10 common questions around the GDPR answered

UPDATED: 06/03/2018

By now most of us in the B2B marketing world have heard of the GDPR. Yet, many of us still don’t know exactly what the GDPR means. So we wanted to just recap on some of the most common questions we’ve been asked and have the answers you need.  


Since we penned the content below, there has been a signification update to the E-Privacy Regulation and PECR, that you will want to pay attention to if your are a B2B Marketer.

If you are looking to process (sending marketing communications) using ‘consent’ then the below applies. HOWEVER, with the update/amendment to the E-Privacy Regulation/PECR in December 2017, you can now use ‘legitimate interest’ as the reason for processing (sending marketing communications) your B2B data.

Find out more in our latest blog post: https://www.communigator.co.uk/blog/legitimate-interest-saving-grace-gdpr/ and also download a copy of our latest resource which clarifies this stance: The Fog Clears on GDPR.


The below was published Nov 2016  

1 – What is double opt-in and why do I have to do it?

Double opt-in is essentially a process that proves the person you are emailing has agreed to your communications. For example, a data subject fills out their details on a web page and then the company emails that person to confirm the details are theirs and are accurate.

You have to have this double opt-in process because the GDPR states that you must have a proven record that the data subject you contact has given you permission to contact them via their details. If you only relied on a single opt-in process, anyone could type in anyone else’s email address. Hence why a double opt-in is essential.

2 – Can I still market to my customers?

For now, of course. However, once the GDPR comes into effect, we are taking the stance that your customers also have to double opt-in to your communications. This is because the GDPR currently states that all EU data subjects must give consent to your marketing communications.

However, you will still be allowed to send service, maintenance and transactional emails. In the January 2017 update of the GDPR, we may be given more clarity on this. We say, better to be safe than sorry and get your customers to opt-in anyway.

3 – How do I prove that someone has opted-in?

Here at CommuniGator, we use a Confirmation Opt-In Service. This process means that after someone has filled out a form, they are sent an email asking them to complete the opt-in process. Using a reCAPTCHA form, we can capture the details of their opt-in statement. This way we can see:

  • The date
  • Time
  • IP address
  • Source
  • Consent statement

At the time the data subject opts-in. This way we have a provable account of what each contact has given consent to saved in our system.

4 – How do we get people to opt-in?

There are different opt-in approaches for different audiences. For example, for new website visitors, you might choose to use a pop-up form on your website. For your engaged data, you might ask them to opt-in before they download an asset on your website. For your customers, you might simply send them an email series asking them to opt-in. Always aim to improve email deliverability.

However, to see the highest opt-in rates, offer valuable content in exchange for their opt-in consent. For example, offer an asset for new prospects or the latest offers and upgrades for customers.

5 – What opt-in rates are we likely to see from the double opt-in process?

From a pop-up form fill that offers valuable content, we’ve already seen a 66% opt-in rate. For events, we’ve seen a 70% opt-in rate, 25% for event no-shows, 54% for form fills and 57% for follow up email campaigns following a form fill. Keeping emails short and sweet, friendly, useful and non-salesy will help you improve your opt-in rates even further.

Of that opted-in data, we’ve seen a 15% click-through rate vs. the industry average standard of sub 1% from opt-out databases.

6 – Can we email cold purchased data lists?

For now, yes. However, once the GDPR comes into force on May 25th 2018, you may not be able to. Data providers are currently researching telephone verified opted-in lists. The likelihood is that these lists will come at a higher cost post-GDPR. We’d recommend buying top-target lists now and opting-in as much data as you can until May 2018.

7 – Can you still email people who give you their business cards at an exhibition?

Unless you can prove and show a consent statement at the time & date of the exhibition, simply accepting a business card will not be enough to be considered “provable consent”. Let’s face it, you don’t give someone a business card at an exhibition to be marketed to.

Instead, set up a form fill on an iPad or iPhone at your exhibition and use this as a way to capture opt-in data from events. This is a good way to make sure you’re making the most of your exhibitions.

8 – Do we have to have consent to email generic email addresses (info@ etc?)

Technically speaking, the GDPR only applies to personal data. Therefore if the email address you hold isn’t related to a person you can process it. However, if it is a personally identifiable email address ie. Jane.smith@xyzlimited.co.uk then you need consent.

9 – Will we still be affected once the UK leave the EU?

If the GDPR is released as it currently is then yes, we will still be affected. The GDPR applies to all EU citizen’s data, so even if you send emails from outside the EU, it affects you if your emails are going to an EU citizen.

10 – What do we do after the GDPR comes into effect?

Once the GPDR is in effect from the 25th May 2018, you are going to have to make sure you are only marketing to those who have opted-in to your communications! Otherwise, you risk the €20 million or 4% of your companies global annual turnover as a fine.

To make sure new prospects are still opting-in to your communications after May 2018, use inbound channels such as social media and PPC to send leads to form fill areas. Having good, valuable content that people will want to download is essential to getting more people to opt-in to your marketing. Email marketing, in turn, will become a lead nurture tool rather than a lead generation tool once the GDPR is in place.

Find out more about how the EU GDPR changes will affect your marketing data.







Share this story and choose your platform

Want to know more about our software?

SpotlerUK is more than just software. You get unrivalled support and service and we help you implement a playbook for marketing automation and lead generation success. Schedule a demo without obligation and we'll happily discuss and show you how you can utilise marketing automation for your organisation.

Read our privacy and cookie policy to see how we will process the data you provide.