Cartoon hands holding a phone. Emails flying from the phone

When GDPR changes were first announced, there was plenty of confusion surrounding the topic at first. However, as the deadline drew nearer, the changes being made to various privacy policies became more and more frequent. Here, we’re taking a closer look at how GDPR influenced email marketing.

Personal Information

GDPR has affected businesses substantially since its introduction in May 2018. However, one of the most affected elements is SEO and, most importantly, email marketing. Although this may not seem like much, there are a number of older processes that cannot be conducted under GDPR, such as harvesting personal information. This cannot be done without the user’s consent, so it is important to ensure that you have the consent of the user in order to store their information.


When it comes to GDPR, it is important that the user has consented to you being able to use your service. Whether agreeing to the newsletter on your site or to being contacted via email, it is crucial that you have this consent. Due to data protection and new privacy laws, it’s illegal to store or use people’s private information such as their email address, telephone number and address.

Email Lists

Under the new GDPR rule, it is no longer possible to buy email marketing lists, meaning that your email marketing list must be organically generated. This makes the process much longer and can lead to a smaller website not having a large number of leads.

Storing Information

Under new GDPR rules, you are also not allowed to share information or store information as this is against the permission that the user has given you. It is only to be used for the time that you need it and should only be in the possession of one person. Once the information has been used, it should then be deleted. Some of these regulations include:

  • To comply with data controllers legal obligations
  • Right Of Access For User
  • Right To Be Forgotten


The regulations stated above are all put in place to give the user complete control over there data as well as the right to have their information erased from a companies database. This is important as if a business does not comply with this it could lead to consequences such as fines for a multitude of different infringements all based of off the total net worth of the company. Although this does not seem like a problem for those in a larger business, this can have a profound effect on smaller businesses especially if they have not been in operation very long.

GDPR has certainly changed the way that information is being processed and has put the power in the user’s hands. Is your business compliant?

Previous Next