3 of the Only GDPR Emails We Didn’t Delete (And 2 We Promptly Did)


Sometimes you have to crowd-source material, and sometimes doing that is the worst idea you’ll ever have. 

This post is a little of both. 

To begin with, here’s a pretty familiar sight: 

gdpr email search bar-1

gdpr emails number-1

You see, I (like you, if you live in the EU) have gotten 768 emails containing the acronym “GDPR” over the last few months.

While I appreciate the steps that are being taken to increase online user security, and while getting the first few was cool, it is decidedly uncool that they all took the guise of an EU clone army of marketers programmed to send the same “we’re updating our privacy policy” message. Here’s a sample:

privacy policy update emails

Note: I blurred out a few that weren’t privacy policy emails or whose identities I wanted to keep private

Since GDPR will be at the back of our minds soon, and since it’s the one week anniversary of its enactment, instead of our weekly round-up of events using Tito, this Friday I wanted to focus instead on the truly annoying and amazing GDPR emails that came to our inboxes. 

I put it to our company Slack to see if anyone had examples of GDPR emails that broke the spammy norm.

Now, I should clarify that there were a couple of exceptions that I didn’t list here because they didn’t win re-subscription by virtue of their email copy and strategies. Rather, they were services that we knew we wanted to use again regardless of what the email said (some examples include newspaper and software subscriptions.)

Instead, here are the GDPR emails that actively convinced us, and what marketers can learn from them:

The Winners: 

1) Mr. Scruff 

I don’t even know if Mr. Scruff is a person. My familiarity with Mr. Scruff is that song of his that came with every machine with Windows 7 installed on it, and it wasn’t even the good Mr. Scruff song

To reiterate, the problem with a lot of the GDPR emails was that they were humourless, brandless, and faceless. This email was a perfect antidote to all this; a set of comic panels featuring what looks like a potato in a moustache:

Mr Scruff 1

Mr Scruff 2

Mr Scruff 3

Even though what companies were sending spoke about a piece of EU legislation, it’s important to remember that those emails were being sent to people who we wanted to stay in touch with us specifically. The absolute worst way to achieve that is to send the same thing as everyone else. 

What marketers can take away from this:

Play to your audience – If you’re an electronic jazz musician, you should probably be a bit more lighthearted than “we’ve made some changes to our privacy policy.” The same goes for conference organisers, people who plan meet-ups, or those working in any industry that doesn’t have strict by-the-letter laws about the copy you can and cannot send to subscribers.

2) Machynlleth Comedy Festival

The h/t for this one came from our Communications and Events Manager, Annie

gdpr email from annie

And she didn’t!

The beauty of this email starts with its subject line.

“Okay, let’s get this done” is an honest acknowledgment that there were literally billions of these types of emails sent in the past 2 weeks. It’s human, and humble. Some brands attempted this by saying their email was “The last one! Promise!” only to be followed up by a message from another company with a synonymous greeting. 

The content wasn’t wildly creative, just a pleasant reminder of who was sending the email and why:

Machynlleth email

What marketers can take away from this:

Keep it simple – It seems intuitive, but getting straight to the point is the most fundamental skill email marketers can master. So many GDPR emails contained whole privacy policies (that subscribers were highly unlikely to read) instead of sticking to the basics that needed to be included to constitute what people were opting into. While it’s important to communicate the updates with your subscribers, pasting it into an email isn’t the most digestible medium to send it in. 

Instead, a simple message like this saves the marketer, the receiver, and the server time. 

3) Zoom

Zoom is one of my favourite video conferencing softwares, but that doesn’t mean I necessarily want to get emails from them. My logic for this is that I’ve used Zoom for one-to-one calls and webinars before, but now that I know how to use the tool for the purposes I need daily, what more could I want to know about it?

Well, exactly what they’ve lain out in the email that convinced me, actually:

Zoom GDPR email

This email has a lot going for it:

  1. It’s short
  2. It has a clear call-to-action (which we’ll get into more detail about shortly) and
  3. It adds value

Specifically, my eye was drawn to the two CTAs in this email. For me, I’m weary of getting too many emails (as is everyone, I think), but the option to choose when and how I get them is an incentive that drew me in. This approach also suggested to me that the brand sending that option understands that people who receive emails communications want to have a level of control, and that they respect that. 

Further to that, the team at Zoom outlined the types of content that they produce, and that they aren’t all strictly product-focused. As a marketer in the events space, the topics mentioned could be useful to me for future research, thus drawing me in and ultimately leading to me consenting to their updates. 

What marketers can takeaway from this:

Sometimes you’re selling the content, not the product – If this email had been about the benefits of Zoom (which I already understood) I wouldn’t have resubscribed.

When you’re trying to enrich the experience of those who are not only subscribers, but customers of your brand, it’s helpful to acknowledge that, while your product may satisfy their functional requirements, your advice and research has potential to help them in other facets of their jobs. 

And then, there were:

The… Non-Winners

1) Verto Analytics

Verto aren’t, by any stretch of the imagination, the worst offenders in this list. The issue with their GDPR email strategy was the frequency of their notices, and the homogeny of them:

verto analytics gdpr emails

Their message, by all accounts was pretty good:

verto analytics email

It covered the recommendable bases of:

  1. Confirming the value of their content
  2. A clear call to action to confirm my subscription and
  3. A brief explanation of the impact of GDPR on the communications I’d get

The issue was a catch-22 of sorts; by sending me four identical emails, they raised a red flag in my mind that they would send me emails at a frequency that I just am not comfortable with. It also signaled that, instead of focusing on being compliant, their persistence meant that they were mostly interested in keeping their subscriber list as big as possible. 

What marketers can take away from this:

Change it up – While there are some instances where emails don’t get opened because of a lack of time, you don’t increase the likelihood of someone opening the email by sending it repeatedly.

Instead of sending the email more than once in hope that the recipient will have more time at the next interval, try variations (whether that be the subject line, design, preview text, or copy) if you really have to send it more than once without adding more value. A/B testing isn’t anything new, but neither is spam, and the first is significantly more forgivable than the second. 

2) BSN

baker gdpr

There are many things wrong with this: 

  1. I didn’t follow them in the first place
  2. They’re threatening me about threats to hold onto my data
  3. They want me to email them to send me more emails despite the fact that they have a (possibly non-functioning?) unsubscribe link in their email footer
  4. This email is all about them, rather than even a hint about GDPR, except that it exists
  5. It has a social sharing button. Presumably so I can share how bad this email is. 

What marketers can take away from this:

By all means add social buttons to emails that contain articles or other content that you would like all to see, but hold off for sensitive communications about your contact base’s privacy. But don’t do anything else that this sender did

Unfortunately (or fortunately, depending on how you look at it) GDPR emails are now a thing of the past. What we should take from this is that GDPR came about in part because of the onslaught of email volume and the abuse of personal data for financial gain, with no consideration for the pressure and aggravation it caused for the recipients. 

In conclusion, what I learned from the whole experience is that GDPR should be taken as an opportunity for us to take a breath, step back, and craft genuinely useful, delightful emails to our customers, peers, or anyone that deserves the simple dignity of being addressed as something better than “[[first.name]]”.

If you’d like some more insight into how GDPR affects you as an organiser, we’ve written a series of other posts for inspiration and to answer some of the most frequently asked questions on the subject.