GDPR Marketing

GDPR  – How does it affect marketing?


From 25 May 2018 the General Data Protection Regulations ( GDPR ) comes into force, replacing the Data Protection Directive 95/46/ec and changing the law on how we use data.

At Morph PR and Marketing we know that these rules apply to us and our customers. If you have a website, use Google Analytics, send e-newsletters, direct mail or make sales calls this will apply to YOU.

The new law applies to any data which could be traced back to an individual this now includes their IP address.

‘Explicit consent’ is the buzz surrounding the EU GDPR rules and documenting your organisation’s compliance is crucial to gaining explicit consent is crucial.


Email Marketing

This is a big one for our customers and in fact, we’ve been preparing them for this coming change for years: The new rules state that:


Opt-in needs to be explicit

The people you e-mail must have opted in by ticking a box which shows they accept the terms show for you to use their e-mail address.

  • The tick box on your website cannot be pre-ticked they must tick it themselves.
  • The message on your website with the opt-in tick box must be explicit as to what purpose you can e-mail them for.
  • You need to be able to prove when someone opted in and what they saw when they opted in.
  • You will also need to be able to store their e-mail securely and ensure it is only used for the purposes stated on your opt-in page.

Opting out: it must be easy for people to opt out of receiving e-mails so having an unsubscribe button on all your email marketing is essential. This also applies to printed mail, you must tell people how to opt out easily from receiving mail from you.

You must also keep a Do Not Contact list showing who has opted out and when and make sure that they are unsubscribed from future mailings.

Your website

To comply with GDPR

  • Your website needs a privacy policy to comply with the GDPR.
  • If your website uses cookies you should have a cookie policy linked on every page of your website that collects cookies.
  • Contact forms must have an opt-in tick box on them and state explicitly what you will use data for.
  • Websites that store any personal data must have an SLL certificate, even if it just has a contact form on it as personal details eg name and email address etc must be transmitted securely.


Sales Calls

  • You must check that a number is not on The Telephone Preference Service list before you call it.

Useful links

12 steps to take now


This blog post is in no way intended as legal advice but instead a brief guide to those considering how GDPR will affect their marketing practices.

More detailed information is available from the Information Commissioners website.