GDPR: 15 (good & bad) examples of repermissioning emails & campaigns

By now, you’ve probably received at least one email from a company asking you to confirm that you really do want to receive marketing emails.

These repermissioning campaigns are an attempt to bring consent up to the standard set by the GDPR, ahead of the regulation’s enforcement on 25th May 2018.

In this article, I’m going to look at 15 examples of repermissioning campaigns from brands both big and small. But first, let’s have a bit of background…

Do you have to refresh your consents?


Lots of companies will be confident that they already comply with the GDPR. Others, such as in the infamous case of Wetherspoons, have simply decided to delete email data, perhaps fearing non-compliance.

However, lots of companies are repermissioning – those that aren’t confident their consent process is up to the new standard, or don’t have the appropriate records (necessary for the GDPR’s burden of accountability) of who consented, when, where and to what.

What constitutes consent?

According to the GDPR, consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”

That phrase ‘clear affirmative action’ is arguably open to interpretation, and there is lots of debate about consent. But the ICO’s guidance is pretty clear – “Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent.”

How to refresh consents?

It’s worth pointing out that repermissioning doesn’t have to be done with a broad brush. You can take different approaches with different customers, for example you may want to segment your database before undertaking phased repermissioning.

A blog post by automation company Ometria advises segmenting customers for repermissioning along the following lines:

  • Opens emails and regularly buys
  • Opens emails and infrequently buys
  • Opens emails and clicks through to browse items
  • Opens emails – no activity
  • Receives email – no activity
  • No activity after 6 months
  • No activity after 12 months
  • No activity after 18 months

In this article we are mainly dealing with consent for email marketing, but publishers and marketers should think about what consents they want to refresh – cookies for example.

The most important things to consider when constructing an email campaign are whether your privacy policy is well written, whether the consent mechanism you choose conforms to the definition of consent in the GDPR, and how to keep a record of these new consents (when, how, what etc.).

Onto the examples!

Guardian – reminding logged in users

Not an email now, but a nice footer featured on Guardian articles viewed by logged-in readers.

There’s not much to say about this, other than the contrasting colours highlight the key message and button to continue. There’s also a link to find out more.

guardian opt-in banner

Read more…



Related posts