Are You GDPR Compliant?

There is a bit of panic right now on the part of businesses that utilize email marketing regarding GDPR (General Data Protection Regulations) changes to require companies to protect the personal data and privacy of consumers that do business in Europe and the UK. As part of the global and more toothy CAN-SPAM regulations, these changes lead the way that we approach emailing leads and prospects, and even customers into a more thoughtful and strategic direction.

First, let me start by stating clearly – this is a good thing for everyone involved.

As hackers get better, these are necessary steps in our current climate to keep everyone’s personal information safe and to allow people to decide which businesses are allowed to contact them.

Why? These are gold-standard email and data management practice changes that Canada has already implemented and is using to crack down on non-compliant companies. In a nutshell, you need to take control of your database if you haven’t already done so.

Who will this effect in the short term? Businesses that are in, or work with or sell email lists in the EU and UK. 

Essentially, companies that have already been following the best data management and email-practices will be fine. If your company tends to buy email lists to further your reach, you should be rethinking this practice anyway and focus on building up your own in-house list of people that care about what you offer.

If you are already keeping an opt-in list (or double-opt-in list, more on what this is later) – you are ahead of the game. Give yourself a pat on the back and check that box off.

Protect all of your spreadsheets within emails, phones, VM, with a system to capture that data (data discovery tools). Need a place to start? The link offers a comparison of 73 data discovery tools that you can select from, depending on your business size and structure.

Reduce your data – up to 70% of your data is likely redundant within your system, so now is the time to clean house and scrub. Did someone share a spreadsheet of contacts with you last year? Store it safely and delete the email attachment. Some of this is going to require changing habits of storing (or not storing in many cases) shared data about other people. 

How should you move forward with security measures? Look at all of your distribution lists, where you collect, where you store, how long you save data, and how you dispose of it safely. Companies will need to keep all customer data secure and be able to prove that they are doing this to prevent database hacks if ever audited or someone files a complaint. Worst case scenario, someone hacks your system and makes off with everyone in your database.

You will need to prove to regulators to show you are working towards compliance, so log all of your changes and updates as you move forward. Get your team together and share with them the importance of making these changes.

Some of the requirements will take longer to implement but need to be done in order to stay compliant.

Does this mean we should all abandon email marketing? Of course not! Email is still one of the best ways of communicating with large and small groups of people. As technology changes, the way we use it also needs to keep up.

For a refresher on additional email marketing best practices, read my Ultimate Cheat Sheet for Beginning Email Marketing.

Amanda MacDonald

Amanda MacDonald

Founder of Full Gallop Communications

Amanda is a marketing veteran that works with businesses on improving brand communication, marketing strategy, and creating content marketing. When not in the office, Amanda can be found at the barn with her horse, walking her two dogs on Lake Ontario or baking something carbtastic in the oven.

Contact her at to inquire about how your marketing efforts can become more successful.

Set Up Your Starting Gate Meeting

The path towards growing your business begins today. Take the first step and schedule a free consultation.

(reserve your spot in 5 mins)