From the 25th of May 2018, the new General Data Protection Regulation (GDPR) will have a direct impact on any business or organisation that uses personal data belonging to EU citizens. If you use email marketing for your business, it is vital that you understand the new European law concerning data privacy.

What is GDPR?

GDPR is a new set of rules set out by the European Union to give consumers a greater say in how companies collect and use their data. GDPR will affect every company that uses personal data from EU citizens. If you’re collecting email addresses and sending email to customers in the EU, you’ll have to comply with GDPR – no matter where you’re organisation is based.

How will it affect Email Marketing?

Email marketing is continuously evolving but the GDPR will affect it in various different ways. GDPR has a direct impact on how marketers seek and obtain consent. The new laws are stronger and are a more effective way to protect people’s privacy.

Here we outline where GDPR will impact email marketing:


Starting in May 2018, silence or pre-ticked boxes is not a way of consent. GDPR stimulates that you must obtain consent via ‘a clear and affirmative action’. Personal data can include name, email address, phone number or IP address. Marketers cannot contact email users who do not wish to be contacted. Double Opt-in can be used as a way to prove permission to use one’s data.

Right to be forgotten

With the new GDPR law individuals have a right to be forgotten. This means all marketers must ensure they are able to erase all user data upon request.


GDPR prohibits the exchange and selling of personal data. It will not be possible to use data collected for one purpose such as newsletter and use it for another purpose.

Xtremepush Email Solution for Marketers

With Xtremepush, data is right at the core of our business. We have created a powerful platform which in itself addresses key GDPR compliance requirements. Our Email solution enables enterprise brands to be compliant with GDPR by design;

  1. Target via segments; no email lists required
  2. Data centrally aligned; no viewing of individual profiles required
  3. Full audit trails of data; super-user will have access to all data when required or requested by user
  4. Right to be forgotten; all data can be removed from the database

Xtremepush and GDPR

We have added a new module to our platform, specifically to cater for Customer Consent Management and Customer Data Management in the broader sense (with GDPR Privacy, Customer Consent, and Security built into to the module by design).

Key GDPR features of our platform include

  • Enterprise-Grade security controls (passed multiple bank security tests)
  • A Customer Consent module that enables real-time exclusion of Customer data across multiple channels, and an ability to manage Customer Consent not just at an individual level but also at a segment or group level if required.
  • The platform has an inbuilt Real-Time Auditing Capability to report on Consent and PII data protection components.
  • The right to be forgotten is enabled through the Customer Consent Management Module
    Our Agile Platform (cloud or on-premise ) has been built with data protection and privacy rights at its core by design.

Xtremepush is perfectly positioned to manage your GDPR data protection, consent and right to be forgotten requirements, via a powerful, secure and resilient platform.

To find out more about Xtrempeush and we how we help you be GDPR compliant, speak to the Xtremepush team today. 

Catch up on our GDPR series here