Can I use this list for email marketing?

Can I use this list for email marketing?

This is a question I was asked by three different business owners in a single week recently, which is my cue for a blog post!

I’ve had a list of email addresses for a while and haven’t done anything with them. Can I use this list for email marketing?

Woah, don’t load that list up into your email marketing platform and start sending emails, because there are a number of different things you need to consider here. And even if it turns out to be GDPR compliant, it might not be a great idea to send those emails for other reasons. Read on to find out more…

(Please note I’m not a GDPR expert, the following is what I’ve learned from my own research).

Did you buy the list from someone else?

In this scenario you may have bought a list of emails from a lead generation agency, or perhaps you have booked a stand at an exhibition and the exhibition organisers are offering to sell you a list of visitor emails. Can you use these lists in email marketing?

Be very careful here. The PECR (Privacy and Electronic Communications Regulations) sit alongside the Data Protection Act and GDPR and state that organisations ‘must have very specific consent for this type of marketing, and in most cases indirect consent (ie consent originally given to another organisation) will not be enough.’

It goes on to say ‘Organisations must check how and when consent was obtained, by whom, and what the customer was told. It is not acceptable to rely on assurances of indirect consent without undertaking proper due diligence, to demonstrate consent if challenged. Organisations seeking to rely on consent must ensure that consent was validly obtained, that it was reasonably recent, and that it clearly extended to them specifically or to organisations fitting their description.’

You can read the full guidance on using a bought marketing list on page 51, here.

The rules for business to business emails are more relaxed (see page 44, here) but it’s worth noting that sole traders and some partnerships are considered to be individuals, so if you have a list of mixed corporate/business and sole trader subscribers (which is true for many of us in the small business world) the rules for individuals will apply.

If you manage to stay on the right side of PECR and GDPR when buying a list, which is not easy, you’ll also need to look at the terms of your email marketing platform. Most don’t allow you to upload bought lists and will close your account if they find out you’ve done this.

Did you collect the subscribers on your own site, but some time ago?

It depends when and how you collected those subscribers. If they were collected before May 2018, the chances are that this data won’t have been collected to the standards required by GDPR, for example if subscribers have downloaded a PDF but not also consented to receive marketing emails. In that case, it’s best to send these subscribers an email asking them to resubscribe to your list, then delete the ones who don’t.

If you’ve complied with GDPR and PECR and your subscribers have been on your list for more than a few months with no contact from you, then you also need to be careful. Although you aren’t breaking any rules, your subscribers may well have forgotten that they subscribed and could consider your emails to be spam. To avoid them clicking the ‘report spam’ button, try a ‘warm up campaign’ by reintroducing yourself, reminding them that they subscribed to your list (and where they subscribed) and how staying subscribed to your mailing list will make their lives better.

You will want to minimise the chances of your subscribers reporting you as a spammer because this affects deliverability.

Did you collect the subscribers yourself, but on a different site from the one you’re promoting now?

You have two websites, can you use the list of subscribers you collected from one site to promote products and/or services sold on the other? Not unless they have consented to receive marketing emails on the material on both sites.

Are they business email addresses (so you think they don’t count for GDPR purposes)?

Many people assume that because business emails are shown freely on business websites, it’s fair game for lead generation agencies to take them and add to a list. This is isn’t true, because  even ‘work’ emails contain personal data in the form of the person’s name, and that means GDPR applies.

You could use a non-name based email such as but these are pretty ineffective for email marketing as they are usually shared mailboxes that fill up with spam. And you shouldn’t use non-business emails because these very definitely contain personal data in the form of the person’s name.

And GDPR isn’t the only rule that applies to email marketing, as I mentioned above PECR works alongside GDPR  – brief details about PECR are here,  the Direct Marketing Guide is here

Also, see ‘The rules for business to business emails are more relaxed…’ under ‘Did you buy the list from someone else?’, above.

How to build a list the right way

The safest and most effective way to build a mailing list is to have your subscribers willingly and happily opt in to receiving your emails. This will keep you on the right side of all the regulations, your email marketing platform, and give you the best open and click rate for your emails. There’s more on this in my post How to grow your list like a human being.

In my Free Business Toolkit I have much more advice  on streamlining your sales and marketing using tech  Click here to find out more.

For more help with getting started or doing more with email marketing, take a look at my Speedy Email Marketing Club.

Leave a comment