How to Make your Email List GDPR Compliant

How To Make Your Email List GDPR Compliant

Starting on May 25, 2018 the European Union will Implement the new data privacy law, the General Data Protection Regulation (GDPR), the most important change in data privacy regulation in 20 years.

This means that EU-based organizations that holds data from citizens needs to be GDPR compliant. But very importantly, this GDPR also applies to anyone who is currently collecting and storing personal data from citizens of the EU.

So in today’s global world, and specially if you collect data from anyone on internet (i.e. anyone in the world can subscribe to your email list), you must comply with this law as well.

In any case you need to adapt your email list service and it doesn’t have to be complicated if you juts follow these steps:

Steps To Make Your Email List GDPR Compliant

STEP #1: Add a GDPR Consent Section on your Sign Up Forms.

The main aspect of the GDPR is that subscribers must explicitly accept being in your lists as well as the way they want to hear from you. This is the first step to collect consent from new contacts.

So this field must include a text explaining why you are collecting personal data, and the way they want to accept the Marketing Permissions, in other words how they want to hear from you  (It can be email, direct mail, online advertising or any other that you might apply). Add a check box so the subscriber can give their consent about how to be contacted by you. Also a Legal Text explaining all about your treatment of the personal data as well as other practices (like cookie use of that data) and any other treatment,  must be included.

Take a look at my own Sign up form and take it as an example:  Sign Up Form Example

email list GDPR Compliant

STEP #2: Segment your list by marketing permissions

You must create a segment for every and each marketing permission option you have included in the consent section of your form.

This is crucial to avoid reaching your subscribers in case they have not explicitly accepted. You have to make sure you send your campaign only to the people who have given consent.

[click_to_tweet tweet=”How To Make Your Email List GDPR Compliant (In 2 Easy Steps). #GDPR #EmailMarketing #bloggingtips #marketing #smm ” quote=”How To Make Your Email List GDPR Compliant (In 2 Easy Steps).” theme=”style7″]

STEP 3: Collect GDPR Consent from your existing contacts.


Now it is the turn to create a new campaign to specifically inform your existing contacts (those who signed up before the new GDPR was implemented), and also they must accept the GDPR terms giving you their consent to be in your list and being contacted, or the other option they have is unsubscribing from your list.

So this email must have a way your contacts either accept the GDPR rules, or unsubscribe from your list. After May 25, 2108 all the contacts who have not opted to receive any marketing from you, should be unsubscribed from your list.


After May 25 2018,  communicate only with contacts who have expressly opted-in to your marketing permissions. 

Contact you email list service for specific forms, templates and settings you must apply to your subscribers list  to adapt your list to the GDPR.

Don’t forget to update all your automations to send emails only to those contacts under “Email Consent” segment.

Take a look at the complete information and resources of the official GDPR site: GDPR Official Site.

I hope this article can help you clarify some of your dounts about the GDPR compitaltion for your email list.

Please, subscribe to my blog HERE and leave your comments below!!!

Thanks for reading!!

Angie xx

By Angie Perez B

Angie is the founder of AngiePerezB a blog about Digital Marketing and Entrepreneurship. She talks about the best strategies for business and bloggers and brings the latest trends in Social Media and how to make money online. She is a Certified Digital Marketing Strategist, Author & Coach for small businesses, with more than 15 years in the Marketing and Client Acquisition Industry.


  1. Angie,

    I live in the US and am late to the GDPR issue, esp since my list is for a pet project that publishes free fiction, makes no money, and is not a legal entity. I’m realizing that I have a lot of UK subscribers.

    What are my options since I didn’t get opt-ins yet? Should I fire off an opt-in request and hope no one reports me? Am I allowed to individually email users who are clearly UK subscribers?

    1. Hey Austin!
      GDPR is not about making money with your subscribers.

      GDPR is about STORING and HANDLING people’s personal details, as well as the obligation of having EXPRESS CONSENT to have them from the owner of those personal details; and finally they must expressly consent the way they want to be contacted by you.

      For example: a subscriber must give you consent that you have their email and also that you can contact them via email.

      Right now, if you do not have that EXPRESS CONSENT to possess data from your subscribers, you should not have those data (legally, you should DELETE all the data from people that have not given you express consent to have their details).

      All the time, I am referring to details from EU Citizens.

      Since legally speaking, you must not email anyone who hasn’t given you express consent, my solution for you would be this:
      If you have a website where your community normally hang out or visit, create a notification, top bar, or maybe a notice in your sidebar inviting your readers to subscribe or resubscribe again to fill in the GDPR compliant form, so that they can still getting your emails. What do you think?

      Let me know if this helps you, ok?
      Have a great week!!!

  2. Hi there Angie. I have a question for you 🙂 and good post by the way.

    On your example signup form you have tick boxes, but you don’t have to select any to register, so does this mean you won’t send them anything? I know it seems kinda strange someone would try and signup for an email list but not select email.

    Second question, the form below that I’m filling in now has a pre checked email box and no terms on how my data will be used, is this compliant?


    1. Hi Stu!
      Thanks a lot for your comment!
      I have checked, and yes, anyone can subscribe without accepting GDPR, but they won’t receive any emails from me because, according to GDPR, I can only email people who have checked the “email Consent” checkbox in the sign-up form.

      I have contacted my email list service asking them about this matter, and I hope they come up with a response soon.

      With regards to your second questions, you were right, and I immediately have removed that option. Thanks very much for letting me know! There were a lot of things to change with the new GDPR Law, that it seems there is always something there that I forgot to update.

      Thanks you very much and please subscribe to my lists if you want, but of course accept to be contacted via email to be able to send you emails!!!:)

      Have a fantastic weekend!!!
      Angie xx

Leave a comment

Your email address will not be published. Required fields are marked *