Hero Image

What Does UK GDPR Mean For Email Marketing in 2022?

Data is the new oil, according to the Economist. A long-time resource for digital companies, the role of data may be valuable for most, but are you complying with the strict UK GDPR rules that regulate how it’s collected, stored and used? If not, this should be an urgent priority for your business.

Since we left the EU, and the six-month transition period ended on the 30th June 2021, data protection looks a tad different now. No longer do we have easy data portability with EU countries, we now have many more considerations to make. Rather than complying with GDPR, we now have the UK GDPR and the Data Protection Act (DPA) 2018. Combined, these two documents and the PECR (Privacy and Electronic Communications Regulations) of 2003, set out laws governing any data that passes through a UK company.

Data protected email on laptop

How GDPR affects you

The General Data Protection Regulation (GDPR), which recently celebrated its third anniversary, is the most impactful change to EU privacy law in the last twenty years. Its broad compliance requirements will demand a lot from businesses across all markets. If you handle your customers’ personal data, GDPR affects you. No matter where personal data is sent, processed or stored, GDPR requires businesses to respect and protect user freedoms and privacy.

As a former EU member, a lot of what is in GDPR has carried over into UK law in order to guarantee ‘third country compliance.’ All this means is that as we are no longer a member of the EU, we have to have ‘adequate protection’ for data to be moved from the UK into the EU.

Fail to comply with UK GDPR and you’ll be facing a fine of £20 million or 4% of your annual global turnover, whichever is higher.

You are not required to automatically refresh all existing DPA (Data Processing Agreements) consents for UK GDPR compliance. But if you rely on an individual’s consent to process their data, make sure it will meet the UK GDPR standard on being explicit, recorded and as easy to remove as it was to give. If not, alter your consent mechanisms and ensure you have simple, explicit consent options at every necessary point.

Subscribers to your email marketing will also need to be able to quickly remove data if requested. Known as the right to removal or erasure clause, UK GDPR makes it compulsory to provide a clearly identifiable route for users to make contact and communicate their request to unsubscribe, opt-out, or scrub their data.

What counts as personal data?

Personal data describes information that impacts the identity of a user, called a “natural person” under UK GPDR, including their:

  • full or partial name 
  • photo 
  • email address 
  • IP address 
  • bank details 
  • posts on a social networking site 

Under special categories, according to UK GDPR compliance, the following information can also elaborate on a person’s identity: 

  • medical information 
  • biometric data  
  • sexual orientation 

Under strict UK GDPR compliance, since it relates to ‘any information’ that helps identify a user, it’s advisable to interpret personal data broadly to avoid penalties or confusion.  

Got an email mailing list?

If your current marketing email opt-in doesn’t satisfy GDPR, you’ll need to alert the user if you hold their data, offer them a chance to action it under Section 23 and then ask them if they wish to continue hearing from you. You can’t ‘soft’ opt-in.

Email marketers now need explicit consent from their subscribers. This can be referred to as ‘hard opt-in’, where the consent has to be freely given and no boxes are pre-ticked. Soft opt-in, where a box is pre-ticked, or suggested in the copy of the notice, is no longer good enough.

Your subscribers need a way to easily opt-in or out of email campaigns. This could be achieved through a straightforward call-to-action that allows customers to check a “yes” box to consent to receiving emails.

UK GDPR also demands data relevance. Whereas when GDPR first came into force in 2018, companies quickly panicked and sent out engagement campaigns, data protection now needs this regularly.

To have good list hygiene, you need to ensure that anyone on your list is actually interested in your emails. Email marketers, at least the good ones, should create sundown automations to regularly qualify their contacts. A sundown policy simply looks at whether someone has engaged with an email in the last 12 months (9 months if it’s an Outlook email…) If they haven’t, a sundown policy offers them a chance to remain subscribed and tells them if they don’t, their data will be removed.

email notification on computer

How to keep email consent compliant with UK GDPR

UK GDPR requires explicit consent from users. According to the ICO (Information Commissioner’s Office) consent is about the preservation of user privacy and freedoms, but also helps brands establish trust, transparency and a positive, open reputation. Under UK GDPR, consent is unambiguous and legal guidance mandates that email marketing forms should enable clear, signposted actions for a user to follow.

To comply with GDPR, remember that your email consent forms should include the following:

  • Consent must be given, specific, informed and explicit 
  • There must be a positive opt-in 
  • No pre-ticked boxes 
  • Create simple ways for people to withdraw consent 
  • Try using double opt-in methods 
  • Keep your consent policy separate from other Terms & Conditions  

How to take advantage of double opt-in

Double opt-in for email marketing campaigns is not a new idea. Firing a confirmation email after a form completion, however, can provide a number of advantages.

The value of an email list isn’t in its quantity, but rather its quality. You could have a mailing list containing forty-thousand addresses, but if none of them convert, you’re wasting your time. Providing double opt-in to email listings means that the quality of your list is much higher. People who are genuinely interested in your offering are more likely to confirm their interest in your subscription than someone on the fence.

The obvious downside of double opt-in is that your email list will take longer to grow. Adding an extra hurdle for the user will naturally slow short-term growth of your subscription list. This is why you need to make your subscription really attractive to your subscribers. From emotive and creative copy to bespoke visuals, the quality of a strong email marketing campaign can convert regardless of an extra barrier upon sign-up.  

Fortunately, double opt-in provides you with an ideal opportunity to touch base immediately. You can tell them more about your brand or offer a promotion as soon as they sign up, making the extra hurdle more palatable.

Is your email marketing on top of compliance with UK GDPR?

No matter how big your operation, the cost of auditing your assets and bringing them up to compliance standards is significant. Strict requirements, like greater data access and deletion rules, risk assessment procedures, Data Protection Officer roles and data breach notification processes, will mean businesses need the right expertise to deliver compliant email campaigns.

But in a world increasingly aware of the risks of exposing online privacy, consumers value the trust they have with brands. Yes, UK GDPR demands changes from your email marketing. The sooner you take action, the more trustworthy and authoritative you’ll appear against your competition.

Data protection is a good thing for email marketing. It gives you genuine, opted-in customers who actually want to hear from you. Take advantage of data protection, and the rewards are better than you could ever imagine.

If you need help designing an email system that’s not only compliant but creative, useful and reaches your customers where they are, then get in touch with MRS Digital today to find out how we can help.

Look who’s talking…

Estimated Read Time: 5 minutes

See more articles in…


Sharing is caring!

What’s Good, What’s Great and What’s New

  • What Does UK GDPR Mean For Email Marketing in 2022?

    Google’s New Generative AI Search Experience – An SEO’s Perspective

    AI – it’s every marketer’s favourite buzzword of the moment. We’ve had ChatGPT, we’ve had Bard, and it appears everyone now wants a slice of the action. From getting AI to do the ‘dirty’ work – solve problems, write code, streamline tasks, and answer questions – what’s the next step for AI? Perhaps, we’ll make…

    Read more: Google’s New Generative AI Search Experience – An SEO’s Perspective
  • What Does UK GDPR Mean For Email Marketing in 2022?

    13 Tips for Choosing the Best SEO Agency & the Red Flags to Look Out For

    From finding the right service offerings to picking an expert team that reflects your way of working, choosing the best SEO agency for your business is difficult. That’s why we’ve put together 13 tips, including the red flags you need to look out for, when picking the right SEO agency. Read on. Find Your SEO…

    Read more: 13 Tips for Choosing the Best SEO Agency & the Red Flags to Look Out For
  • What Does UK GDPR Mean For Email Marketing in 2022?

    How to Prepare for the Removal of Historic GA3 Data

    Following the deprecation of data within Google’s Universal Analytics (GA3) on 1st July 2023, Google has announced that exactly one year on, on 1st July 2024, all Google Analytics users will lose access to their historic GA3 data. “Starting the week of July 1, 2024: You won’t be able to access any Universal Analytics properties…

    Read more: How to Prepare for the Removal of Historic GA3 Data