Permission to speak...

Repermissioning confirms trust and complies with GDPR

Many of you reading this will have gone through a data-cleansing exercise when the GDPR regulations were introduced in 2018. Some of you may have used a repermissioning campaign to gather opt-ins where they were missing.

So that’s job done right? Well, not necessarily. Depending on how long you stipulated those permissions would last, some of your database may be coming to the end of that period. You may also be sending marketing communications to sales leads and prospects under the legitimate interest purpose. If this is the case, you can only do so for one year.

In both cases, setting up a repermissioning campaign in your workflow can help to ensure your communications are welcomed by those who are still interested, and keep your database clean and compliant. Above all, it’s good manners and reinforces the basis of trust you have with your audience.

Treat it with as much care as your other marketing campaigns

Although repermissioning communications fulfil an important function, that doesn’t mean they have to be dry. In fact, if ever there was a communication that you want as many of your audience to engage positively with, this is it. So treat it with as much care and attention as any of your other marketing campaigns.

As long as the functional basics of the communication are covered, applying creativity and your brand tone-of-voice can persuade your audience to stick with you. Automation can also help to segment your audience and tailor your repermissioning messages to make them feel more personal. Some example segments might be:

• Opens emails and buys often
• Opens emails and buys infrequently
• Opens emails and clicks through to read more/browse
• Opens emails – no click-through
• Receives email – doesn’t open
• No response after 6 months
• No response after 12 months
• No response after 18 months


Regardless of how you tailor your messages, there are some fundamentals that must apply to all of them.

What a repermissioning email should include (ICO guidance)

A description of what the emails you’ll be sending may include:

• The ability to opt out in every email you send
• A link to your privacy statement
• Tell recipients they’ll be opted out if they don’t respond. You could send them 1 or 2 follow-ups, as long as you tell them you’re going to do so, and that they’ll be removed if they don’t respond to any of them
• Two equal-sized and clear buttons to opt in or opt out

The objective of your repermissioning campaign is to make sure your database holds a record of consent, so it’s worth making sure that everything is in place to do just that. 

Collecting and storing consent records compliantly (ICO advice)

Make sure that your database and systems can:

• Keep a record of when and how you got consent from each recipient
• Keep a record of exactly what they were told at the time

Also, make sure that the privacy policy is up-to-date for recipients to click through and read. For full transparency, this should set out the retention periods for the different categories of personal data you store. For instance:

• Competition entrants
• Marketing opt-ins
• Sales contact or phone inbound sales enquiries
• Customer contact

It’s just good manners (and an opportunity to improve)

As with all things GDPR, it’s tempting to see opt-in repermissioning as a regulatory overhead. But actually, checking in once in a while to see everyone’s still happy is just good manners and the basis for trust in a good relationship. You could also use it as an opportunity to ask those opting in and out what they like, dislike and what’s missing so you can continuously improve the engagement with your nurturing communications.

To find out more, get in touch with us today.