6 Email Permission FAQs to Consider Ahead of GDPR

As an Inbound Agency that helps our clients manage customer data for Marketing and Sales messaging, we inevitably advise our clients on email best practices and permissions. In recent years, Canada passed a law around marketing permission known as CASL, and in May, the EU regulations known as GDPR will go into effect.

With GDPR looming, now more than ever, it’s important to collect and comply with data permission standards. The good news is the rules of permission evangelized by email marketing professionals still apply. The bad news is breaking them can have stiff penalties. Honestly, even without CASL or GDPR, or CAN-SPAM, the downside of lax permission standards is a decrease in inbox placement and deliverability. If you send emails to a group of people that do not expect nor want to receive them, they will delete, not open, not click, or even worse, hit the “this is spam” button. This results in spam folder or blocked emails for all of your subscribers.

To give a few practical examples of GDPR’s potential influence, we’ve collected a list of questions we have received over the years regarding email collection and permission to send.

1. CASL and GDPR don’t apply to us because we’re US based.

Canada’s CASL laws as and the EU’s GDPR both come with strict penalties, making the risk of sending unsolicited emails – sales, marketing or otherwise – too risky and cost prohibitive. While we can take precautions to eliminate foreign-based contacts from our databases, there is no way to 100% guarantee that contacts can’t claim protection under CASL or GDPR due to physical or residency rules. For example, an EU citizen could fill out a form on your website while visiting the US. If you are using IP based rules to filter against traffic sourced in EU, that citizen, who is protected by GDPR, will still receive your emails.

2. But we’re a B2B company, so we can send emails to other businesses.

In my 15 years of email marketing experience, I’ve always found it interesting that B2B marketers don’t think the rules of best practices and permission apply to them. B2C companies would NEVER think to send marketing emails to subscribers who didn’t sign up for their marketing list, or at the very least have bought their product in the past. Yet, B2B marketers, who are no strangers to emails like this , think their sales emails don’t have to comply by the rules of permission.

3. I received a business card from someone at a conference. That means I can add them into my newsletter list, right?

No, it does not. The only way to get permission to send marketing emails is by asking for it. If someone gives you a business card at a conference, the expectation is that you will follow up with him or her directly. You can send a personal direct email as a follow up and ask for permission to send them future marketing emails (Tip: Feel free to add a value prop here as to why the contact would want that email. Exclusivity and quality content are great for building your list base ). Do note, while in the US we only have to comply with CAN-SPAM, which requires compliance to opt-out, CASL and GDPR require an explicit opt-in, meaning if they don’t reply with the affirmative, you cannot send them unsolicited emails.

4. My product/service is totally relevant to this person whose contact information I have, but they did not give explicit permission to receive marketing emails from me. They will be happy to get my email right?

They might be. But if you send 100 emails, chances are 90-99 of those people will not be. You may think your product or service is the best thing since Slack, but for those who don’t agree, the risk is too great and can compromise your email program for all recipients.

5. We have a business relationship with this company, so we don’t need permission to send marketing or sales emails.

This is not telemarketing. There’s no such thing as implied permission when it comes to email. Did they check a box that is labeled, “send me email?” No? Then they did not give you permission to email them.

6. We received a list from our sister company, so we have permission to send.

Not really, but it depends. Did the contacts explicitly give permission to each brand? In the eye of the consumer, they may not know that brand A is related to brand B, and they may not want to receive emails from both. If this is the case, you should receive explicit permission to send emails on behalf of both brands.

Do you have more questions regarding your own practices or permission? Submit in the comments.