Sophie Jewry: Mailing lists, they are the buzzword of the moment. We know that we use social media and various different things to market to people, but the real power in your marketing strategy is in your mailing list, and the data that you have control of that you can market to.

So, there’s a few things around this, that I just wanted to talk back through with you. One of them is unsubscribes. Obviously we have to have on emails now that you need to be able to unsubscribe, don’t you, but some people do mail mergers from say Outlook, and you get the email through, and you can clearly see that it’s been sent to lots people. So that’s another one, their emails are being included in the email.

Neil Penny: That’s a no no.

Sophie Jewry: And also there’s no link to unsubscribe.

Neil Penny: Yes, well they’re both no no’s, so there always needs to be an unsubscribe link, and nobody should be doing a mail blast where everybody else’s email is on there as well. Really bad, you get that on Gmail and Hotmail quite a lot, less so on Outlook, but it still happens from time to time. Technically that’s a bit of a breach because you could conceivably go in and contact loads of other people in a negative way, and that’s just not allowed.

So, any email marketing, carry on as normal, you don’t need to do anything proactive to get people off your marketing lists, off your email lists.

Sophie Jewry: So this is now moving into current subscribers …

Neil Penny: Yes.

Sophie Jewry: … So they’re already on your list, you’re already marketing to them …

Neil Penny: Carry on.

Sophie Jewry: … Do nothing, you don’t need to do anything?

Neil Penny: Do nothing.

Sophie Jewry: Nothing.

Neil Penny: Nothing. But they still need the right to be able to unsubscribe at any time of course. So you don’t need to do anything now, after the 25th of May, again you need to continue. So you need to confirm that they’ve got consent to receive the email, and they have the right to opt out of receiving that email at any time.

Sophie Jewry: Yeah.

Neil Penny: Cannot leave off the unsubscribe, if you do that and somebody complains because they don’t know how to get themselves off your marketing list, that’s leaving you susceptible to a complaint to the ICO, and an unnecessary and uninvited intrusion by the regulatory authority and you don’t need it, because it takes up a lot of time and detracts from your objective.

Sophie Jewry: So one of the things that a lot of people are doing at the moment, I’ve already had at least two or three through in the last week saying “Hi, you’re on my mailing list, GDPR’s coming in, I just wanted to double check that you were happy to continue receiving marketing from me. If so, just don’t do anything, or click here to do something.”

Neil Penny: No, you don’t need to do that.

Sophie Jewry: I’ve seen some company, including Honda, that did that, and got fined £25,000 for sending it out, because it was unsolicited.

*Note: Honda fine reference: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/03/ico-warns-uk-firms-to-respect-customers-data-wishes-as-it-fines-flybe-and-honda/

Neil Penny: It was unsolicited, right. But you don’t need to do that, if they’re legally on a marketing list and you’ve got consent to market to them, then that’s fine. You don’t need to go and get them to re-opt in, I think that’s the whole idea is that some people are trying to refresh, renew and update marketing lists and have a bit of a clear out.

Sophie Jewry: Or just get proof.

Neil Penny: Yes.

Sophie Jewry: By doing the double opt in, or I think what it is it’s more that they’re trying to get some sort of validation for GDPR that someone has chosen to opt in.

Neil Penny: It’s unnecessary to do that. So if you’ve got the legitimate permission from the data subject in the first place to contact them, you don’t need to do anything else.

Sophie Jewry: They might have bought something from you, it might not be that they’ve ticked, but they’re on the list and they’ve not unsubscribed yet. But even so, with all that, it’s a clean slate up to the 25th of May?

Neil Penny: Correct.

Sophie Jewry: So we don’t need to do anything with our current data, we just carry on as we’re already doing?

Neil Penny: yep, the law is the law, and from the 25th of May it changes. But before then you don’t need to change anything.

Sophie Jewry: So all our current data, anything up to the 25th of May is happy days, do with it as you will.

Neil Penny: Yes.

Sophie Jewry: So for new subscribers… When people are opting in, for example sometimes you might (very often in fact), buy something from a website, and you automatically get added to a newsletter off the back of that.

Neil Penny: Yep.

Sophie Jewry: Is that okay? Is that not okay?

Neil Penny: It’s fine.

Sophie Jewry: Do they need to tick a box?

Neil Penny: If they tick a box, for example, so it’s affirmative action from the data subject. You cannot imply consent. So this was technically called a soft opt in, to have a pre-filled tick box. That’s a no no, can’t do that anymore.

So you can invite them to receive your newsletter, you can invite them to receive offers, promotions, or newsletters from third party companies, that they feel you might be interested in. But to do that, you need to have an affirmative action, which is a tick box.

Sophie Jewry: Or a double opt in.

Neil Penny: Or a double opt in, yes, exactly that. Or if you’re phoning up and doing something through the phone, again, affirmative action is pressing one on the IVR, or whatever it may be.

Sophie Jewry: If you, for example, I’ve got customers buying from me, and then once they buy they get an email a week later, just double checking that everything’s okay. That presumably you would need to have a tick that they’d be okay to be contacted on that …

Neil Penny: If it’s part of the order?

Sophie Jewry: Well it’s a check in rather than a confirmation. It’s not essentially order related.

Neil Penny: I think you’d be okay with that to be honest, I think you’d be okay with that. If it’s so soon after an order’s been placed, and been processed, I think that’s absolutely fine.

Sophie Jewry: Going back to the online shop thing, a lot of people, myself included, you have the shop, the order gets processed, it goes through to your CRM system, which does other wizardry. With that in place, would it work then that once they’d ordered, they would be sent a double opt in email to say “Thanks for buying, if you’d like to receive information, just click here and we’ll add you to the mailing list.”

Neil Penny: Yep, that would be very good.

Sophie Jewry: And that would cover you?

Neil Penny: Yep, that would be good practice.

Sophie Jewry: That’s it really, isn’t it?

Neil Penny: Yes.

Sophie Jewry: So from the 25th of May you have to, with new subscribers, with freebies, with all of that.

If they’ve clicked to download your freebie, do you have to have a double opt in?

Neil Penny: If it’s a freebie, no.

Sophie Jewry: Do you know what I mean?

Neil Penny: Yes, I do.

Sophie Jewry: Like with the mailing list, obviously in Canada I think, you have to have double opt in, don’t you?

Neil Penny: Canada use double opt in for everything.

Sophie Jewry: Some people might go to a third party website, or now you’ve got chat bots as well on Facebook, so you go to a chat bot and you get your PDF sent straight over to you. If you’ve filled in that form, but you’ve not ticked that you want to be added to the mailing list, are you still okay to be added to the mailing list, because if it says above it “By filling in this form you will be added to mailing list.”?

Neil Penny: So I think it’s still considered a valid consent period, so you’re within 28 days of communication anyway. So if you were to follow up 7, 10, 14, 21 days afterwards saying “Inviting you to take part in a mailing, that will be included as part of a mailing list,” I think that would be fine. If you hit them again three months later, and there was no other communication in between, that might be a different matter.

Sophie Jewry: That comes back to doing regular email marketing, doesn’t it?

Neil Penny: Right. It does, yes.

Sophie Jewry: Can you do it so that it just says, with a freebie, “Put your name and your email address and click submit, we’ll send you your freebie.” And you either get it emailed to you, or you get it as a link.

Neil Penny: That’s right.

Sophie Jewry: Now some do double opt in, some don’t.

Neil Penny: Yeah.

Sophie Jewry: Do you have to physically get them to tick the box, to say if I fill in this box and put my name and email address below, I am consenting to be added to your mailing list?

Neil Penny: That’s the preferred method, it needs to be affirmative action. There could be other affirmative actions as well, like PIN code verification. So what happens there, you tick to get your freebie purchase, and then you can send another link again saying “I’ve just got an order from you, to confirm it’s you, enter this PIN.”

Do you see what I mean …

Sophie Jewry: Okay.

Neil Penny: … So that forms as part of the double opt in again there. Or a Captcha on a website, you’ve seen the website?

Sophie Jewry: Re-Captcha? Is that part of an opt in?

Neil Penny: Yeah, sort of. So you can turn that into an opt in, tick the images which have got a road sign on it, or a tree, or whatever, you get the idea. Click on that, and then that shows that it’s not a bot that’s accessing and using your website as a data farm.

Sophie Jewry: So you don’t have to have double opt in, you just have to have consent.

Neil Penny: Yep.

Sophie Jewry: But it’s good practice to do double opt in if you can.

Neil Penny: It’s best practice to do that, yep.

Sophie Jewry: Because it may come in later.

Neil Penny: Correct.

Sophie Jewry: Perfect, I think that’s covered everything to do with emails.

Neil Penny: Good.

This is 1 of a series of videos we have recorded about GDPR. To see more and discover what you need to know as a business and an individual, check out our GDPR YouTube playlist at

A little bit about Neil Penny – He has over 30 years of Systems and Telecoms experience, including 10 years in HM Forces (Army) where he specialised in secure data and radio communications. Moving into the private sector he worked for NatWest as SWIFT Communications Manager, Orange as Product Manager for the first pre-paid service ‘Just Talk’, Norweb (now Vodafone) as Head of Telebusiness (Non-Geographic and Premium Rate Services) and COLT Telecom as Head of Intelligent Network Services for UK, Ireland, Northern Europe and Scandinavia. In 2003 he joined Opera Telecom taking on the role of Director of Commercial Operations before founding Enarpee Services in 2006.

You can find out more about Enarpee and their services at www.enarpee.com – if you quote Ladies That Plan you can take advantage of a special package that Neil has put together specifically to help small business owners with GDPR compliance.

%d bloggers like this: