GDPR For List Building

So it's been almost 2 weeks since the new GDPR came into play on May 25th and there are still a ton of questions and concerns about how the General Data Protection Regulations (GDPR) will affect small business owners.

I'm not a legal professional, so this information is purely for guidance, but I have researched GDPR and hosted a webinar on the GDPR for Small Businesses with the fab Leanne Pogson from Leap HR. If you want to watch a replay of that webinar, read on and I'll tell you how to grab it for free in a moment.

This article is to relay some fears regarding GDPR for List Building -what you can & can't do, what you must do, and what myths are going around at the moment!


GDPR For List Building

Email marketing is a fast, low cost and highly effective way to keep in touch with your target audience and make sales in your business, so building and growing your email list should be a major focus in your business.

Let's take a look at what you need to do with your current email list and how to ensure your opt-in forms are GDPR compliant!


First of all, let's bust some myths around GDPR!


  • 'I have to delete my entire mailing list and start from scratch'

BUSTED! You absolutely do not need to do this!


  • 'I have to email my entire email list and ask them to resubscribe'

BUSTED! You don't legally have to email your entire email list and ask them to resubscribe!

BUT... You must be able to prove where and when you received consent from every person on your email list.

If you used double opt-in's you have your proof right there. If you had a checkbox that was manually ticked by the subscriber and this is recorded in your email management system, that's also proof.

The ICO recommends that 2 years is the longest period of time you can hold consent for, after that time you need to get consent again.

"If in doubt, we recommend you consider refreshing consent every two years" - ICO


Schedule an email campaign to be sent to all subscribers every 1-2 years to refresh consent.

If consent was given within the last 2 years, check that you can prove where and when they gave consent. Click here to read the full details about obtaining consent.


'I sent a re-subscribe email to my list and they didn't click to re-subscribe, I can just leave them on my list, right?


Absolutely not! Even though we know that not everyone on our email lists actually open, read or take the action we have asked them to, you can only leave someone on your email list if they actively click to resubscribe.


  • Can I email businesses without consent?


Businesses such as B2B customers, limited companies, limited liability partnerships (although this may change with the new e privacy regulations) don't need to give express consent. You must give them the option to unsubscribe in every email though.

However, note that Sole Traders and members of unincorporated partnerships are considered an 'individual', so you will need to get express consent from them.

  • Do I really have to give the option to unsubscribe in every email?


It can be a simple link in the footer of your email, so you can set it up once and not have to worry about it again.

  • What is 'Legitimate Interest?

Legitimate Interest is the term used for individuals who are clients, customers or have made an enquiry with you.

It can also be your own interests. It's the most flexible reason for keeping data, which can be a good thing, but there are guidelines to it.

If you choose to rely on legitimate interests, you are taking on extra responsibility for considering and protecting people’s rights and interests.

Read more on Legitimate Interests on the ICO website here.


As a small business owner or entrepreneur, you probably have a ton of opt-in forms (also known as sign up forms, contact forms, lead magnet forms etc).

You can still use these forms!

You just need to make a few changes or additions to them (and it's easy to do!)

  • Firstly, remember to only ask for the information you absolutely need. If you don't need an address, phone number or date of birth, don't ask for it. Most likely, you'll just be asking for their name and email address.
  • Next, add a sentence linking to your Terms & Conditions or Privacy Policy (this is the web page where you detail what information you collect and why you need it).
  • Add a checkbox for people to manually tick (nothing pre-filled!) to acknowledge they have read and understand your terms.
  • Lastly add a final checkbox and ask if the subscriber would like to be added to your mailing list. Mention that they can unsubscribe at any time.


  • Don't let GDPR scare you or put you off email marketing or collecting people's' email addresses!
  • Email Marketing is one of the most important strategies for getting more sales in your business and can absolutely still be done perfectly legally!
  • When thinking about GDPR in your list building efforts, be sure that you are being open & honest & give your audience to make their own decisions
  • Keep your email list clean and update it regularly

Need help growing your business to the next level?

Step 1:

Join my FREE Facebook Group, The Female Coaches Lounge - Organic Client Attraction, Marketing & Mindset CLICK HERE

Step 2:

Grow your business with these incredible resources! CLICK HERE!

Step 3:

Find out about my new coaching group! Send me a message HERE with the word 'PROGRAM' and I'll reach out to you with all the deets!


FREE Profitable Facebook Group Checklist!

Discover exactly how to grow & monetize your Facebook Group from day one!

Enter your info below!