Six simple steps to build a GDPR compliant database

By August 21, 2020Blog posts
Six simple steps to build a compliant database
arrow left
Back to news

Six simple steps to build a GDPR compliant database

Email marketing is dead. No, it’s alive. Actually it’s dead. Whatever. Email marketing isn’t going anywhere, so let’s end that debate here and now.

With an informed strategy behind it, email marketing can be your very best asset. It can:

  • Nurture leads to paid up customers
  • Create sales opportunities
  • Keep your customers engaged with your business
  • Drive web traffic

But that’s just the thing. It needs to be done well. If you send random emails as and when you like, to people who don’t know your business, full of typos, broken links and a whole host of other catastrophes, it can be a lethal weapon (cue 80s hair and saxophone music).

If email isn’t your jam, we can help. As a digital marketing agency with in-house email marketing nerds, we know our stuff.

You can’t have a successful email marketing program without a GDPR compliant database. But where to begin?

#1 CRM database

Before you can do anything, you need a compliant database home that is secure. Enter CRM systems, check your Excel spreadsheets at the door please! Many email service providers will come with something built in, and all will integrate with the big players such as Salesforce and Microsoft Dynamics.

Your CRM platform should have the data fields mapped so that it collects and stores exactly what you need. This should also include the date and time that your subscribe signed up and confirmed their opt-in intention.

#2 Sign up forms

With the GDPR bursting onto the scene in May 2018, a lot changed about how you can collect, process and store data (you can read about that here). But if you start out with all the elements in place, it need not be such a headache.

First things first, make sure your form has a transparent description. Simply saying Sign up for our newsletter just won’t cut it anymore. Your wording should include:

  • Sending frequency
  • Your content
  • What you’ll be doing with any data (if it’s more than simple name and contact details)
  • Contain a link to your privacy policy
  • Have an unticked (yep, that’s important!) tick box as a statement of intent to sign up

A great example is this below from dog food brand EUKANUBA. Let’s examine:

GDPR compliant email marketing sign up form

  1. Sign up for monthly expert tips and incentives – an overview of what and when
  2. Track your dog’s development… – reason for collecting additional data (e.g. breed size and age)

When you create your form, it’s also a good time to have a think about anything extra you need to collect to run your email program. Ideally, you want your form to be quick and easy to complete, otherwise you won’t get many conversions. You can always collect more data at another time, with specific campaigns.

#3 Form placement

So you’ve got your form, now it’s time to place it. If you have just one sign up form, it is best placed in the footer of your website, as it’s easily accessible.

If you have multiple forms (e.g. for gated content downloads or to sign up to different lists perhaps), those should be embedded only on the relevant pages.

You can also consider pop ups where you have reason to believe the website visitor is primed to sign up. This could be based on session duration, pages or something else. The key here is balance, so that you don’t annoy your subscribers.

#4 Purchasing data..?

One of the biggest debates in marketing. It’s a big no no for consumer goods. It’s slightly less contentious for B2B, but you need to have a decent prospect workflow to make it work.

If you’ve made the decision that you want to buy data to bolster your lists, it is absolutely essential to make sure it is verified, compliant and up to date. We can help direct you to trustworthy database consultancy services.

#5 Keep that list clean!

Most spam laws now mean that having a double opt-in mechanism on your database is standard. This means that once a person signs up to your list they’ll receive an email asking them to click to confirm they meant to sign up. This is the first step to a sparkly, clean and compliant list. This should also mean that your subscribers have a timestamp against their confirmed sign up in your CRM platform.

Keep an eye on bounces. Most email service providers will have automated rules in place that after 2 or so bounces, email addresses will be removed from your list.

Hubspot says:

Bounce rates are one of the key factors internet service providers (ISPs) use to determine an email sender’s reputation, so having too many hard bounces can cause them to stop allowing your emails in folks’ inboxes.

Whatever you do, never ever scrape websites for email addresses. It’s really not cool and is the lowest of lows, not to mention illegal. No further explanation needed (hopefully).

You can read more about list hygiene here.

#6 Sender info

When you’re setting up your email marketing platform, you’ll be required to set a subdomain of your website. This is so that should anything go sour, it won’t affect the infrastructure of your website and internal email addresses. It’s usually a case of appending “newsletter.domain” or something similar.

Not only this but it’s really important to set up an inbox where you can receive replies to your marketing – automated and actual responses. Make sure it’s not someone’s existing email address for reasons above, but it must be monitored. GDPR law states that manual unsubscribes are mandatory, as well as information requests (e.g. how did you get my data).

It’s really poor show, not to mention against data laws, to send using a “noreply@domain” address!


Making sure your email database is compliant really can be that simple, provided you know what to do. While it is a big task, if you break it down into these fail-safe steps, you’ll have it under control in no time.

If the thought of organising your existing database (or starting from scratch) gives you a burning feeling in the pit of your stomach, fill out your details below. And, probably go see someone about the stomach pains… it doesn’t sound healthy!

  • This field is for validation purposes and should be left unchanged.