loading loading

Sometimes it just takes the right introduction.

loading loading
white white

Are You Ready For GDPR Regulations?

Karen Buelter

May 22, 2018

What you need to know and how Ascent360 is helping


General Data Protection Regulation (GDPR)

On May 25th, the new privacy law for the European Union (EU), known as the General Data Protection Regulation (GDPR) will be immediately enforceable. This regulation will greatly simplify the privacy laws in the EU which while good news for email marketers, it will also be the strictest law globally.  It will require that any marketer with EU consumers data will need to comply with this law, regardless of where they are headquartered. 

GDPR Overview

There have been many articles published on this topic in the past year but we wanted to make sure you were aware of some of the required changes.  This article from Litmus on the Top 5 things you should know about GDPR provides additional information that may be helpful as you finalize your compliance with this law. 

GDPR requires that brands collect affirmative expressed consent that is “freely given, specific, informed and unambiguous” to be compliant.

To be compliant with GDPR, you must have Expressed Consent from all EU consumers before May 25th or you will need to stop emailing them.  The Information Commissioner’s Office has provided consent  guidance that you may want to have your legal team review to determine how your organization will decide to comply.


Many email marketers are choosing to send a re-permissioning email to capture expressed consent from EU consumers.  Re-permission email examples can be found online, and some examples can be found on this article from Litmus.

It is important to note that pre-checked opt-in boxes, often part of purchase transactions, are not compliant with GDPR.  If you have ever used a pre-checked box or other implied consent-based approach to build your email list, you should work to gain expressed consent from your EU consumers before May 25th.

This law applies to any company, in any country, that has data from EU consumers

Although you ultimately are responsible for compliance with GDPR, as you are with CASL, and CAN-SPAM, Ascent360 will be providing the following fields to help you comply:

  1. Email Permission Status – this field will be set to either a Yes or No, indicating if the consumer is contactable. It will be populated with a Yes, only if Expressed Consent has been given by the consumer. 
  2. Date of Expressed Consent – will show on what date express consent was provided.
  3. First Source – will indicate what form was completed by the consumer when providing expressed consent.

If you would like to simply stop marketing to EU consumers as of May 25th, please let your Account Manager know as we can change the GDPR Permission Status on known EU consumers to No.

Q & A

  1. Should I remove the pre-checked box from the bottom of my transaction confirmation page?
    1. To comply with GDPR, you cannot email EU consumers who have not expressly opted in, and therefore, a pre-checked box would not be in compliance.
  1. My business is not located in the EU, do I still need to comply?
    1. Yes, if you have any EU consumer data.
  1. Can I email EU consumers after May 24th to gain consent if they have already given me implied consent?
    1. You would be in violation of the law if you emailed an EU consumer after May 24th.
  1. What if I don’t know if a consumer lives in the EU, in other words, they are using a gmail.com domain name and they haven’t provided me with their mailing address?
    1. Some organization are choosing to add them to the re-permissioning campaign while others are choosing to assume they are not EU consumers
  1. Can I still use EU consumer email addresses for targeting in Social Media platforms like Facebook?
    1. You should only use EU email address data if you have expressed consent and this type of usage is covered within your privacy policy.
  1. Should I delete all EU consumer data from my systems if I don’t receive expressed consent by May 25th?
    1. You should talk with your attorney to decide how you would like to handle EU data.
    2. Are changes needed to my privacy policy?
    3. You should have your legal team review your privacy policy to determine if changes are needed.


This information is intended to provide a high-level overview about compliance with GDPR, but it is not intended as legal advice.  As with all new laws, you should contact your attorney for compliance advice specific to your organization. 

More Resources Like This

box resource


Smart Plays for Better Email Marketing With Ascent360

As we enter 2020, email remains a crucial tool for marketers. With a 4400% return on investment (ROI) — $44 for every $1 spent — it’s the most effective, affordable way to engage with audiences at scale. So why aren’t you seeing results?

box resource


We are 2 for 2!

For a second year in a row Ascent360 was nominated for Bank of America Merrill Lynch’s Colorado Companies to Watch….

box resource


Ascent360 Heads Into 2019 With An Investment Boost

CDP SaaS Company Secures Series A Investment Denver, CO, December 3, 2018 — Ascent360, a Golden-based software company, is pleased…

box resource


Ascent360 in OUTSIDE Magazine’s 50 Best Places to Work!

Ascent360 is proud to be selected as one of OUTSIDE Magazine’s country’s best employers in its “50 Best Places to Work in 2018”  list.


Ready to see what great things we can do together?

We guarantee at least a 2X ROI within the first year.

Request Demo Contact Us