Here are the important rules ISVs need to follow to be GDPR compliant

Are you following the rules of email etiquette?

As an ISV, we’re always looking to get more leads, more contacts, more emails. That’s great and all and it should be a primary goal. But there are standards and rules to follow when you are collecting email addresses.

GDPR is something that has been coming up in many of my conversations lately. It’s something that often gets forgotten or overlooked when you’re participating in a virtual event, at a tradeshow, or a wide variety of other marketing initiatives.

Here are the ins and outs and important rules you need to follow to be GDPR compliant.

Let’s start off with, what is GDPR?

At its core, GDPR is a set of rules designed to give EU citizens more control over their personal data. Basically, you shouldn’t share your lists with others without their consent or email anyone without their consent.

While this is mainly for the EU, there are many countries getting on board so that’s why we all should follow the GDPR rules.

GDPR has established a list of countries that provide an adequate level of protection. These countries include New Zealand, Argentina, Switzerland, Israel, and Canada.

In the case of the United States, it is necessary to refer to the Privacy Shield convention, which came into effect in 2016 after the Court of Justice annulled the Safe Harbor agreement. Thus, it is possible to transfer personal data but under the condition that the recipient companies have previously registered in the database maintained by the US administration.* (source,

If there’s one business that’s all about exchanging contact info, most would agree our industry ranks pretty high.

Why does privacy matter?

  1. It’s the law – If you’re collecting contact information from EU citizens, GDPR applies to you, whether you’re in the EU in the UK or wherever you are in the world. 
  1. It’s the right thing to do – Do you really want to be a business that sends emails to people who don’t want to get them? No, of course not. Do you want to keep personal data after you’ve been asked to delete it? No. Do you want to track people behind their back without their consent? You get the idea. 
  1. It’s important based on the marketing best practices below.

How Does This Affect Email Marketing?

The GDPR’s impacts on marketing practices require all email marketers concerned with the GDPR to address how they pursue, obtain, and document consent where it’s needed.

To ensure compliance with the GDPR, marketers should provide individuals with choices regarding marketing (e.g. obtain opt-ins and maintain a preferences page).

Mail filters are getting better and better at detecting what mail is “wanted” by recipients. A major indicator of this is spam complaints (when a user marks a message as spam in their inbox). And, a major contributing factor to getting more spam complaints is when recipients aren’t clear on why they are receiving that message.

Marketers should also remove recipients who have withdrawn consent and consider removing recipients who appear to have stopped engaging with your brand for a long time.*(source, )

How can you be GDPR compliant?

There are a few ways you can do this but mainly you need to ask for consent.

When hosting a virtual event it can be something as simple as a checkbox on the registration page asking them if they want to receive information from the sponsors.

When you create a landing page for a webinar adding language like this, 

By clicking this button, you submit your information to the webinar organizer, who will use it to communicate with you regarding this event and their other services.

Always include subscription preferences on your emails and give them an easy way to opt out.

When you import your list into a marketing automation platform it always asks, did those on the list consent to be contacted. This is to make sure you are following the GDPR guidelines.

What it all boils down to, make sure you have their consent in some way, shape, or form.

Was this article helpful? I would love to hear your thoughts and suggestions for future blog posts as well. Feel free to email me,

One thought on “Here are the important rules ISVs need to follow to be GDPR compliant

Leave a Reply

%d bloggers like this: