Stop the GDPR emails and yet still they come?

Please make it stop, seems like almost every business we have ever done business, enquired about a service or downloaded from (and many we have never been in touch with ever) wants to ‘stay in touch’ in the weeks before GDPR ‘D’ Day. This sometimes is a convoluted process of logging into a dashboard and ticking lots of boxes or, as is with the sensible ones, a link to a new privacy policy.

It’s so tedious even those newsletters we like have had a once over and many unsubscribed from, why? Life it just too short for re consent, re papering or doing stuff that is rarely needed under the GDPR banner. No matter how dramatic your email header line is. So what do you do if they still keep coming even after you press unsubscribe? Simple – bring it to the attention of the business that its a breach under PECR and that if they don’t deal with your request you will report them to the ICO. Keep a record of the email, the dates and timeline and allow them a little time to resolve but if they don’t the only way forward is to report them.

What’s the alternative for Businesses?

There are 6 bases under GDPR to consider for processing data and consent is just one. Consent is the culprit, the dark villain, who ‘forces’ daft ‘stay in touch’ emails. Is there a simple option? Yes, look for another basis to process data. Legitimate interest is a good choice (do the tests first before you agree) for many marketing emails which have been going out for years to a happy contented list.

Give Your Clients and Customers Choice

Opt out options and no surprises so people know what to expect and stay on your list should be the aim here. Do some work, look at your list, look at the response rates and the no opens, do you really want to keep them and send them yet another email they could not care less about?

Set them Free

Let them go and if you cannot live without them use social or another none data dependent means for staying in touch. if they were ever yours you could turn them back to face you with superb content and this time they will consent to being on your list and you can get their consent at the right standard. Believe us when we say you are not going to get them by shaking your new privacy policy at them along with all the other 100s of emails they are being sent about the same thing.

Privacy and Electronic Communications Regulations (PECR)

PECR relies heavily on consent for use of personal data and in this it conflicts with GDPR which allows various lawful bases on which to process data. PECR allows use of bought in marketing lists but places the onus on you – the business owner, to check before use for registration (if phoning from a list) with TPS (telephone preference service) and before using for email send outs that the proper consent has been obtained and is provable. The use of bought in lists and proving consent to GDPR standards is a very large hurdle which we view as insurmountable. Who in their right mind is going to give their data to be sold over and over for unsolicited mail and how will the list broker provide granular consent and opt out once the data is in your hands?

PECR and Soft Opt in is not an Easy Option

PECR also allows a ‘soft opt in’ ie if a customer has purchased from you recently (can also include quote and negotiations prior to purchase but it has to be clearly in anticipation of a sale, a browser on your site is not enough – John Lewis case in 2014 showed this) – note here the use of the term ‘recent’ then, providing they have not opted out of marketing emails you can assume they are happy to receive marketing emails from you. under PECR. Do not confuse recent with what you would like to use the data for – recent is likely to be maximum 6-12 months. Note the regs say this  is a recent customer/prospect who has not opted out of marketing communications and does not apply to cold email prospects.  Under GDPR you would be considering here legitimate interest- the law sits side by side so you have to consider both requirements and its a head ache. There is no ‘soft opt in’ under GDPR. as soft opt-in is not explicit consent under GDPR, it is not an acceptable practice. Note also here that this is about a soft opt in for marketing that which the customer has bought or expressed interest in and moved on towards anticipation of a sale to, not a market them all and hope some sticks approach. There are some further caveats here on using soft opt in so view

Sole Traders and Small Partnerships and Identifiable Individuals – Take Care

PECR does not allow emails to be sent to individuals in business (sole traders, some partnerships and those identifiable as individuals) in the same way as GDPR does not allow it. If you rely on consent here it must be GDPR compliant now. You can use soft opt in subject to the proviso they are a recent customer.  You are OK to email a corporate body (admin/support/accounts/ both under GDPR and PECR. It’s not a great practice though, your interest levels on these, even those which get opened, will be minimum and, for most of us a vanilla prefix, means look at another form of marketing and don’t waste your time and money on sending emails that won’t get looked at, be so low in terms of conversions that you are better spending your time elsewhere.


Its a tricky one if this is your only option. Either repaper (get consent by re-permission) and make sure that email for re-permission is only about permission and not a marketing email, not sent to those who have opted out and if going for this – be clear you are going for consent under GDPR, that means if they do not provide permission you have to stop marketing. So, what do you do instead?

You can create advertising campaigns which target people who have liked your FB page by area – if your customers have liked your FB page then you can send them ads, you can also target via messenger ads – anyone being targeted in this way have the option then via Facebook to suppress your ads. Similarly link up with customers (B2B) via LinkedIn to stay in touch. Mailing also works, check with the mailing preference service and then market old school. No doubt about it that if you want to be compliant, marketing needs to change, in that way GDPR is a game changer. Try not to do all these changes with a heavy heart, its not about loss here, its about respect and finding ways to market your business which stays both within the law and generates business. Get creative and inspect your campaigns to see how they can be improved.

Still got questions? Get in touch with us for specific advice and help (Initial call is FREE and its with no obligation. Email Phone 01244 300413 or use the form below. 

Your data will be cared for as per our privacy notice – just press on the link

My Help Desk Advice Services

Share this: