Back to insights
Avatar for Richards

Richard Jaggs

MD | Resolution Design

  • March 29, 2018
  • 7 minute read

Even if you’ve been careful to ensure that all your communications are permission-based, chances are you will need to obtain fresh consent from all your contacts before the May 25th deadline.

Of course, obtaining fresh consent means asking people to take action to opt-in in some way, making it likely that you will see a dramatic reduction in the size of your list. So we thought it might be useful to share how we have approached tackling this tricky problem.

The first thing to say is that we see this as a positive process. We want an engaged, happy, and healthy list that supports our email marketing initiatives. This will mean a fall in numbers, but asking contacts if they want to continue receiving our email communications from time to time is good practice. So what are we doing to bring our consent levels up to GDPR standards?

Do our current consent levels measure up?

Our main list was split into a variety of groups; clients, prospects, partners, etc. to enable us to send targeted communications. All of the contacts are known business contacts, having been in contact with us in the past, including some who have signed up for emails specifically. We also had a number of error contacts (email no longer in use mainly) and also some opt-outs.

GDPR requires, amongst other things, that consent must be:
> freely given
> specific (for the type of communication you wish to send)
> informed
> positive (no soft opt-ins or pre-ticked boxes)
> recorded to allow proof of consent
For more information please see the ICO website for guidance.

We concluded that our best option was to start again from scratch…

New sign-up process

We wanted to ensure that any new signups are GDPR compliant. Our approach to this was to update our standard email signup process to be double opt-in. This makes sign-up a 2-stage process; stage 1 – fill out the clear, unambiguous form and submit, stage 2 – receive an email that requires active confirmation of the subscription, and also gives the option to change the details and opt-out if the subscriber wishes. This double opt-in is not a requirement for GDPR, but we felt it was the best approach for us.

Obtaining fresh consent

We decided to have the simple goal to create a single GDPR consent-compliant group. Our initial steps to achieve this have been:
> create a new GDPR-compliant group in our email platform
> delete all other non-essential groups
> delete all error contacts
> keep all opt-outs to allow ongoing suppression
> send out an ‘opt-in’ email to all existing active contacts
> move all contacts who ‘opt-in’ on this email to the GDPR-compliant group
> ensure all new signups go into the GDPR-compliant group

Clearly, it’s important to take some time over the ‘opt-in’ email. We decided a ‘salesy’ approach was not for us and opted for friendly, straightforward language and styling.

As of writing this post, 24 hours after sending the ‘opt-in’ email, just over 10% of our entire contact list have opted in. We’re planning to send out a newsletter to all our contacts before the May 25th deadline, this will include a reminder to opt-in to our emails. After that, we will complete the final stage of the GDPR consent clean up; to remove all active contacts who have not opted in. We’re expecting the final number of opt-ins to be roughly 20%… all fully engaged and wanting to hear from us.

And the next steps? Get building that list back up with more folks who want to hear from us!

GDPR is a complex area and will impact many areas of your business. This blog is designed to help you with your GDPR process, but it is not designed to be taken as specific recommendations or advice. It is your responsibility to ensure your business is GDPR compliant, for more information on GDPR please see the Information Commissioners Website:

Let’s get the

ball rolling…