Staying Compliant in an Age of Data Privacy

October 7, 2019

Staying Compliant in an Age of Data Privacy

We live in an age of data privacy. The massive European privacy law known as GDPR created a new standard for data handling in the EU. In the U.S., California will be implementing data privacy regulation in 2020 and there has been talk of the United States passing some kind of federal data privacy law in the future.

For email marketing professionals the writing is on the wall: the time to get in line with these new privacy regulations is now. Even businesses that don’t do business in Europe and haven’t had to worry about GDPR yet will certainly be affected by California’s new law—once the nation’s most populous state imposes such regulations others likely aren’t far behind.

So what steps do you need to take? Marketers who use email marketing as part of their lead nurturing efforts can focus on a few key areas to make sure they are compliant with data privacy regulations from Frankfurt to San Francisco.

Confirm Proof of Consent

A significant impact of GDPR is that it requires companies to get consent from anyone receiving their emails—which is generally just a good practice anyway. If you already have significant mailing lists you’ll be fine as long as you have records that prove that those on your list opted in by checking a box or agreeing to terms and conditions at some point.

If you aren’t able to show that proof, you may need to send out a re-engagement email so that your subscribers can reconfirm consent.

Remember: Emails are Personal Data

GDPR and other privacy laws are all about safeguarding personal data. It’s worth remembering, then, that emails are considered personal data. Treat emails with the same level of respect and security you might treat someone’s home address or social security number—don’t be careless with how subscriber emails are stored and definitely do not pass along emails to third parties without subscriber consent.

“Double Opt-In” is Not Necessary—But It’s Not a Bad Idea Either

There are some who have falsely warned that these privacy laws will require all companies to get a “double opt-in” from would-be subscribers, meaning that people would have to confirm email acceptance twice. This is not true: current privacy laws require that you only collect consent once (and have proof of this).

Still, though, if you want to build an especially strong and engaging email list then getting subscribers to “double opt-in” will ensure that everyone in your email list is enthusiastic about your content and will likely engage more.

Always Communicate How Data Will Be Processed

A key element of GDPR and other laws is transparency over how data is used. As a result, you’ll want to make sure that all your future plans for marketing and email marketing involve clearly communicating what you intend to do once subscribers opt-in to your emails. All it takes is a quick sentence or two describing what kind of information or offers they’ll receive once they sign up to join your list.

The Buck Stops with You

Most important to note in the Age of Data Privacy—your business is responsible for following the letter of the law. Don’t think that you can pass off data security or privacy concerns to email service providers or other third parties. If you want to avoid warnings or fines, it’s smart to know exactly which data privacy laws could affect your business.

About the author


Owned and operated by Phonexa, MailCon is a global community that connects marketing professionals with the latest technology, trends, and strategies in email marketing, marketing automation, mobile and omnichannel marketing. Our fantastic team of content writers contribute to this blog with inspiration from the incredible community of marketers we are privileged to host.


We take your privacy seriously. In order to process your request we require your personally identifiable information (PII)


Say it ain't so — we'd hate to see you go!


    Please provide

      In order to process your request under the California Consumer Provacy Act “CCPA” we require you to please provide any two (2) of the following pieces of your information. This is required under the CCPA before we can fullfill your request

      Select one or more of the following requests



      You will no longer get marketing emails from us.


      Get your tickets before you leave

      Get Tickets