Email marketing is dead. Or so many marketers have heard over the years. Yet email actually remains among the most effective marketing methods. Even with inboxes as cluttered as they are, open and click through rates remain high. Indeed, the average open rate is nearly 25%, while click through rates (CTRs ) top 4%. While email marketing is still an effective tool for sales, the General Data Protection Regulation (GDPR) is forcing many digital marketers to adjust their practices.

Email marketers need to be prepared and actively look for new opportunities. The GDPR has been a huge hit to many email lists, often resulting in losses of 80 percent or more. In this article, we’re going to look at how GDPR will impact email marketing. 

As far as email marketing goes, the GDPR introduces one of the most important regulatory frameworks ever. First, the GDPR applies not just to companies based in the European Union but to any business holding an EU citizen’s personal information. Companies face considerable risks with fines reaching as high as €20 million or 4% of global turnover. As such, no one should overlook the regulation.

Second, the GDPR requires active consent for all email marketing. Importantly, implied consent is not good enough. For example, you cannot pre-check an email opt-in form. The user must instead consciously consent to you sending them emails or otherwise using their data. The user can give consent, for example, by simply checking an opt-in box on a form.

Further, it’s vital to understand that the GDPR is retroactive. In other words, emails collected before May 25th, 2018, when the GDPR officially came into force, also require active permission. If you paid for lists or used pre-checked boxes, even beforehand, you will now need to obtain permission from those users to continue sending them emails.

You can do so by sending your contact lists an email asking them to basically rejoin your email list. Again, they must consciously give consent and no forms or boxes can be pre-filled.

When the GDPR was being drafted, one of the biggest headline grabbers was the effect of the “right to be forgotten” rule on social media platforms, like Facebook. This “right to erasure” rule is also very important for email marketing. Basically, when a European opts out of an email marketing campaign (or social media platform), they have the right to reclaim their personal data.

This means you must provide an easy-to-find unsubscribe link. You will also need to delete any data you have regarding the customer, permanently. If you fail to adhere to the right to be forgotten, you could incur hefty fines. The ICO fined one company, Flybe, 70,000 pounds in 2017 under the UK's Data Protection Act 1998 for sending customers emails after they opted out. Under the GDPR, don’t be surprised if fines are even larger.

Many email lists have died since the implementation of GDPR. As many companies built their email lists with pre-checked boxes, they had to reach out to their users to re-opt in. Many users simply didn’t. Indeed, losing 80% or more of lists has been common.

So, while email marketing is far from dead, increasing regulations are a reminder that you need to keep your options open. It’s dangerous to rely too much on any one marketing method. At some point, changing regulations could reduce effectiveness or outright eliminate a particular method.

Fortunately, there are many marketing channels and opportunities that are just as effective in the post-GDPR world. Let’s examine some.

Inbound marketing has emerged as a favorite tactic for marketers. With inbound marketing, you focus on drawing customers to your website or another asset. Instead of pushing messages and marketing material, you get visitors to come to you. In a consent-driven world, inbound marketing is becoming all the more vital because it’s less dependent on using personal data.

SEO has always been important for websites. Now that the GDPR is making it more difficult to reach out to customers directly through email, high search engine rankings will be even more vital. Search engines will generate traffic, and since customers are consciously coming to you, there’s no need for consent for simple visits. However, you do need to inform visitors that you use cookies and how you use them. Visitors must consent to letting you use cookies.

By driving people to your website organically, you can gain their attention. By informing customers, you add value and build a relationship. Even if you don’t get them to sign up for your newsletter, you’ve informed them of your brand and website. Now that there’s a relationship established, you can try to build on it with social media and other methods.

When people visit your landing page or website, you should encourage them to follow you on social media. You can also use targeted, high-quality posts and in-platform ads to reach people via social media. This way, you can build an audience.

When the GDPR was first rolled out, it was a big hit to Facebook, costing the company as many as one million active monthly users. However, Facebook is GDPR compliant. Facebook has also evolved into something far greater than a simple social media platform. The website is now the second largest generator of digital ad revenue in the world, trailing only Google.

Facebook is great for businesses because it allows them to both cultivate audiences and groups of followers, and to display ads. Organizations can set up groups and pages to organically engage with their audience, which is great for building relationships. Relationships, in turn, are useful for marketing because customers are more likely to buy from companies they know and trust.

With ad revenues having surged 40% this year, topping $13 billion, Facebook is also becoming very popular for PPC marketing. All the while, Facebook is GDPR compliant, meaning you won’t have to worry about many of the regulatory headaches associated with email. However, if you use custom audiences and upload email addresses, you will need explicit consent. You also need to be careful not to share any personal data with tools that are not GDPR compliant.

Other social media platforms are also becoming popular and offer a great way to communicate with customers while staying on the right side of the GDPR. For example, Linkedin is a fantastic platform for business-to-business customers. Want to reach a younger crowd? Try the increasingly popular Instagram platform.

Most social media networks now make it easy to advertise right on the platform. Some also offer communication tools, such as direct messaging or article publishing features. While you should check the individual platform you’re looking at, most of them are now GDPR complaint.

Unlike your email list, you’re not expected to be in charge of the consumer’s data. Instead, the social media platform bears the primary responsibility. Of course, you should not share personal information gleaned from social media. 

More and more websites are encouraging their users to allow push notifications. These notifications are sent directly to a user’s desktop or mobile device, usually updating them regarding breaking news or timely offers/updates. So long as customers consciously opt in to push notifications, they are GDPR compliant.

Push notifications can be very effective. One study found that for retention rates for apps are three times higher when push notifications are used. As with other marketing efforts, strategy is vital. Customers want timely content, valuable rewards, and don’t want to be inundated with low quality notifications.

While email marketing remains effective, the GDPR will have a detrimental effect on your efforts. Email lists are shrinking, and new emails will be harder to come by going forward. Some companies are abandoning email altogether. A few websites, such as the Los Angeles Times are even blocking traffic from the EU altogether.

These measures are extreme and unnecessary for most companies. However, while you shouldn’t abandon email, you do need to diversify. Inbound and social media marketing have always been vital channels for reaching customers. Push notifications are also very effective. With the GDPR in effect, they will be even more vital as these methods are more GDPR compliant.