you have explained in detail what the subscriber will receive.
  5. You have separate opt-in consent for emails other than your newsletter.
  6. You have disclosed if third parties will have access and have given the option for a user to refuse that sharing.
  7. You have made it easy and quick to unsubscribe. When they click that “unsubscribe” button, they are assured that their personal data will be removed from your system.

If you are missing items on this list, then you should take steps to correct them. 

3 Critical Steps for GDPR Compliance for Email Marketing

Here are three steps you can take to ensure that your emails are GDPR-compliant: 

1) Include Proactive Email Subscription Opt-In

Users give consent by opting to receive your emails on your website and/or blog. You have an option for a single or a double opt-in process. Whichever you choose, there are things you should do to ensure your using GDPR-compliant email marketing. 

Single Opt-Ins: the user will subscribe through a single form. 

Example of email signup with clear consent checkboxes

This opt-in form asks only for a first name and email address. Already, the user is feeling a bit more comfortable. Also, note that the company states that the data is safe and that he can unsubscribe at any time, referring the subscriber to the privacy policy. The user is also given the option to receive partner news and offers or not.

Double Opt-In: In this case, the user is asked to subscribe and provide an email address. He then receives an email to confirm that he has opted-in. 

Example of Tedium Double Opt In Email Confirmation


A double opt-in shows further proof that your subscriber has signed up. An additional point might be added that if the confirmation is not provided, the consumer’s personal data provided in the first opt-in form will be purged from the company’s system.

2) Clear and Easy Newsletter Unsubscribe Option

GDPR compliance for email requires that companies provide the option for users to unsubscribe from email marketing newsletters. Each of your emails should have an unsubscribe button. When a subscriber clicks that unsubscribe button, he should be taken to a confirmation page that tells him his data will be removed from the company’s list. Many unsubscribe features do not include it. You should.

Here’s a typical easy unsubscribe option from, a women’s clothier:

Example of email unsubscribe links and language

It’s easy to unsubscribe, but what does “from the newsletter only” mean? Can LaddyGo still send emails offering special savings? Probably.

Users should be given the option to unsubscribe from all types of email marketing if you send more than just your newsletter to subscribers. Here is an email preference list from a grocer that lets subscribers choose which types they wish to receive:

Example of email subscription preferences page

3) Tell Users How Their Data is Secured and Shared

GDPR requires that you inform your site users that when they do subscribe to any of your emails, they know that their data is securely stored. Further, if you do share their information with third parties, they must be informed. 

To prove full compliance, this information should be disclosed during the opt-in process, not just in your policies. And always, users must be given the choice to opt-out of their data being shared with others

Need a Best-Value GDPR-Compliant CMP?

The three steps above will ensure that you are in GDPR compliance for email marketing campaigns and newsletters. Fortunately, you can find help if you want to be certain that you are doing this right.

Admiral is both a top registered CMP (consent management platform) and has modules to automate the collection of email signups quickly from visitors.

Admiral is also a Google-approved CMP provider for sites requiring GDPR compliance.

Request a demo today.

Schedule a Demo

About the author: Alison Lee is an experienced writer and editor with over a decade of professional writing experience. Alison serves as Editor-in-chief at Subjecto, a site offering writing, editing, and proofreading instruction and services. Alison is passionate about creating great content that educates and inspires. Her interests include reading books, collecting records, and traveling the globe.

Get a Free Account Now with Revenue Analytics Dashboard

Get Admiral Free