{"id":4404,"date":"2018-01-18T16:50:47","date_gmt":"2018-01-18T15:50:47","guid":{"rendered":"https:\/\/woodpecker.co\/blog\/?p=4404"},"modified":"2025-01-21T10:26:15","modified_gmt":"2025-01-21T09:26:15","slug":"general-data-protection-regulation","status":"publish","type":"post","link":"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/","title":{"rendered":"GDPR \u2013 General Data Protection Regulation Practical Guide for Email Senders"},"content":{"rendered":"<p>GDPR <b>\u2013\u00a0<\/b>General Data Protection Regulation\u00a0will be brought into effect on<span style=\"font-weight: 400;\">\u00a0May 25, 2018.<\/span> It&#8217;s still a few months ahead, but it&#8217;s good to learn right now how the regulation will affect you and your business. Especially if you send any kind of business emails. You could have already read\u00a0some\u00a0articles summarizing GDPR, but if you still don&#8217;t know how it will actually affect you in practice and what to do to be GDPR compliant, check out this post.<\/p>\n<p><strong>Disclaimer:<\/strong> You should treat this post as a guide that will help you understand the principles of GDPR. Please do not treat it as legal advice. If you&#8217;re looking for legal advice, contact a lawyer after reading this post and ask them for advice and answers to specific questions about your case.<\/p>\n<p>&nbsp;<\/p>\n<h2 id=\"basics\">Some GDPR basics to learn for starters<\/h2>\n<h4><a class=\"gdpr-popupclick\" href=\"https:\/\/woodpecker.co\/bonuses\/gdpr-checklist\/\" target=\"_blank\" rel=\"noopener\">Download\u00a0GDPR Compliance Checklist &gt;&gt;<\/a><\/h4>\n<h3 id=\"what\">What is GDPR?<\/h3>\n<p>It&#8217;s a legal regulation issued by the EU. More specifically by The Council of the European Union and The European Parliament. It&#8217;s main purpose is <strong>a better protection of personal data<\/strong>.<\/p>\n<p>So it&#8217;s not about emails, or about SPAM. It&#8217;s about personal data protection. But\u00a0since sending emails would not be possible without processing personal data (email addresses), it will naturally affect business email senders.<\/p>\n<h3 id=\"who\">Who does it apply to?<\/h3>\n<p>The Council of the European Union designed\u00a0GDPR to protect the personal data of natural persons who are European Union citizens.<\/p>\n<p>It means that it will be binding for you:<\/p>\n<p>as a person (to protect you):<\/p>\n<ul>\n<li>if you are a European Union citizen,<\/li>\n<\/ul>\n<p>as a business:<\/p>\n<ul>\n<li>if your customers are European Union Citizens, or<\/li>\n<li>if your email subscribers are EU Citizens, or<\/li>\n<li>if your potential cold email recipients are\u00a0EU Citizens, or<\/li>\n<li>if, in any part of your business, you deal with any kind of personal data of EU citizens.<\/li>\n<\/ul>\n<h3 id=\"personal-data\">What does GDPR mean by the term <em>personal data<\/em>?<\/h3>\n<p>A piece of personal data that allows one to identify a specific person. That&#8217;s the shortest and most practical definition. Is email address a piece of personal data, then?<\/p>\n<p>According to this definition:<\/p>\n<p><strong>info@company.com<\/strong>\u00a0<b>\u2013<\/b> <em>is not<\/em> a piece of personal data, as it isn&#8217;t assigned to a specific person at a company.\u00a0It doesn&#8217;t imply who the owner of the address is. It points to a company, not a person.<\/p>\n<p><strong>john@company.com<\/strong>\u00a0<b>\u2013<\/b> <em>is<\/em> a piece of personal data, as it is assigned to a specific person at a company. It does imply who the owner of the address is, or at least it gives you enough information to identify a specific person at a company.<\/p>\n<p><strong>john.smith@gmail.com<\/strong>\u00a0<b>\u2013<\/b> <em>is<\/em>\u00a0a piece of personal data, as it is assigned to a specific person.<\/p>\n<p>Whether you work within a B2B or a B2C domain, you probably administer or process some kind of personal data. It&#8217;s most probably the data of your clients, your prospects, your users, your email list subscribers, or your employees.<\/p>\n<p>Remember that GDPR is not about regulating email sending. It&#8217;s about regulating the ways in which you administer and process personal data of EU citizens in general. Email address is just an example here. In various contexts data like telephone numbers, addresses, identification numbers etc. may be treated as personal data as well.<\/p>\n<h3 id=\"new\">Is GDPR a completely new regulation?<\/h3>\n<p>No, it&#8217;s not. It&#8217;s a reform that is supposed to clarify, specify, and enhance the EU laws considering personal data protection. Most of GDPR principles were already expressed in some previous legal regulations. Only some of the principles are new. All principles mentioned in GDPR are described, with some practical examples, in the further sections of this post.<\/p>\n<h3>Why is it important?<\/h3>\n<p><span style=\"font-weight: 400;\">According to Eurobarometer, 75% of surveyed EU citizens declared that they want to exercise their so-called &#8216;right to be forgotten&#8217; (more details below). 90% of the survey respondents believe that it\u2019s necessary to standardize the rights concerning personal data protection (<a href=\"https:\/\/europa.eu\/rapid\/press-release_IP-11-742_en.htm?locale=en)\">source<\/a>). <\/span><\/p>\n<p><span style=\"font-weight: 400;\">In short, data protection really matters to people of the EU. Especially in the light of the technological revolution which led to exchanging tremendous amounts of data online.<\/span><\/p>\n<p>Because there&#8217;s such a vividly expressed need to tidy up the law and clearly state what&#8217;s\u00a0OK and what isn&#8217;t when it comes to processing personal data,\u00a0The Council of the European Union took the matter very seriously. In GDPR they&#8217;ve reformed the control organs, and now the organs will have real power (and commission-driven motivation $$$) to put serious <a href=\"https:\/\/ec.europa.eu\/justice\/newsroom\/data-protection\/infographic\/2017\/index_en.htm\" target=\"_blank\" rel=\"noopener noreferrer\">fines<\/a> on companies who obstinately ignore the GDPR principles.<\/p>\n<p>All in all, personal data has a great value. If you risk the security of the personal data you process, or if you ignore the rights of the data owners, you may pay for your irresponsibility. Literally.<\/p>\n<p>No worries, though. If you respect your clients&#8217;\/prospects&#8217;\/subscribers&#8217; personal data and their wishes\u00a0regarding processing the data, everything will be fine. Play fair, stick to the rules and you&#8217;ll be safe from unnecessary trouble.<\/p>\n<h3 id=\"know\">How do we know all that is written in this post?<\/h3>\n<p>Oh, one important thing for you to know: I wouldn&#8217;t write this post if it was only my &#8220;I think so-and-so about GDPR.&#8221;<\/p>\n<p>All the information you read here has been prepared for me by our\u00a0Head of Customer Support\u00a0<span style=\"font-weight: 400;\">\u2013 <\/span>\u00a0<strong>Margaret Sikora<\/strong>, who is also a lawyer (<span style=\"font-weight: 400;\">LL.M in International and European Law). She has read the <a href=\"https:\/\/ec.europa.eu\/justice\/data-protection\/reform\/files\/regulation_oj_en.pdf\">original version of General Data Protection Regulation<\/a> from start to end, and what&#8217;s most important, she actually understood it&#8230; as she speaks <em>lawyerish.<\/em>\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">She also read a couple more books for lawyers devoted to the topic, and attended some legal training sessions focused exclusively on GDPR. All that helped her prepare a presentation with some real-life examples to help all of us at <a href=\"https:\/\/woodpecker.co\/cold-email\/\" target=\"_blank\" rel=\"noopener noreferrer\">Woodpecker<\/a> virtually understand what GDPR is all about. We can only hope we&#8217;ll be able to help you understand it as well, and most importantly, abide by it.<\/span><\/p>\n<p><a class=\"gdpr-popupclick\" href=\"https:\/\/woodpecker.co\/bonuses\/gdpr-checklist\/\" target=\"_blank\" rel=\"noopener\">Download\u00a0GDPR Compliance Checklist &gt;&gt;<\/a><\/p>\n<h2 id=\"formal-steps\">Formal steps to take\u00a0before May 25<\/h2>\n<h4>1. Appoint a <em>Data Protection Specialist<\/em> at your company.<\/h4>\n<p>We\u00a0unanimously nominated Margaret for our Data Protection Specialist.<\/p>\n<p>It should be a person who will officially take care of data protection at your company. Note that Data Protection <em>Officer<\/em> and Data Protection <em>Specialist <\/em>are two separate roles with different sets of competencies and responsibilities.<\/p>\n<p><span style=\"font-weight: 400;\">If you\u00a0process sensitive data or there is a high risk\u00a0when processing personal data\u00a0at your company, you\u2019ll be obliged to\u00a0appoint or hire\u00a0a Data Protection Officer. In all other cases, appointing a Data Protection Specialist\u00a0will be enough to simply\u00a0help you keep your company data processing policy coherent and applicable.<\/span><\/p>\n<h4>2. Review your <em>Terms of Service<\/em>, <em>Privacy Policy<\/em> etc.<\/h4>\n<p>It&#8217;s a good idea to review all the\u00a0documents specifying the ways you process personal data in your company. According to GDPR, they should all be written in a clear language understandable to anyone.<\/p>\n<p>If your terms or privacy policy sound like something only a bunch of lawyers could understand, make sure you change that.<\/p>\n<p>Every person whose data you&#8217;re processing, or will be processing in the future, should be able to easily find in those documents:<\/p>\n<ul>\n<li>the way(s) you process their personal data (what do you do with the data and what kind of data are processed);<\/li>\n<li>the list of third-party services you use to process their data;<\/li>\n<li>clear instructions on how they can make changes to their data, or complete request removal of their data from your database\/email list\/contact base (according to the <em>right to be forgotten<\/em>).<\/li>\n<li>clear instructions on how to report to you a violation of GDPR principles that affected them, no matter if you are their data administrator or data processor.<\/li>\n<\/ul>\n<h4><strong>3.\u00a0Prepare a risk assessment for your company<\/strong><\/h4>\n<p>\u2026 or ask your Data Protection Officer to do so.<\/p>\n<p><span style=\"font-weight: 400;\">It&#8217;s just a kind of a map that will help you improve data security. In the risk assessment, you should point out: <\/span><\/p>\n<ul>\n<li><span style=\"font-weight: 400;\">what data you process,\u00a0<\/span><\/li>\n<li><span style=\"font-weight: 400;\">in what ways you process it and why, <\/span><\/li>\n<li><span style=\"font-weight: 400;\">who can access it,<\/span><\/li>\n<li><span style=\"font-weight: 400;\">and what may be a result if something goes wrong. <\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">While working on the risk assessment, don&#8217;t forget to ask yourself these crucial questions: <\/span><\/p>\n<ol>\n<li><span style=\"font-weight: 400;\">What&#8217;s my role in processing data: data processor? data administrator? <\/span><\/li>\n<li><span style=\"font-weight: 400;\">What should I inform my customers or prospects about?<\/span><\/li>\n<\/ol>\n<h2>The roles and duties of <em>data administrator <\/em>and<em> data processor<\/em><\/h2>\n<h3 id=\"administrator\">Data administrator<\/h3>\n<p>You probably obtain personal data from various sources. You collect email addresses from people who read your blog, or who visit your landing pages (inbound sources), you look for prospective B2B customers on <a href=\"https:\/\/woodpecker.co\/blog\/prospecting\/where-to-find-prospects\/\" target=\"_blank\" rel=\"noopener noreferrer\">LinkedIn and other\u00a0platforms<\/a>\u00a0and build lists of contacts for cold emailing (outbound sources).<\/p>\n<p>However you obtain the data <span style=\"font-weight: 400;\">\u2013 <\/span> you collect, have access to it, and process it in specific ways. Thus, you <em>administer<\/em>\u00a0the data. That makes you <em>data administrator<\/em> in the light of GDPR. This role makes you responsible for the purpose and the range of processing the data. You cannot just treat the data as some random lists of email addresses you collected for your own unspecified purposes.<\/p>\n<p>People who signed up for your list have given you permission to process their data in specific ways. You can&#8217;t use their data in any other way than you promised\u00a0them to once they&#8217;ve signed up for your list.<\/p>\n<p>But what if they haven&#8217;t signed up at all? People whose data you&#8217;ve collected yourself should be carefully chosen prospects whose websites, social profiles, comments on various platforms, etc. include clear signs that they could actually benefit from whatever it is that you&#8217;re going to offer to them in your cold emails. More about that in the section about relevance, below.<\/p>\n<h3 id=\"processor\">Data processor<\/h3>\n<p>If your business is a SaaS or a platform to which its users upload any kind of personal data, you become data processor <b>\u2013<\/b> as you don&#8217;t administer the data yourself, but enable data administrators to process personal data they obtained for a specific purpose.<\/p>\n<p>As a data processor, you\u00a0are <em>not<\/em> responsible for the range and the purpose of processing the personal data used by data administrators. However, if someone alarms you that your users (data administrators) have violated some of GDPR principles, you are obliged to react to such a violation.<\/p>\n<p>It&#8217;s a good idea to prepare your company for such a scenario and clearly describe, in your Terms of Service or Privacy Policy, what actions you are going to take once you get notified of a GDPR violation.<\/p>\n<p>You can be a data processor and data administrator at the same time. For instance, at Woodpecker we administer the data of Woodpecker users and email lists&#8217; subscribers. In this light, we are a data administrator. On the other hand, we don&#8217;t administer the prospects&#8217; lists uploaded to Woodpecker by our users <span style=\"font-weight: 400;\">\u2013 <\/span> we only allow processing of the data. In this respect, we are a data processor.<\/p>\n<p>There may be some more duties assigned to the role of data administrator and data processor specific for your country within the EU. It&#8217;s\u00a0a good idea to <strong>do\u00a0some research and learn about those country-specific responsibilities<\/strong>, or get some legal advice from a native lawyer specializing in personal data protection.<\/p>\n<p>\n<aside class=\"cta-block cta-block--a-version js-cta-block ab-no-10-cta-block ab-no-11-cta-block\">\n  <p class=\"cta-block__heading u-heading-preset-md-600\">Send powerful emails &amp; boost replies<\/p>\n  <div class=\"cta-block__form-container\">\n    <form class=\"js-cta-block-form\" action=\"https:\/\/woodpecker.co\/signup\/\" class=\"cta-block__button-only-form js-cta-block-no-input-form\">\n      \n\n\n\n\n\n\n\n\n<button class=\"c-button js-button c-button--color-main c-button--size-small u-focus-visible-outline\">\nStart free trial\n<\/button>    <\/form>\n    \n    <form class=\"c-input-button-form js-cta-block-form cta-block__form\" action=\"https:\/\/woodpecker.co\/signup\/\" method=\"POST\" novalidate>\n        \n  <div class=\"c-form-field js-form-field  c-input-button-form__form-field\">\n    \n    <label class=\"c-label c-form-field__label\" for=\"cta-block-form-email-1185128223\">Work email<\/label>\n\n                    \n  <input class=\"c-input  js-input c-input-button-form__input\" placeholder=\"will@woodpecker.co\" name=\"email\" id=\"cta-block-form-email-1185128223\" type=\"email\" \/>\n            \n    <span class=\"c-form-field__error js-error\">\n                                      Invalid email format\n        \n\n                <\/span>\n  <\/div>\n\n        <div class=\"c-input-button-form__button\">\n          \n\n\n\n\n\n\n\n\n<button class=\"cta-block__button c-button js-button c-button--color-main c-button--size-small u-focus-visible-outline\">\n                Start free trial\n        \n\n<\/button>        <\/div>\n\n            <\/form>\n  <\/div>\n<\/aside><\/p>\n<h2 id=\"principles\">General Data Protection Regulation principles, and how\u00a0they should affect your email outreach<\/h2>\n<p>After this longish intro and clarification of some basic terms and notions, let&#8217;s get to practice. This section will help you understand what steps you should take to respect GDPR while sending emails.<\/p>\n<p>GDPR lists a bunch of principles which you should abide by when processing personal data. Stick to those principles, and you&#8217;re GDPR compliant.<\/p>\n<p>I&#8217;ve listed the principles below and tried to explain what they&#8217;re all about in practice. I&#8217;ve focused very much on the context of email outreach, as this is vital to <a href=\"https:\/\/woodpecker.co\/cold-email\/\">Woodpecker<\/a> users. But even if you don&#8217;t use Woodpecker, but some other tools automating email sending, or you still send some cold emails manually, this section will help you understand what GDPR is about.<\/p>\n<h3 id=\"lawfulness\">1. Lawfulness, fairness, and transparency<\/h3>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-4506 size-medium\" src=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/ksi\u0119ga-300x150.png\" alt=\"\" width=\"300\" height=\"150\" srcset=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/ksi\u0119ga-300x150.png 300w, https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/ksi\u0119ga.png 650w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>\n<p>Those first three principles are very much about obtaining the personal data you&#8217;re\u00a0planning to process. All the actions you take to build your email lists (either by\u00a0opt-in\u00a0or by collecting the data yourself) should be legal, fair, and transparent.<\/p>\n<h4>What does\u00a0that mean in practice?<\/h4>\n<p>You should be able to clearly answer the question:<\/p>\n<blockquote><p><em>&#8220;how did you get my email address?&#8221;\u00a0<\/em><\/p><\/blockquote>\n<p>&#8230; and <em>&#8220;I&#8217;ve bought an email list.&#8221;<\/em> is not a full and satisfactory answer to that question.<\/p>\n<p>I&#8217;ve been enhancing the importance of building your own lists for over 3 years on this blog now. GDPR only enhances my enhancements. If you have an email address on your sending list, you should know exactly why it&#8217;s there. Even if you hired someone else to get your list for you, you should be fully aware of the data collecting process to be sure it&#8217;s been fair towards the data owners, and above all <b>\u2013<\/b> legal.<\/p>\n<h5>Cold emailing lists<\/h5>\n<p>While building a list yourself, in case of cold emailing, you need to be sure that each and every person on the list is likely to benefit from your business-related offer. Moreover, the\u00a0purpose of your email or the offer you make in the message should be clearly connected with the business of your prospect. But more\u00a0on that in the section <em>Adequacy, relevance, and limitedness<\/em>, below.<\/p>\n<p>In other words, your answer to the question &#8220;<em>how did you get my email address?&#8221; <\/em>should be more like:<em>\u00a0<\/em><\/p>\n<blockquote><p><em>&#8220;I&#8217;ve found<strong>\u00a0<\/strong>your<b>\u00a0<\/b>comment about tools for content marketers on LinkedIn in Content Marketing Group and it made me think you may be interested in checking out our software for content writers. I checked your\u00a0marketing agency website and confirmed that you are a content writer. Then, I invited you on LinkedIn, you accepted my invitation, and I downloaded your email address from my list of connections.&#8221;<\/em><\/p><\/blockquote>\n<p>And no, you probably won&#8217;t have to write that kind of a message to each and every one of your prospects. It&#8217;s just about having in place a transparent process of obtaining personal data (email addresses, in this particular case) and being able to describe it in detail if someone ever asks you to.<\/p>\n<p>To sum up, if you&#8217;re able to justify why you chose\u00a0a specific person to be on your cold emailing list for a specific cold email campaign, you&#8217;ll be able to clearly answer the question <em>&#8220;how did you get my email address?&#8221;<\/em>\u00a0And that\u00a0answer should present your process of obtaining lists as legal, fair, and transparent.<\/p>\n<h5>Opt-in lists of subscribers<\/h5>\n<p>You can also have an email list\u00a0including addresses of people who opted-in for it. The most\u00a0important rule to follow\u00a0while\u00a0collecting email list signups is to be transparent <b>\u2013<\/b> or, simply put, <strong>tell people straight what exactly they are signing up for<\/strong>.<\/p>\n<p>If you&#8217;re asking for an email address to send someone an ebook,\u00a0the subscribers who\u00a0decide to provide you with their email will expect you to send them the ebook&#8230; Just the ebook. Not an ebook first, and then 3 emails a week for half a year. I&#8217;m sure you know what I mean.<\/p>\n<p>If you&#8217;re planning to send them more than just the ebook, they should be informed about your intentions before they decide to sign up. Tell them what they are going to get, how often and\/or for how long. Put this information right next to the subscription form in easily comprehensible words.<\/p>\n<p>GDPR stresses the need to <strong>simplify the language of consents<\/strong>, so that every person who is about to give a consent to process their personal data is fully aware of what\u00a0he or she\u00a0actually agrees to.<\/p>\n<p>Also, if your subscription form involves some checkboxes, leave then unmarked by default. According to GDPR, your subscriber should express their intentional consent to process their data in specific ways. They will intentionally agree by marking such a checkbox themselves.<\/p>\n<p>This is something I had to change our form at Woodpecker trial signup form.<\/p>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-4421 size-medium\" src=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/Woodpecker-signup-form-checkbox-300x245.png\" alt=\"\" width=\"300\" height=\"245\" \/>\n<p>&nbsp;<\/p>\n<h3 id=\"adequacy\">2. Adequacy, relevance, and limitedness<\/h3>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-4480 size-medium\" src=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/tarcza-300x140.png\" alt=\"\" width=\"300\" height=\"140\" srcset=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/tarcza-300x140.png 300w, https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/tarcza.png 650w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>\n<p>The personal data you collect should be adequate and relevant to the purpose of its processing. You shouldn&#8217;t collect any data that is unnecessary to you as data administrator or data processor. Additionally, if possible, the personal data you collect should be pseudonymized in order to ensure the highest possible level of its security.<\/p>\n<h4>What does\u00a0that mean in practice?<\/h4>\n<h5>COLD EMAILING LISTS\u00a0&amp; COLD EMAIL MESSAGES<\/h5>\n<p><strong>Don&#8217;t collect personal data that you don&#8217;t need<\/strong><\/p>\n<p>Firstly, you should collect only the personal data that you&#8217;re going to use in your cold email campaign. If you&#8217;re not going to call your prospects, don&#8217;t put their phone numbers on your prospect list. If you&#8217;re not going to send them anything via traditional mail, don&#8217;t put their company addresses on your prospect list. Keep things simple. Don&#8217;t collect any data that you don&#8217;t have a clear plan for.<\/p>\n<p>If you stick to that, not only will you be GDPR compliant, but your prospect base will get lighter and more accessible to you. It&#8217;ll be easier to work with it.<\/p>\n<p>In <a href=\"https:\/\/woodpecker.co\/blog\/cold-email\/copy-and-prospects\/\" target=\"_blank\" rel=\"noopener noreferrer\">this post<\/a>, I described\u00a0a way I&#8217;ve\u00a0used myself while building a database for cold emailing and writing your email copy at the same time. The process will help you avoid wasting time on collecting the data you don&#8217;t really need.<\/p>\n<p><strong>In the cold email, inform your prospect about their data processing<\/strong><\/p>\n<p>According to GDPR, you should inform the person that their personal data is being processed. An easy solution\u00a0here is adding a disclaimer at the very end of your message. The disclaimer should contain 3 pieces of information:<\/p>\n<ul>\n<li>a statement informing that you process your prospect&#8217;s data;<\/li>\n<li>a short explanation why are you processing it;<\/li>\n<li>an instruction on how they can change the data you process or request removal of their data from your list<\/li>\n<\/ul>\n<p>Here&#8217;s an example of such a disclaimer (it&#8217;s not the only correct official form, you can use different words to express the same):<\/p>\n<p><em>I chose to contact you because I have strong reasons to assume that you can benefit from what I present in this email. I&#8217;m processing your name and email address only because I wanted to send you this message. If you want\u00a0me to change the data I used to contact you, or remove your data from my list, hit reply and let me know.<\/em><\/p>\n<p>You can also use an &#8216;unsubscribe&#8217; link, if you want to. But you don&#8217;t necessarily have to use the word &#8216;unsubscribe&#8217;. The important thing is to give the prospect an easy way out of further correspondence and from your contact list.<\/p>\n<p><strong>Enough of the &#8220;spray and pray&#8221; <span style=\"font-weight: 400;\">\u2013 <\/span> target carefully<\/strong><\/p>\n<p>&#8220;Throwing spaghetti on the wall&#8221; days are officially over. I&#8217;ve been convincing readers of this blog, since its very beginnings, that the quality of\u00a0their prospect base matters and that its quantity should never be their concern as much as accurate targeting. GDPR\u00a0supports that approach as well.<\/p>\n<p>Sending hundreds and thousands of cold emails to a random list of email addresses is something that violates GDPR.<\/p>\n<p>Therefore,\u00a0you should pay more attention to carefully choosing your prospects, segmenting them, and customizing your email campaigns. Your prospects should not be wondering why you&#8217;re emailing them. They should immediately understand why you chose them as your addressees. That&#8217;s possible if only you take a proper care of your targeting and crafting good email copy.<\/p>\n<p>If you make an offer in your cold email, the offer should be clearly connected to the specifics of your prospects&#8217; business. Let me explain what that means with examples:<\/p>\n<h6>Example 1 &#8211; GDPR compliant offer-business match<\/h6>\n<p><em>Company X produces an <span style=\"text-decoration: underline;\">email server security solution<\/span>.\u00a0The company finds Woodpecker online and confirms that Woodpecker is an <span style=\"text-decoration: underline;\">email automation software<\/span>. They find out on LinkedIn the personal data of our Head of Integration and <span style=\"text-decoration: underline;\">Deliverabilit<\/span>y. They contact him via cold email offering their software.<\/em><\/p>\n<p>A company producing email automation software could definitely be interested in an email server security solution. In this case, the offer would be clearly connected with a specific business activity declared in the company statute.<\/p>\n<h6>Example 2 &#8211; GDPR non-compliant offer-business match<\/h6>\n<p><em>Company Y offers web development services. The company finds Woodpecker online and confirms that Woodpecker\u00a0is an\u00a0email automation software. They find out on LinkedIn the personal data of our Head of Marketing (yours truly). They contact her via cold email offering their services.<\/em><\/p>\n<p>You see, just because someone has an online business and they have a website, you can&#8217;t assume they may be in the need of web development services. Of course, in marketing, we do produce websites. But it&#8217;s not an activity that&#8217;s a part of our company statute.<\/p>\n<p>So, when would it be justified for a web development company to send a cold email offering their services? For instance, if they were contacting other web development companies\u00a0to offer their support. Or, if they were contacting digital marketing agencies declaring that they handle web development as well. To sum up, the business activity of your prospect&#8217;s company has to be clearly connected with the offer you put into your email. That&#8217;s what makes the offer relevant.<\/p>\n<h5>OPT-IN LISTS OF SUBSCRIBERS &amp; Newsletter-LIKE meSSAGES<\/h5>\n<p>Do you recall the last time you got interested in an ebook and actually wanted to download it?<\/p>\n<p>Then the next thing you got into was a 12-field subscription form, in which except for your email address and first name, you obligatory have to enter your surname, the country you come from,\u00a0your title, your phone number, your gender, your company name and website, the number of employees at your company, your dog&#8217;s name&#8230;, etc.<\/p>\n<p>Well, that&#8217;s not what the company will need to send you an ebook. First of all, please don&#8217;t do that to your subscribers.<\/p>\n<p>Second of all, you shouldn&#8217;t ask for all this data without clearly justifying what you need\u00a0it for right next to the subscription form. And I saw companies writing that they need all this info to improve\u00a0my browsing experience, personalizing the website for me, and sending me only valuable content&#8230;<\/p>\n<p>But hey, they don&#8217;t need my phone number to do all that. They need it so that one of their salespeople could call me once they classify me as a potential customer. But this is not what they\u00a0tell me right next to the subscription form. And according to GDPR, they owe me at least that information if they require my phone number to download an ebook.<\/p>\n<p>They also owe me at least a hint that the ebook will not be the only thing they are going to send me. If they plan to send me 1, or 2, or 3 emails a week after I sign up for the ebook, they are obliged to inform me about that, so that as a subscriber I knew exactly what I&#8217;m just about to sign up for (again, fairness and transparency).<\/p>\n<p>Ok, that was from subscribers&#8217; perspective. Now let&#8217;s get back to being marketers: according to GDPR, your forms should ask for only as much data as required for the processing purposes <b>\u2013<\/b> that&#8217;s what the\u00a0<em>limitedness<\/em> means. If you ask for more data, you need to explain what you need the information for <b>\u2013<\/b> how it will be processed and\u00a0for what purpose.<\/p>\n<h3 id=\"accuracy\">3. Accuracy<\/h3>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-4483 size-medium\" src=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/waga-300x157.png\" alt=\"\" width=\"300\" height=\"157\" srcset=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/waga-300x157.png 300w, https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/waga.png 650w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>\n<p>You should make sure that the personal data you process is accurate and up to date. To make that possible, the data owners should have a clearly described and easily available option to change their personal data. They should also be able to exercise the <strong><em>right to be forgotten<\/em><\/strong> and the <strong><em>right to assist in data deletion<\/em><\/strong>.<\/p>\n<h4>What does\u00a0that mean in practice?<\/h4>\n<h5>for cold email senders<\/h5>\n<p>As we already established, being a cold email sender you should inform your addressees in what way they can exercise their <em>right to be forgotten\u00a0<\/em>or their <em>right to assist in data deletion<\/em>.\u00a0That&#8217;s about giving them a clear <a href=\"https:\/\/woodpecker.co\/blog\/cold-email\/cold-email-opt-out\/\" target=\"_blank\" rel=\"noopener noreferrer\">way to opt out<\/a> (nothing new, it&#8217;s always been a rule in cold emailing).<\/p>\n<p>You can use an unsubscribe link mechanism if you want to. But you can also simply write in your email, what they should do to have their data removed from your prospect base. It could be for instance:<\/p>\n<blockquote><p><em>If you want\u00a0me to change the data I used to contact you, or remove your data from my list, hit reply and let me know.\u00a0<\/em><\/p><\/blockquote>\n<p>Again, that&#8217;s not an official formula. There&#8217;s no official formula. In fact, if you use any formula, it should not be official, nor should it sound<em> lawyerish<\/em>.\u00a0You should use as simple words as possible.<\/p>\n<p>Once someone expresses their will to delete their data, you should respect that immediately, remove their data from your prospect list, and make sure they won&#8217;t be contacted again.<\/p>\n<h5>For email senders using opt-in lists<\/h5>\n<p>If you email people who signed up for your list, you also need to give your addressees a clear way to opt out. An &#8216;unsubscribe&#8217; link in every message became a standard in this case, as well as a link where your subscriber can edit their data by themselves. It&#8217;s also a good idea to include a short reminder in your email footer about how your subscriber got on the list in the first place.<\/p>\n<p>We use MailChimp for sending our marketing emails and product updates, and the formula we use there looks like this:<\/p>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-4430 size-medium\" src=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/email-footer-mailchimp-woodpecker-300x211.png\" alt=\"\" width=\"300\" height=\"211\" srcset=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/email-footer-mailchimp-woodpecker-300x211.png 300w, https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/email-footer-mailchimp-woodpecker.png 537w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>\n<p>I like it because it&#8217;s clear and simple. You know who you got the email from and why, and you can change your data or unsubscribe right there with one click. Make sure the email marketing tool you use offers the same options to your subscribers. If it does, you&#8217;re all set.<\/p>\n<h3 id=\"storage-limitation\">4. Storage limitation<\/h3>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-4482 size-medium\" src=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/klepsydra-300x140.png\" alt=\"\" width=\"300\" height=\"140\" srcset=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/klepsydra-300x140.png 300w, https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/klepsydra.png 650w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>\n<p>You shouldn&#8217;t process personal data longer than it&#8217;s necessary for the purpose of its processing. Therefore, you should enable your prospects\/email list subscribers to exercise the already mentioned\u00a0<em>right to be forgotten<\/em>\u00a0and the\u00a0<em>right to assist in data deletion<\/em>.<\/p>\n<p>The storage limitation is a new principle introduced by GDPR. At the same time, GDPR does not specify the exact time which is &#8220;necessary for the purpose of processing personal data.&#8221; In practice, the time will depend on: how\u00a0you&#8217;ve obtained the personal data, in what way\u00a0you process it, and what relation you have with the data owner.<\/p>\n<h4>What does\u00a0that mean in practice?<\/h4>\n<h5>FOR COLD EMAIL SENDERS<\/h5>\n<p>We&#8217;ll be advising all Woodpecker users who send cold email campaigns to clear their contact bases from contacts of people who haven&#8217;t responded in any way for more than 30 days. The time period has not been specified in GDPR, but it&#8217;s a reasonable time to wait for an answer. Lack of any answer over this period will suggest that the prospect is probably not interested, hence as data administrator, you won&#8217;t have any reason to process their data any further.<\/p>\n<p>We will add some functions in Woodpecker that will allow you to select such non-responsive prospects easily and mark them with a proper status to stop processing their data.<\/p>\n<p>If a prospect replies to you with a positive response, the time of processing their data will naturally depend on your further relation or lack of it.<\/p>\n<h5>FOR EMAIL SENDERS\u00a0addressing OPT-IN LISTS of subscribers<\/h5>\n<p>If a person expressed their will to subscribe to your list and their consent to process his or her personal data, technically you are entitled by this consent to process their data\u00a0until they withdraw the consent.<\/p>\n<p>If someone becomes your client, he or she involves in a business agreement with you. This gives you the right to process their data for all the time of the agreement duration, and after that as well. The time you can process your client&#8217;s personal data, in this case, will be specified by the law of your company&#8217;s native country.<\/p>\n<h3 id=\"integrity\">5. Integrity and confidentiality<\/h3>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone wp-image-4481 size-medium\" src=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/teczka-300x148.png\" alt=\"\" width=\"300\" height=\"148\" srcset=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/teczka-300x148.png 300w, https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/teczka.png 650w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>\n<p><span style=\"font-weight: 400;\">As data administrator, you are obliged to take a proper care of the security of the personal data you process. You should never share with third parties (other people or companies) the personal data you process, unless you have a clear consent of the data owners to do that.<\/span><\/p>\n<h4>What does\u00a0that mean in practice?<\/h4>\n<h5>FOR COLD EMAIL SENDERS &amp; EMAIL SENDERS USING OPT-IN LISTS<\/h5>\n<p>Whether you send cold emails or email marketing messages to opt-in lists of subscribers, the rule works the same: treat the personal data you process like something you borrowed.<\/p>\n<p>It&#8217;s not yours to manage freely. If you plan to share it with someone else, the data owners should be clearly notified about your intentions and you should have their consent.<\/p>\n<p>So, if you organize a webinar in partnership with another company, you can&#8217;t just exchange the lists of subscribers each of you collected, unless the subscribers are previously informed about who&#8217;s going to process their data and they agree to get emails from both of your companies.<\/p>\n<p>Again, these are not just files with random data that belongs to you. Contact lists including email addresses and other types of personal data are valuable assets and GDPR stresses that they should be guarded as such. Both as <em>data\u00a0<\/em><i>administrator<\/i>\u00a0and as <em>data processor,\u00a0<\/em>you are obliged to take proper measures in order to provide the greatest possible level of security for the data you process.<\/p>\n<p>Moreover, you should be able to prove that you took those measures in case of a control.\u00a0A safe solution to that would be to prepare documents stating who at your company can have access to specific types of personal data that you process.<\/p>\n<p>For instance, HR people will probably require access to personal data of all employees, but it may be totally unnecessary to sales reps. The marketing team will have access to\u00a0a list\u00a0of blog subscribers, but HR people\u00a0may not need that access at all.<\/p>\n<p>Think of who can access various types of data at your company. Then, regulate and document that. If a controller asks you who can access what, you should be able to tell them (or better, show them a document, as supposedly they love flicking through papers).<\/p>\n<p>You should also openly inform your users, customers, and subscribers where their personal data is physically stored. So if you have servers in France and Canada, like we do, you should officially inform about their locations in your Privacy Policy or another document. We do that in the Safety &amp; Security document on our website.<\/p>\n<h2 id=\"summary\">Summary<\/h2>\n<p>I know, it&#8217;s a long post. But it probably doesn&#8217;t cover the topic in its whole anyway. Hope it will help you understand the basic principles mentioned in the document and take some actions to be compliant with it.<\/p>\n<p>Hope it will allow you to understand that GDPR is not a regulation that is supposed to kill cold emails or newsletters. It&#8217;s a document that is supposed to enhance the value of personal data, and the rights of EU citizens to full control over processing their personal data.<\/p>\n<p><a class=\"gdpr-popupclick\" href=\"https:\/\/woodpecker.co\/bonuses\/gdpr-checklist\/\" target=\"_blank\" rel=\"noopener\">Download\u00a0GDPR Compliance Checklist &gt;&gt;<\/a><\/p>\n<h3>What to take away from this post<\/h3>\n<p>GDPR <strong>does not forbid to send cold emails<\/strong>.<\/p>\n<ol>\n<li>It only regulates that <strong>you should<\/strong> <strong>have a strong reason to contact a person<\/strong> who hasn&#8217;t expressed their consent to process their data. The offer you put in your cold email should be logically connected with their business statute.<\/li>\n<li>So if you send cold emails <b>\u2013<\/b> spend some serious time on a <strong>more precise targeting<\/strong> of your campaigns. Quit spraying and praying. <strong>Customize and personalize your email copy<\/strong> and send it only to people at carefully chosen companies matching your own business. <strong>Make sure both sides are\u00a0likely to benefit<\/strong> from such a potential business relationship.<\/li>\n<li>You should obtain any personal data for your prospects&#8217; lists in a <strong>legal and transparent way<\/strong>, and <strong>be\u00a0ready to explain how and why you decided to process personal data<\/strong> of specific EU citizens.<\/li>\n<li>GDPR introduces a new principle of data storage limitation, which <strong>does not allow you to process personal data longer than it&#8217;s necessary<\/strong>. The specific time period is not specified in the document. We advise removing the data of non-responsive cold email addresees after\u00a030 days from your first contact.<\/li>\n<li>In case of opt-in lists, you can <strong>process the data in clearly specified ways<\/strong> the data owner has agreed to, for as long as they granted you their consent, or until they express their wish to withdraw it.<\/li>\n<li>Any kind of data you\u00a0ask for should be <strong>justified by the purpose for which you want to process it<\/strong>. Don&#8217;t ask for a phone number if you want to send someone an ebook. And if you do want to collect their phone number, tell them straight that you may want to call them.<\/li>\n<li>Give your cold email recipients as well as your opt-in list subscribers<strong> a clear way to opt out<\/strong> from further correspondence, and an instruction on <strong>how to change their personal data<\/strong>, or completely <strong>remove it from your list<\/strong>.\u00a0 The &#8216;Unsubscribe&#8217; link mechanism is a popular one, but it&#8217;s not the only one you can use for that.<\/li>\n<li><strong>Update your Terms of Service and Privacy Policy docs<\/strong>, if necessary. Simplify the language you use in those documents. Make sure everyone can understand it without a degree in law.<\/li>\n<li>Remember <strong>you don&#8217;t own the personal data you process<\/strong>. Don&#8217;t share it with other people and companies like it was your property. Make sure the data is secure while you process it.<\/li>\n<\/ol>\n<h2>References &amp; additional resources<\/h2>\n<p>This is a list of resources that helped us write this post. If you feel like more thorough research on your own, this may be a good point to start from:<\/p>\n<p><a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32016R0679&amp;from=EN\" target=\"_blank\" rel=\"noopener noreferrer\">General Data Protection Regulation<\/a>\u00a0full original version of GDPR in English (other language versions available\u00a0<a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>)<\/p>\n<p><a href=\"https:\/\/ec.europa.eu\/justice\/data-protection\/\" target=\"_blank\" rel=\"noopener noreferrer\">European Commission \u2013\u00a0Protection of personal data<\/a><\/p>\n<p><a href=\"https:\/\/ec.europa.eu\/justice\/data-protection\/reform\/index_en.htm\" target=\"_blank\" rel=\"noopener noreferrer\">European Commission \u2013 reform of EU data protection rules <\/a><\/p>\n<p><a href=\"https:\/\/ec.europa.eu\/justice\/newsroom\/data-protection\/infographic\/2017\/index_en.htm\" target=\"_blank\" rel=\"noopener noreferrer\">European Commission\u00a0\u2013 Data protection reform for small businesses <\/a><\/p>\n<p><a href=\"https:\/\/www.lexology.com\/library\/detail.aspx?g=818a9dad-6eb5-4aed-a895-6910bba84418\" target=\"_blank\" rel=\"noopener noreferrer\">Lexology Blog post about consent<\/a><\/p>\n<p><a href=\"https:\/\/books.google.pl\/books?id=hnQ2DwAAQBAJ&amp;printsec=frontcover&amp;dq=general+data+protection+regulation&amp;hl=pl&amp;sa=X&amp;ved=0ahUKEwiTkZDEo9_YAhXLkSwKHQmqB4gQ6AEIKDAA#v=onepage&amp;q=general%20data%20protection%20regulation&amp;f=false\" target=\"_blank\" rel=\"noopener noreferrer\">EU General Data Protection Regulation (GDPR): An Implementation and compliance guide<\/a> (Book)<\/p>\n<p><a href=\"https:\/\/books.google.pl\/books?id=cWAwDwAAQBAJ&amp;printsec=frontcover&amp;dq=general+data+protection+regulation&amp;hl=pl&amp;sa=X&amp;ved=0ahUKEwiTkZDEo9_YAhXLkSwKHQmqB4gQ6AEIMDAB#v=onepage&amp;q=general%20data%20protection%20regulation&amp;f=false\" target=\"_blank\" rel=\"noopener noreferrer\">The EU General Data Protection Regulation (GDPR): A Practical Guide<\/a> (Book)<\/p>\n<h2>Questions?<\/h2>\n<p>If you have questions about this post, or about sending emails\u00a0in compliance with\u00a0GDPR in general, please write the questions in the comments section below. If you have some other interpretations of the GDPR you want to share or laws specific to your native EU countries, please feel more than welcome to leave them in the comments as well.<\/p>\n<p>We&#8217;re collecting the most frequently asked questions along with answers in this post:<\/p>\n<h4><strong><a href=\"https:\/\/woodpecker.co\/blog\/cold-email\/gdpr-faq\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR Frequently Asked Questions &gt;&gt;<\/a><\/strong><\/h4>\n<h2>Ebook<\/h2>\n<p>Margaret wrote an ebook for you to get even a greater grasp of the regulation.<\/p>\n<p>You can download it <a href=\"https:\/\/woodpecker.co\/ebooks\/gdpr-ebook\/\" target=\"_blank\" rel=\"noopener noreferrer\">here &gt;&gt;<\/a><\/p>\n<h2>Webinars<\/h2>\n<p>We&#8217;re going to host a series of webinars about GDPR. Sign up for them to learn more about GDPR and ask your questions connected to it.<\/p>\n<p>If you cannot attend at this time, sign up anyway, because you&#8217;ll receive the recording.<\/p>\n<p><strong>1. Webinar #1 in English on\u00a0<span class=\"aBn\" tabindex=\"0\" data-term=\"goog_809695253\"><span class=\"aQJ\">March 15th at 11 AM CET<\/span><\/span><\/strong><\/p>\n<p>Topic: GDPR in practice for SME<\/p>\n<p><em>This one already took place on March 15th. The YouTube video is <a href=\"https:\/\/www.youtube.com\/watch?v=bC2J3bCNtQ4&amp;t=7s\" target=\"_blank\" rel=\"noopener noreferrer\">here &gt;&gt;<\/a><\/em><\/p>\n<p><strong>2. Webinar #2 in English on\u00a0<span class=\"aBn\" tabindex=\"0\" data-term=\"goog_809695255\"><span class=\"aQJ\">March 21th at 11 AM CET<\/span><\/span><\/strong><\/p>\n<p>Topic: How to Make Your Email Outreach GDPR Compliant<\/p>\n<p><em>This one already took place on March 21th. The YouTube video is <a href=\"https:\/\/www.youtube.com\/watch?v=8Xg3-2vzAPI&amp;t=165s\" target=\"_blank\" rel=\"noopener noreferrer\">here &gt;&gt;<\/a><\/em><\/p>\n<p><strong>3. Webinar #3 in Polish on\u00a0<span class=\"aBn\" tabindex=\"0\" data-term=\"goog_809695257\"><span class=\"aQJ\">April 4th at 11 AM<\/span><\/span>\u00a0Warsaw<\/strong><\/p>\n<p>Topic: Jak prowadzi\u0107 kampanie mailowe w zgodzie z RODO?<\/p>\n<p><em>This one has <\/em>already<em> taken place.\u00a0The YouTube video is\u00a0<a href=\"https:\/\/www.youtube.com\/watch?v=8Xg3-2vzAPI&amp;t=165s\" target=\"_blank\" rel=\"noopener noreferrer\">here &gt;&gt;<\/a><\/em><\/p>\n<p>\n<aside class=\"cta-block cta-block--a-version js-cta-block ab-no-10-cta-block ab-no-11-cta-block\">\n  <p class=\"cta-block__heading u-heading-preset-md-600\">Send powerful emails &amp; boost replies<\/p>\n  <div class=\"cta-block__form-container\">\n    <form class=\"js-cta-block-form\" action=\"https:\/\/woodpecker.co\/signup\/\" class=\"cta-block__button-only-form js-cta-block-no-input-form\">\n      \n\n\n\n\n\n\n\n\n<button class=\"c-button js-button c-button--color-main c-button--size-small u-focus-visible-outline\">\nStart free trial\n<\/button>    <\/form>\n    \n    <form class=\"c-input-button-form js-cta-block-form cta-block__form\" action=\"https:\/\/woodpecker.co\/signup\/\" method=\"POST\" novalidate>\n        \n  <div class=\"c-form-field js-form-field  c-input-button-form__form-field\">\n    \n    <label class=\"c-label c-form-field__label\" for=\"cta-block-form-email-891084698\">Work email<\/label>\n\n                    \n  <input class=\"c-input  js-input c-input-button-form__input\" placeholder=\"will@woodpecker.co\" name=\"email\" id=\"cta-block-form-email-891084698\" type=\"email\" \/>\n            \n    <span class=\"c-form-field__error js-error\">\n                                      Invalid email format\n        \n\n                <\/span>\n  <\/div>\n\n        <div class=\"c-input-button-form__button\">\n          \n\n\n\n\n\n\n\n\n<button class=\"cta-block__button c-button js-button c-button--color-main c-button--size-small u-focus-visible-outline\">\n                Start free trial\n        \n\n<\/button>        <\/div>\n\n            <\/form>\n  <\/div>\n<\/aside><\/p>\n","protected":false},"excerpt":{"rendered":"<p>GDPR \u2013\u00a0General Data Protection Regulation\u00a0will be brought into effect on\u00a0May 25, 2018. It&#8217;s still a few months ahead, but it&#8217;s good to learn right now how the regulation will affect you and your business. Especially if you send any kind of business emails. You could have already read\u00a0some\u00a0articles summarizing GDPR, but if you still don&#8217;t know how it will actually affect you in practice and what to do to be GDPR compliant, check out this post.<\/p>\n","protected":false},"author":17,"featured_media":4450,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GDPR \u2013 General Data Protection Regulation Practical Guide<\/title>\n<meta name=\"description\" content=\"General Data Protection Regulation (GDPR) \u2013 practical guide for email senders. How to send cold emails and marketing messages legally in 2018.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR \u2013 General Data Protection Regulation Practical Guide\" \/>\n<meta property=\"og:description\" content=\"General Data Protection Regulation (GDPR) \u2013 practical guide for email senders. How to send cold emails and marketing messages legally in 2018.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/\" \/>\n<meta property=\"og:site_name\" content=\"Woodpecker Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/business.facebook.com\/woodpeckerapp\" \/>\n<meta property=\"article:published_time\" content=\"2018-01-18T15:50:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-21T09:26:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/18.01.2018-GDPR_\u2013_General_Data_Protection_Regulation_Practical_Guide_for_Email_Senders-blog.png\" \/>\n\t<meta property=\"og:image:width\" content=\"698\" \/>\n\t<meta property=\"og:image:height\" content=\"406\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Margaret Sikora\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@woodpeckerapp\" \/>\n<meta name=\"twitter:site\" content=\"@woodpeckerapp\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/\"},\"author\":{\"name\":\"Margaret Sikora\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/dbd5fae1eeb41a0caf2e2c7bda48059f\"},\"headline\":\"GDPR \u2013 General Data Protection Regulation Practical Guide for Email Senders\",\"datePublished\":\"2018-01-18T15:50:47+00:00\",\"dateModified\":\"2025-01-21T09:26:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/\"},\"wordCount\":5931,\"commentCount\":16,\"publisher\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/#organization\"},\"articleSection\":[\"Cold email basics\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/\",\"url\":\"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/\",\"name\":\"GDPR \u2013 General Data Protection Regulation Practical Guide\",\"isPartOf\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/#website\"},\"datePublished\":\"2018-01-18T15:50:47+00:00\",\"dateModified\":\"2025-01-21T09:26:15+00:00\",\"description\":\"General Data Protection Regulation (GDPR) \u2013 practical guide for email senders. How to send cold emails and marketing messages legally in 2018.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#website\",\"url\":\"https:\/\/woodpecker.co\/blog\/\",\"name\":\"Woodpecker Blog\",\"description\":\"Woodpecker Blog - Pro Tips on Cold Emails, Follow-ups, Sales &amp; Growth\",\"publisher\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/woodpecker.co\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#organization\",\"name\":\"Woodpecker.co\",\"url\":\"https:\/\/woodpecker.co\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2015\/06\/WP_Logo_WersjaPodstawowa_Pionowa_CzarneTlo_RGB.jpg\",\"contentUrl\":\"https:\/\/woodpecker.co\/blog\/app\/uploads\/2015\/06\/WP_Logo_WersjaPodstawowa_Pionowa_CzarneTlo_RGB.jpg\",\"width\":1240,\"height\":874,\"caption\":\"Woodpecker.co\"},\"image\":{\"@id\":\"https:\/\/woodpecker.co\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/business.facebook.com\/woodpeckerapp\",\"https:\/\/twitter.com\/woodpeckerapp\",\"https:\/\/www.instagram.com\/woodpeckerapp\/\",\"https:\/\/www.linkedin.com\/company\/woodpecker-co\/\",\"https:\/\/www.youtube.com\/channel\/UCNN9wM55yaNI-KEZCfh66_A\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/dbd5fae1eeb41a0caf2e2c7bda48059f\",\"name\":\"Margaret Sikora\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/285df23338966e859f136eed9706c0a6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/285df23338966e859f136eed9706c0a6?s=96&d=mm&r=g\",\"caption\":\"Margaret Sikora\"},\"description\":\"Product Manager and DPO at Woodpecker. A lawyer who gets the SaaS business, understands customers' needs, and speaks the language of IT guys.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/margaretsikora\/\",\"https:\/\/www.instagram.com\/margaret.sikora.official\"],\"url\":\"https:\/\/woodpecker.co\/blog\/author\/gosia-sikora\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GDPR \u2013 General Data Protection Regulation Practical Guide","description":"General Data Protection Regulation (GDPR) \u2013 practical guide for email senders. How to send cold emails and marketing messages legally in 2018.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/","og_locale":"en_US","og_type":"article","og_title":"GDPR \u2013 General Data Protection Regulation Practical Guide","og_description":"General Data Protection Regulation (GDPR) \u2013 practical guide for email senders. How to send cold emails and marketing messages legally in 2018.","og_url":"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/","og_site_name":"Woodpecker Blog","article_publisher":"https:\/\/business.facebook.com\/woodpeckerapp","article_published_time":"2018-01-18T15:50:47+00:00","article_modified_time":"2025-01-21T09:26:15+00:00","og_image":[{"width":698,"height":406,"url":"https:\/\/woodpecker.co\/blog\/app\/uploads\/2018\/01\/18.01.2018-GDPR_\u2013_General_Data_Protection_Regulation_Practical_Guide_for_Email_Senders-blog.png","type":"image\/png"}],"author":"Margaret Sikora","twitter_card":"summary_large_image","twitter_creator":"@woodpeckerapp","twitter_site":"@woodpeckerapp","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/#article","isPartOf":{"@id":"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/"},"author":{"name":"Margaret Sikora","@id":"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/dbd5fae1eeb41a0caf2e2c7bda48059f"},"headline":"GDPR \u2013 General Data Protection Regulation Practical Guide for Email Senders","datePublished":"2018-01-18T15:50:47+00:00","dateModified":"2025-01-21T09:26:15+00:00","mainEntityOfPage":{"@id":"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/"},"wordCount":5931,"commentCount":16,"publisher":{"@id":"https:\/\/woodpecker.co\/blog\/#organization"},"articleSection":["Cold email basics"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/","url":"https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/","name":"GDPR \u2013 General Data Protection Regulation Practical Guide","isPartOf":{"@id":"https:\/\/woodpecker.co\/blog\/#website"},"datePublished":"2018-01-18T15:50:47+00:00","dateModified":"2025-01-21T09:26:15+00:00","description":"General Data Protection Regulation (GDPR) \u2013 practical guide for email senders. How to send cold emails and marketing messages legally in 2018.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/woodpecker.co\/blog\/general-data-protection-regulation\/"]}]},{"@type":"WebSite","@id":"https:\/\/woodpecker.co\/blog\/#website","url":"https:\/\/woodpecker.co\/blog\/","name":"Woodpecker Blog","description":"Woodpecker Blog - Pro Tips on Cold Emails, Follow-ups, Sales &amp; Growth","publisher":{"@id":"https:\/\/woodpecker.co\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/woodpecker.co\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/woodpecker.co\/blog\/#organization","name":"Woodpecker.co","url":"https:\/\/woodpecker.co\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/woodpecker.co\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/woodpecker.co\/blog\/app\/uploads\/2015\/06\/WP_Logo_WersjaPodstawowa_Pionowa_CzarneTlo_RGB.jpg","contentUrl":"https:\/\/woodpecker.co\/blog\/app\/uploads\/2015\/06\/WP_Logo_WersjaPodstawowa_Pionowa_CzarneTlo_RGB.jpg","width":1240,"height":874,"caption":"Woodpecker.co"},"image":{"@id":"https:\/\/woodpecker.co\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/business.facebook.com\/woodpeckerapp","https:\/\/twitter.com\/woodpeckerapp","https:\/\/www.instagram.com\/woodpeckerapp\/","https:\/\/www.linkedin.com\/company\/woodpecker-co\/","https:\/\/www.youtube.com\/channel\/UCNN9wM55yaNI-KEZCfh66_A"]},{"@type":"Person","@id":"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/dbd5fae1eeb41a0caf2e2c7bda48059f","name":"Margaret Sikora","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/woodpecker.co\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/285df23338966e859f136eed9706c0a6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/285df23338966e859f136eed9706c0a6?s=96&d=mm&r=g","caption":"Margaret Sikora"},"description":"Product Manager and DPO at Woodpecker. A lawyer who gets the SaaS business, understands customers' needs, and speaks the language of IT guys.","sameAs":["https:\/\/www.linkedin.com\/in\/margaretsikora\/","https:\/\/www.instagram.com\/margaret.sikora.official"],"url":"https:\/\/woodpecker.co\/blog\/author\/gosia-sikora\/"}]}},"_links":{"self":[{"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/posts\/4404"}],"collection":[{"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/comments?post=4404"}],"version-history":[{"count":10,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/posts\/4404\/revisions"}],"predecessor-version":[{"id":17026,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/posts\/4404\/revisions\/17026"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/media\/4450"}],"wp:attachment":[{"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/media?parent=4404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/categories?post=4404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/woodpecker.co\/blog\/wp-json\/wp\/v2\/tags?post=4404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}