It seems that there’s been a recent, gradual onslaught of articles and rhetoric about the Global Data Protection Regulation (GDPR), and the penalties for non-compliance.

We’ve certainly discussed tips to know, insights to harness, and tactics to take in order to help you prepare for the new regulation that will affect the majority of global businesses.

Of course, the common denominator among all things GDPR and the core of the new law(s) is data…how it’s given and collected, how it’s used, stored, made available, anonymized, and even erased.

A 2017 report from W8 Data offers a rather ominous statistic: under the GDPR’s new stipulations, approximately 75% of existing customer data is now rendered useless.

Global marketing teams have been and are making efforts to prepare as we’ve seen an uptick in re-permissioning campaigns across all industries.

But if only one-fourth of existing customer data is actually usable under the GDPR, it raises several questions:

► How do you know which data that is, and how can you isolate it for use?

► What can you do with the mass of data that’s supposedly unusable?

► What can be done going forward to ensure 100% of data is in-line?

We need to, collectively, shift from a mentality that all non-compliant or previously-collected customer data is useless as that just isn’t true. The reality is that existing data IS actionable — just in new ways and for new purposes.

twitter Industry rhetoric would have you believe that all pre-GDPR collected #customerdata is now useless & non-compliant. That’s not true — use that #data in new ways like for re-permission campaigns CLICK TO TWEET

How Do You Know Which Data is Usable or Unusable Now That The GDPR is in Effect?

If you have some concern as to whether all, most, or some of your critical customer data was collected in non-compliant ways in the years and months leading up to the GDPR, you’re not alone.

Before the GDPR, most countries had different data privacy laws and regulations. In Hungary, for example, we had rigorous regulations in place, even before the GDPR. Regardless of where you are in the world, the biggest change is the idea of necessary consciousness of consent of the end users.

As my colleague Alex Timlin pointed out, “the world is full of bad [data use] practices. This points to the need for more regulation to protect against these ‘bad actors.’”

Data collection practices that you could previously “get by with” — or which were at least considered common or permissible amongst the marketing masses — are no longer able to be used. And some of the ways you used that data will have to change, too. Now, you can’t:

  • Use email addresses collected for one purpose/reason for other purposes (e.g. sending unsolicited marketing emails to contacts who gave you their email for a magazine subscription)
  • Communicate with customers without being able to prove/demonstrate consent
  • Pre-check boxes to receive additional communications — requests for consent must be “clearly discernible” and data subjects must actively indicate that they want specific communications

If you can isolate previous campaigns within your CRM system — and the exact form or method by which subjects opted in — you can start to figure out which data may’ve been collected in non-compliant ways and which is still OK to use.

While this method might help here and there, it isn’t 100% accurate, and leaves too much to chance. The better option is to take action now to ensure compliance and ensure contacts actually want to remain in communication with you.

How? Re-permission them.

Re-Permission Customers with the Mass of Previously-Obtained Customer Data

Previously collected data — even email addresses which you believe or know weren’t collected in a compliant way or which have been abused with unwanted communications — are not useless.

You can and should still use them… one more time, for re-permissioning.

In March, we published the Definitive Chapter Guide to Re-Permissioning Campaigns for GDPR where we took an in-depth dive into everything you need to know about executing these consent campaigns.

While you’d ideally want to re-permission all contacts (especially given the new regulation) inactive database contacts (say, six months of inactivity) and contacts with who’ve hard bounced or marked you as spam are absolute musts to re-permission. The lack of engagement on their part indicates that they don’t want to be involved with your brand for one reason or another — whether they’re sick of receiving updates, feel they’ve been “duped,” are no longer extracting the value they anticipated form you, or are being communicated with under false pretenses.

Ensuring Data Compliance Moving Forward

Aside from admittedly steep financial ramifications for non-compliance (depending on the level of breach/threat, fines could be either 4% of annual turnover or €20M euros), what do companies risk by continuing to leverage some “illegally-obtained” data in their database?

By continuing to contact people who don’t want to hear from you in whatever way you’re communicating with them, you also risk:

  • Decreased engagement — lower open rates, click-through-rates, and click-to-open rates
  • Hurting your deliverability rate and sender reputation/score
  • Negatively impacting your brand reputation
  • Reduced conversions on future campaigns
  • Less purchases and plateaued revenue

“Dirty data” is one of the most critical issues facing many brands. Flawed data costs the U.S. roughly $3B per year, according to a 2016 Harvard Business Review article. Not all bad or unusable data is caused by something that the marketer did — we covered the issue of dirty data and database cleanliness a while back.

Nonetheless, maintaining a continually-clean and addressable customer database by controlling the elements which you can — sign up forms, seeking clear consent, and staying true to your word — will ultimately help maintain clean data because customers will actually want, expect, and look forward to hearing from you.


Remain conscious and transparent with regard to data collection itself, including your intentions when seeking a subject’s data in the first place. Focus on the value proposition of the specific service for the end users.

If you have non-compliant data in your system — most companies do — don’t start panicking.

Take steps to move closer toward compliance and database cleanliness, and continue maintaining data collection best practices in accordance with the GDPR. You’ll continue to work your way toward 100% compliance… not to mention happier, more satisfied customers, and better long-term relationships down the road. ◾

GDPR  Compliance Webinar

Handpicked Related Content:

Levente OttiLevente Otti has been serving as Head of Data at Emarsys since 2015. In his role, he is accountable for heading the Data team and addressing data-related projects like data storage, how to query and collect data from a variety of sources, evaluating data mining models and performance, and implementation and deployment of machine learning solutions in large-scale scenarios.

Connect with Levente: LinkedInEmail