How (not) to get your email list ready for GDPR

The General Data Protection Regulation (GDPR) comes into force in the European Union on 25 May 2018. The countdown clock on this website can tell you, to the second, exactly how long you’ve got to get your marketing database ready.

Judging from my inbox, some marketing teams have just spotted this deadline. For example, Source recruitment wrote to me last week.

We are doing all the prep work to ensure we comply with the upcoming GDPR legislation as we take data protection extremely seriously...Whether you are still actively looking or just window shopping and wanting to be kept abreast of opportunities, to continue to keep your details on our database, we need your permission to do so.

I’m guessing they’re paying attention to step 7 in the ICO's GDPR checklist (since removed from their site).

You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.

Source did a decent job here, offering a couple of simple options: either stay on their list (and update my details) or ask to be removed. They were super-clear on what they were asking for permission to do, and for a bonus point, they set a time limit on how long I’d stay on, if I stayed. The only thing that would have been nicer is to say what would happen if I chose not to reply. I assume they will delete non-responders, but they don’t say so.

So that’s an excellent way to do it.

The very same day I got the Source email, I got an email from Brora.

A list cleaning email from Brora

Not sure why I got this, as I’m pretty sure I unsubscribed from Brora's emails a long time ago. So let’s have another go at unsubscribing…

If you have an online account, please log in and update these preferences.

I have no idea if I have an online account. I last bought a sweater from Brora 5 or 6 years ago. I really can’t be bothered to go look on their website to check. (They haven’t provided a link to the account area, making this a less attractive choice. Sneaky.)

Alternatively, just click here to confirm your subscriptions in one easy step…

So I click.


Wait, what? I wanted to UNSUBSCRIBE. I didn’t realise ‘confirming my subscriptions’ meant resubscribing. I was expecting one of those pages you get where you can opt in or out, not an auto opt in.

This click-to-confirm was the only visible link in the whole email. There wasn’t even an unsubscribe link at the bottom. So I’m guessing this was the thing Brora wanted me to click.

I feel tricked. I certainly don’t feel like I gave informed consent.

This is precisely the kind of nonsense that GDPR is supposed to tackle. Whether it’s down to stupidity, or malice aforethought, Brora has ended up making things worse.

To add insult to injury, after I lingered on the confirmation page for maybe 30 seconds I got a massive newsletter popup. Hello! I JUST SIGNED UP! I didn’t mean to, admittedly, but I did.

Hilariously, after a couple more minutes, ANOTHER popup appeared “If you did not make a purchase today, what was it that stopped you?” Well, guys, that would be because I only visited your site because I was trying and failing to unsubscribe from your emails.

Too many popups from Brora

So hey Brora, if you take my privacy seriously as you say you do, then maybe send emails with an easy way to opt out, not an automatic opt-in. This is not getting informed consent. This is venturing dangerously close to dark pattern territory.

And why would you even want to do that? You just end up with a load of people on your list who don’t want to be there.

Source has a much smarter idea. Use your GDPR clean up to sort out your list and get rid of all the people who don’t want to be there. You have less data to manage, we get fewer emails. Much better for everyone.

None of the links in the post above are affiliate links.