WTF Just Happened To Your Inbox? (Looking at you, GDPR)

Michyl Culos
May 25, 2018 · 5 min read

This is the text I got from a friend of mine this morning, since he knows I work in the email space:

He then followed up with this screenshot of his inbox:

Mine looked the same, and I bet yours did too. Yesterday (May 24th) at Mailjet, we processed and sent over 100 million emails in one day for our clients. That’s the most emails we have EVER sent in one day. To put that in perspective, that’s more emails than were sent on Black Friday in 2017. As an email service provider though, we saw this coming. But maybe you and your inbox didn’t. So let’s explain what’s going on:

Email Culprit #1: “Do You Still Want To Hear From Us?”

Under GDPR there are 6 lawful bases to hold the personal information of someone. One of those is Consent and it’s this one that applies to your marketing newsletter list. But it goes further. It’s not just about having received consent in the past (or never at all, looking at you SPAMMERS), it’s about having well documented proof of consent — that the subscriber has expressly opted-in to receive these communications. And it is THIS proof that everyone is after you for right now and the main reason why your inbox is exploding with what’s called “re-permission campaigns.”

The moment that you click a button saying “Yes — I still want to hear from you” this is being recorded on the brand’s side, so that if they are ever challenged on their GDPR compliance, they can show proof of following the law.

Of course, clicking a button within a newsletter is not the only way to record consent. Some companies opt to send you to a preferences page where you can update your email preferences. But, let’s be honest, companies want to desperately hold on to your email address, so they are going to make the process as simple as possible. We’ve also seen some very creative examples:

We did a research report recently with Morar Consulting (full report here) and Email Marketing is the #1 channel that brands use to reach their customers. What’s more, with the new ePrivacy Regulation lurking (no, you’re not done being a legal expert quite yet this year), it’s also the #1 channel that Marketers plan to use more as they avoid the effects of the new cookie law. So you can understand why brands are doing everything they can (even if it’s at the last minute) to keep your email address.

Fast fact: our Mailjet Customer Support team’s #1 incoming question this week was: “Do you have a pre-made re-permission campaign template?” But of course we do, they are included in our GDPR SOS Kit.

Email Culprit #2 Privacy Policy Updates

Everyone’s Privacy Policies are shiny and new. Why? Because under GDPR, two new items need to get added to it:

So what does this have to do with my inbox? When companies update their Privacy Policy, they have an obligation to inform their users about that change. Example:

So, unlike the previous culprit, it’s not an attempt to grab your consent or to keep your email address, but an obligation to inform you of policy changes. The downside of Privacy Policy Update emails? They tend to be boring as hell. Here’s some examples from a few small brands that nobody knows:

Email Culprit #3 Peace Out Europe

OK, I only saw this once. But I did actually have some services cut off because the company wasn’t going to be ready for GDPR in time. Ironically I’m Canadian, so not an EU citizen, but I do reside in Paris.

Strategy or Laziness?

I’d call it: Scramble.

“How I feel inside” -Marketer

Marketers aren’t idiots, they know that it’s not strategic to send re-permission Campaign emails the day before GDPR when your inbox is already exploding. In fact, good re-permission Campaigns are ones that started weeks ago and sent multiple times, segmenting out people who have already opted-in and out.

The reality is simply that GDPR is hard to navigate and, despite all the information out there, a lot of brands probably didn’t realize they needed to do this until they started seeing such emails arrive in their own inbox.

I Forgot To Send A Re-Engagement Campaign. What Now?

Not going to lie, you’re in a tricky situation. GDPR officially came into effect today, meaning that any communication, including re-permission campaigns, with your contacts without properly documented prior consent could put you at risk (for GDPR fines by the Data Protection Authority or legal actions taken by your contacts). So you have a choice:

  1. Don’t send a re-permission campaign and remove everyone from your email list for whom you don’t have proof of consent.
  2. Send a re-permission campaign at your own risk of being flagged for not following GDPR.

Should you opt for #2, think about combining a re-permission campaign within your “Privacy Policy Update” email (assuming you have not yet sent this either). As such an email is one that you need to send, this can be a good option, albeit still at your own risk. But if you’re going to do anything, do it fast. In France, for example, the CNIL says that they will not fine anyone for re-permission campaigns in the first 3 months.

Inbox: The New Place of Tranquility?

The question all of us are asking now is: what will our inboxes look like now? Will we receive less SPAM? Will we no longer be added to lists of companies we’ve never heard of before? Only next week will tell. But, based on some of the questions we are already getting on Live Chat today, I have a feeling that this won’t be the end of your inboxes new relationship with GDPR-related emails.

Michyl Culos

Written by

Canadian marketing gal adopted by Paris. Head of Marketing Comms @mailjet @mjmlio Co-founder @parisianist. Enthusiast of travel, cosmetics, sarcasm.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade