Make these changes to your email marketing by Friday, May 25 to avoid facing over 20 million dollars in fines from the EU

Leveraging the power of email marketing in your small business can create connection points with business leads, generate more income, and help you grow your business. 

However, did you know that there are new regulations passed by the European Union that will affect the way you do business when it comes to email marketing?

With the compliance deadline of May 25 approaching, we've put together the cliff notes version of what you need to know about the GDPR regulations. 

What is the GDPR? 

GDPR stands for “The General Data Protection Regulation” which is a privacy law designed to protect European Union residents. Despite the fact that it's an EU law,  all small businesses that leverage email marketing need to pay attention. 

These new regulations apply to the processing of personal data including name, email address, physical address and IP address. In short, anytime you receive data or could receive data from someone located in the EU, you must comply with these regulations.

How do the GDPR regulations affect U.S. based businesses? 

The GDPR regs affects any business that offers products or services online where someone located in the EU could access and subscribe. This will include newsletters, lead magnets or free resources in exchange for email addresses

The practical lowdown for your business

For those subscribers in the EU, you can no longer assume that if they give you an email address in exchange for a coupon or free download, that they are subscribed to your marketing email list. You must obtain a second confirmation explaining what they will receive from you as part of your marketing email list and confirm they want to opt-in. 

What should you do if you use email marketing? 

First, find out if you have any subscribers from outside the U.S. Then, segment your list. Most email marketing providers will have a segmenting option.

For Mail Chimp, you can follow these directions to segment:

  • Click on your list
  • Click create segment
  • Edit drop down criteria and change to "location"
  • Add further filters with "not in country" and "USA"
  • Preview segment

This will tell you which subscribers are using an IP address outside of the U.S.

Legal experts are recommending that you segment into U.S. and non-U.S. subscribers. Anyone unknown or outside the U.S. should be considered EU until you know otherwise. If you have no EU subscribers, you will not need to comply.  Otherwise, you will need to comply with the regulations.

Next steps for GDPR compliance

There are three areas that will help you become compliant. 

1) Update your current email list

You must retain documentation that your current subscribers outside of the U.S. have confirmed they wish to receive marketing emails from you.  The simplest way to do this: 

  • Create an email campaign to your non-US segment
  • Communicate the benefits of being subscribed to your marketing list/newsletter
  • Direct them to an online form that give them checkbox to complete to receive marketing emails (mailchimp has added GDPR settings to their forms which you can use for this purpose). 
  • If they do not confirm by May 25th, you must delete them or be in non-compliance.  

2) Change the flow for your future subscribers

You must also make changes for your future subscribers. 

Subscribe to My newsletter Opt-In


If you have a direct subscribe to my newsletter form asking for emails, you are already in compliance with the GDPR. You can leave your opt-in form as is. 

Download my free resource or coupon Opt-In


If you are asking for an email in exchange for a free download, coupon code, or contest entry, you will need to ask for a secondary confirmation that subscribers also want to receive marketing emails for those outside of the U.S. This can be accomplished with an automated welcome email to your non-U.S. segment and a link directing them to a confirmation form explaining what they'll receive. 

3) Add a privacy policy

In addition to your opt-in forms, there are a couple of items you will need to change on your website. 

For starters, you will need to add a privacy policy with a link in your footer. Your privacy policy must include the following:

  • The relevant contact information
  • What information you collect and the basis for collecting it
  • What you do with the data (including who else gets access)
  • The visitors rights under the GDPR

In addition, you will need to add a link to your privacy policy page on each newsletter or opt-in form. 

Getting started

If it feels overwhelming, it is!  One Wheel Marketing is here to help you ensure compliance going forward.