4 examples of GDPR re-permissioning Opt-In emails

min read

4 Examples of GDPR Re-Permissioning Opt-In Emails

4 Examples of GDPR Re-Permissioning Opt-In Emails

We’ve recently spent quite a bit of time talking about the importance of corporate compliance with the EU’s General Data Protection Regulation (GDPR), the wide-ranging data governance law. In a previous post, we explained that the rules afford businesses a limited amount of leeway in managing customer data, and the most vaguely defined area under which businesses can freely operate is known as ‘legitimate interest’.

In short, legitimate interest refers to the fact that businesses can send communications to customers that have not been directly solicited by the customer if it is in the customer’s legitimate interest to complete the transaction. Here we encounter another snag: how can a business be sure that a message is safely within the realm of legitimate interest?

Since pre-existing email exchanges are safely covered, many businesses are choosing to ensure GDPR compliance through what are known as GDPR re-permissioning campaigns. These are essentially campaigns in which the customer re-affirms their “freely given, specific, informed and unambiguous” consent to receive emails, to quote the language of the GDPR law itself.

Here are 4 ways that recent campaigns have re-permissioned customers in order to keep their firms GDPR compliant.

1. Empower the customer

We would be remiss if we discussed GDPR email examples without highlighting ASOS’s recent campaign for one main reason: clarity. ASOS’s email is a clean, minimalist and aesthetically pleasing design which nevertheless communicates the most essential information in a way that conveys two important messages.

The first message is that time is of the essence, which is trumpeted by a scrolling text bar at the top of the email that says ‘the law is changing’.

The second message ASOS communicates is even more important. In several ways, ASOS tells the customer that the email is not soliciting information, but offering them greater control. The message announces ‘You’re in control’, then explains the GDPR in brief and tells email recipients what messages they have opted-into already.

The content of this re-permissioning email frames the message as a way to empower the consumer, rather than letting them think of it as another annoyance in their inbox.

2. Make it part of something

Here are several examples of firms including their re-permissioning request within emails that are offering robust content:

The biggest benefit of this approach is that it entices customers with the sort of interesting content that they signed up to see in the first place. However, since many customers give these kinds of emails a cursory scan, this approach is less likely to earn a re-permission than the clear ASOS approach. You’ll notice that each email includes the re-permission opt-in highlighted in a button for extra visibility. This approach is good, but it may require another email.

3. Don’t be afraid to follow up

Naturally, we have had to carry out our own re-permissioning campaign. We chose to open the campaign with a personalized email explaining the nature of the GDPR and why we need our subscribers to opt-in.

However, since not everyone is going to respond to the first appeal, we send out a second and third email. All of them offer a simple choice of yes or no, with the affirmative choice in an eye-catching green and the negative in red.

4. Think outside the inbox

Ultimately, email re-permissioning isn’t your only option. The Manchester United website, for example, allows football fans to opt-in on their website. The site enumerates all the benefits that subscribers can enjoy, including news and exclusive content.

One of the primary reasons for anxiety around a permission passing campaign is the amount of work involved. However, A/B testing an email campaign is relatively simple, and segmenting your customer base can be done along pre-existing lines: what sort of goods and services they’ve purchased from you, how frequent a customer they are, etc.


A lot of companies rue the idea of drastically culling their email list, but unfortunately the GDPR means there’s little alternative. But the positive side of this is that those customers who consent are more interested and engaged with your brand, which should translate to a higher click-through rate. So don’t look at it as removing possible customers, but as improving the quality of your prospects.

The UK Information Commissioner’s Office has provided a good checklist on what precise ‘appropriate measures’ data controllers are expected to take in order to remain GDPR-compliant. If you’re still not 100% sure that you will be GDPR-compliant by the deadline, contact us and we’d be happy to help.