GDPR’s First Win: The Death of email Marketing

Since roughly one week before GDPR went into effect on May 25th, inboxes around the world over have been flooded with emails about updated privacy policies and new permissions. You and everyone I know, have been deleting these without opening or reading the content. The early stats say that 4 of 5 Americans are completely ignoring them.

Which oddly is not out of line with the overall open rate for unsolicited emails. Email companies like MailChimp claim that only 20 percent of all marketing emails get opened anyway, but this new 1 of 5 number suggests that only 20% of the 20% that normally open unsolicited emails are opening them which translates to a mere 5%.

Under the new GDPR rules, companies are still free to send emails to customers who have purchased a product from them in the past, but they can’t continue to solicit the attention of non-customers without first asking for permission. Emails acquired through those annoying little pop-up messages for mailing lists, promises of special offers, or those that have been purchased from another marketer … all have to stop unless the recipient opts in to continue receiving them.

While most of the emails sent in the last 4 weeks are from businesses “informing their users of privacy policy updates meant to comply with GDPR”, a large percentage are from businesses asking for permission to “continue” sending their email marketing messages. If no one opts in, the business can never contact them again without facing the threat of the EU fines of up to four percent of the company’s annual revenue.

The result is clear. Since almost no one is opting in, email marketers have just lost a whole sales channel.

According to a CNBC report, one email marketing company’s entire client base have already (in just 4 short weeks) lost 80% of their audience. And by the way, if 80% of your audience has never bought anything from you, you might want to re-examine your business model.

Many companies are uncertain about the implications of the new rules and have asked entire client and contact databases to reconfirm their (already given) consent, as part of their review over the past months of the personal data they hold on customers, employees or general internet users. The way the rules apply are that if in the past you as a data subject, have given your consent to receive marketing emails of a company, then that consent remains valid. Companies don’t need consent to send marketing emails to existing customers, but the activity underscores how few companies actually have any notion about either how the rules apply or what data they store or process.

Businesses also do not require consent to send non-marketing material to people with whom they have not yet conducted business, with and the only exceptions are where organizations that hold email addresses sourced from people whom were never asked if they wanted to be included on the email lists to begin with, use those lists for any sort of outreach. Sending emails to those people would constitute a violation and could result in fines and enforcement action.

Because that activity would have already been in breach of existing EU e-Privacy laws regardless of GDPR, any company that did send out emails asking for renewed consent might find themselves in a violation under the new law. In most cases, the email request was unnecessary at best and a poor business decision at worst. Many of the companies that unnecessarily sent out the emails asking for consent are going to lose a sizable portion of their mailing list for prospects that might not have taken that action without the prod to begin with.

So, in the vast majority of cases, those emails cluttering up in boxes are unnecessary, unless of course the company is using them as a fig leaf to paper over cracks in previous failures to comply, something some folks might start to notice.

Knee-jerk, GDPR compliance attempts that choose the apparently less costly scorched-earth approach may find that the hastily discarded bath water contains valuable content after all.