When GDPR rolled out, many businesses had to rethink how they managed email lists. The focus shifted to getting clear, updated consent from subscribers through repermissioning campaigns. While these campaigns often reduce list sizes, they lead to better engagement and compliance.
Here’s what you need to know:
- Why it matters: GDPR requires proof of consent for email marketing. Without it, you risk legal issues and poor engagement.
- How it works: Repermissioning involves asking subscribers to confirm they want to stay on your list. This often improves deliverability and engagement.
- Results: Companies like Limoges Jewelry and Notino saw higher revenue and cost savings despite reducing their email lists.
The article dives into examples, strategies, and tips for running effective campaigns, from segmenting your audience to crafting clear messages. It’s not just about compliance - it’s about building a better connection with your subscribers.
GDPR Repermissioning Rules and Requirements
What Repermissioning Means
Repermissioning is essentially renewing consent to comply with GDPR standards. When GDPR came into effect, many businesses realized their existing email lists no longer met the updated legal requirements. This realization shaped strategies for segmentation and email marketing platforms, which we'll explore further.
The key takeaway? If you can't provide evidence of when, how, and for what purpose consent was obtained, you cannot legally rely on it. As Tilman Harmeling from Usercentrics GmbH puts it:
If you can't prove when, how, and for what consent was collected, you can't rely on it.
GDPR Consent Requirements
Article 7 of the GDPR outlines that valid consent must be freely given, specific, informed, and unambiguous. Additionally, businesses are required to maintain an auditable record of when, how, and what consent was granted.
This means keeping detailed metadata, such as:
- The exact date and time the consent was given.
- The method used to collect consent (e.g., a specific web form).
- The precise version of the consent statement shown at that time.
The Information Commissioner's Office emphasizes this point:
Consent requires a positive opt-in. Don't use pre-ticked boxes or any other method of default consent.
These strict requirements highlight why repermissioning is vital - not just for legal compliance but also for maintaining clean and effective email lists.
Why Repermissioning Remains Necessary
Repermissioning doesn't just ensure compliance; it also improves operational processes. It's especially important during changes like database migrations, adjustments to data-handling practices, or adapting to new regulations. For ongoing compliance, it's a good idea to refresh consent periodically, typically every 12 to 24 months, especially for inactive users.
Beyond compliance, repermissioning acts as a list hygiene tool. Removing unengaged subscribers who fail to re-confirm consent can lead to better email deliverability. In fact, about 45% of recipients who receive re-engagement campaigns continue to engage with future emails from the brand. Dale Langley, Global Head of Email Strategy & Deliverability at SAP Engagement Cloud, explains:
Having subscribers opt-in to marketing communications means that they're indicating that they want to hear from you. This has a number of benefits including cleaner data and increased engagement.
sbb-itb-6e7333f
GDPR Vs PECR (Privacy & Electronic Communications Regulations) - email marketing re-consenting myth
Segmentation Strategies for Repermissioning Campaigns
GDPR Repermissioning Segmentation Methods Comparison
Getting segmentation right is key to balancing compliance and engagement in GDPR repermissioning efforts.
Segmenting by Subscriber Behavior
One effective approach is to divide subscribers based on their email engagement levels. This usually involves creating groups like active, occasional, and inactive subscribers.
For example, in a campaign led by Diana Primeau, CNET's Director of Member Services, behavioral segmentation played a pivotal role. During late 2012 and early 2013, her team defined "inactive" subscribers as those who hadn’t opened an email in 120 days for a sweepstakes or 180 days for a final cleanse. They sent a sweepstakes email featuring a trip to the Consumer Electronics Show, which successfully re-engaged 8.33% of the inactive group. Active subscribers received straightforward confirmation emails, while inactive ones were targeted with more persuasive "win-back" content.
Next, let’s see how segmenting by inactivity period can refine this approach even further.
Segmenting by Inactivity Period
Time-based segmentation focuses on how long a subscriber has been inactive, using specific timeframes - such as 6, 12, 18, or 24 months - to customize the messaging style and urgency. The longer the inactivity, the more pressing the message.
For instance, Limoges Jewelry ran a three-step campaign in March 2012. They started with a discount offer, followed by a request for customer opinions, and ended with a final opt-in confirmation. This strategy boosted both revenue and clickthrough rates significantly. Similarly, in late 2014, Larissa Cox, Marketing Manager at SafetyLine Lone-Worker, invited a dormant database to an online "website launch party" requiring an RSVP. This re-engaged 5% of the inactive list and achieved a 14% conversion rate on the landing page.
Now, let’s compare these segmentation methods to see how they stack up.
Comparing Segmentation Methods
Each segmentation approach has its strengths and challenges, as illustrated in the table below:
| Segmentation Method | Criteria Used | Campaign Approach | Performance Impact |
|---|---|---|---|
| Behavioral | Engagement metrics like opens, clicks, and purchase behavior | Targeted offers for lapsed buyers; preference centers for active readers | Maintained steady revenue with minimal disruption |
| Inactivity Period | Time since last activity (e.g., 6, 12, 18, or 24 months) | More urgent messaging as inactivity increases | Improved deliverability and engagement rates |
| Consent Quality | Incomplete consent records | Updates on legal/privacy policies for recent activity | Reduced legal risks and ensured compliance-ready records |
One standout example comes from the National Garden Scheme. They combined both behavioral and time-based segmentation. By cleaning their newsletter list of 41,530 subscribers, they narrowed it down to 15,215 active, consenting contacts. At the same time, they segmented users into interest-specific lists, growing their "ticketed gardens and events" group from just 229 to 13,304 contacts.
Writing Effective Repermissioning Emails
Once you've segmented your audience, the next step is crafting emails that encourage recipients to re-consent. This phase builds on your segmentation strategy, transforming compliance into an opportunity to strengthen engagement. The secret? Keep it clear, valuable, and simple - no need for over-the-top marketing language. The goal is to prompt immediate action.
Clear and Value-Focused Copy
The best emails explain why they're being sent and clearly highlight the benefits of staying subscribed. Avoid using complicated analogies or legal jargon that might confuse or intimidate your audience.
Take, for example, a 2014 test conducted by the MECLABS Institute with their Canadian subscribers. Led by Senior Director Daniel Burstein and Marketing Manager Beata Bordas, they tested two versions of a repermissioning email. One focused solely on the value of their newsletters, while the other combined that value with a clear explanation of compliance requirements. The second version? It outperformed the first by 49.82%, with a confidence level of 99.9%.
"I think that shows us that clarity, rather than persuasion, will ultimately get the click."
– Beata Bordas, Marketing Manager, MECLABS
This example underscores the power of straightforward messaging. By emphasizing the value subscribers receive - like exclusive offers, curated content, or cost savings - you give them a concrete reason to opt back in. And instead of framing the request as a legal obligation, present it as a way for subscribers to take control of their preferences.
Creating Simple Calls-to-Action
The simpler the opt-in process, the better the results, which often depends on assessing email platform compatibility for features like one-click confirmations. Campaigns that use one-click confirmations - where the call-to-action (CTA) links directly to a consent-recording landing page - tend to perform best. No extra forms, no unnecessary steps.
Good design plays a big role here. For instance, ASOS used bright blue "Opt me in" buttons, while Selfridges featured a bold yellow animated banner. These high-contrast colors and straightforward button text made their CTAs pop without overwhelming the reader.
Providing balanced "Opt-in" and "Opt-out" options is equally important. It builds trust and aligns with GDPR’s transparency requirements. PwC, for example, created a campaign that respected subscribers' autonomy by offering a professional, balanced choice.
Customizing Messages for Different Segments
Tailoring your message to your audience is key. Active subscribers often respond well to short, straightforward emails confirming their preferences. On the other hand, inactive subscribers might need a little more persuasion - think value-driven content that reminds them why they signed up in the first place.
The tone of your message should also match your audience. B2B subscribers may appreciate references to GDPR and compliance efforts, which can help build trust. Meanwhile, B2C audiences often prefer creative, lifestyle-focused messaging that skips the legalese. For disengaged segments, offering incentives like discounts or exclusive deals can be an effective way to encourage a response.
A multi-touch approach works well for repermissioning campaigns. Start with a gentle reminder, then follow up with emails that create a sense of urgency - like mentioning a deadline for response. Research shows that nearly 45% of recipients who engage with re-engagement campaigns go on to open future emails from the brand. This layered strategy ensures your messaging stays consistent and impactful throughout the campaign.
Campaign Implementation and Results
Phased Campaign Launches
Many companies use a "waterfall" strategy for their campaigns, starting with a smaller audience and gradually expanding. This method not only safeguards sender reputation but also gives teams the chance to test and refine their messaging before scaling up.
Take the 2025 re-engagement campaign managed by LJ Strategies LLC, for example. They worked with a consumer brand's dormant list of 270,000 contacts. The process began with sending emails to just 5,000 contacts, then expanded to 10,000, 20,000, and finally 50,000 per wave. Before starting, they used validation tools to clean the list, reducing it to 219,000 valid contacts. Over two months, this phased approach resulted in a clean, engaged list of 125,000 contacts - achieving a 57% retention rate - and left 89,000 valid contacts for future engagement.
By incorporating A/B testing for subject lines, CTA colors, and copy variations, teams can optimize performance before full deployment. For instance, Manchester United used email campaigns, website banners, and digital ads during matches to reconfirm fan preferences. This type of phased approach not only protects sender reputation but also provides a foundation for measurable improvements in campaign performance.
Performance Metrics and Outcomes
A well-executed rollout often leads to measurable success. Repermissioning campaigns, in particular, can deliver impressive results. Between May 2018 and May 2019, Formstack transitioned from automatic opt-ins to manual checkboxes for their nurture campaigns. This change reduced emails sent by 46%, but open rates skyrocketed by 341%, and click-through rates increased by 400%. Unsubscribe rates also dropped by 33%. Across 14 campaigns using 46 templates, they achieved a 30% average opt-in rate, with 87% of emails sent in the first year having zero opt-outs.
| Metric | Pre-Campaign | Post-GDPR | Change |
|---|---|---|---|
| Emails Delivered | 3,277 | 1,768 | -46% |
| Open Rate | Pre-campaign | +341% | +341% |
| Click-Through Rate | Pre-campaign | +400% | +400% |
| Unsubscribe Rate | Pre-campaign | -33% | -33% |
Research also shows that about 45% of recipients who engage with re-engagement campaigns continue to open future emails from the same brand. While subscriber lists may shrink, the remaining audience tends to be far more engaged and valuable.
Recording Consent for Compliance
Accurate consent recording is a cornerstone of repermissioning campaigns, ensuring compliance and supporting campaign success. For every opt-in, companies should document three key pieces of metadata: the date and timestamp, the method of collection, and the version of consent obtained.
"If you can't prove when, how, and for what consent was collected, you can't rely on it."
– Tilman Harmeling, Strategy & Market Intelligence, Usercentrics GmbH
Many organizations use Consent Management Platforms (CMPs) to automate this process, enabling real-time syncing of consent data with CRM systems to ensure accuracy and audit readiness. For example, when PwC launched their 2018 repermissioning campaign, they included a clear notice that recipients would be automatically opted out if they didn’t respond. Their systems meticulously tracked every interaction to maintain a defensible record.
For those who don’t respond, companies often export these contacts into a global suppression list. This ensures they are not accidentally re-imported and prevents any unauthorized processing of their data.
Lessons Learned and Best Practices
Drawing from campaign results, these insights and strategies can help ensure that future repermissioning efforts are both compliant and effective.
Common Mistakes to Avoid
One of the biggest missteps is emailing users who have unsubscribed. Not only does this violate PECR, but it also erodes trust. Another pitfall is using unclear or confusing messaging. For example, Nucco Brain's attempt to liken consent to "drinking a cup of tea" ended up muddling the message and failing to meet GDPR requirements.
Additionally, embedding repermissioning requests within regular newsletters or relying on weak calls-to-action (like "Read the full blog" or "Update preferences") often results in higher opt-out rates and shrinking email lists.
"The most important thing to remember about re-permissioning campaigns is that while obtaining re-permission is only a tiny percent of the total work to be done to be compliant with GDPR, it can potentially have a huge negative impact on revenue if not planned, implemented, and optimized correctly."
– Kath Pay, Head Consultant, Holistic Email Marketing
To steer clear of these issues, maintaining thorough and accurate records is essential.
Best Practices for Record-Keeping
Documenting consent details is non-negotiable. For every opt-in, make sure to capture key information such as the date, time, collection method, and the version of the consent statement used. This creates a solid audit trail. Many organizations simplify this process by leveraging Consent Management Platforms (CMPs) that integrate with CRM systems, enabling real-time synchronization of consent data.
Before launching any campaign, it's important to audit your database. Identify any records that lack critical consent details and concentrate your efforts on contacts whose consent may not hold up under scrutiny. This not only ensures you're prepared for audits but also helps you target campaigns more effectively.
Maintaining Compliance Over Time
To stay compliant and keep engagement levels high, refresh consent periodically - ideally every 12 to 24 months, especially for inactive subscribers. Past campaign results show that regularly refreshing consent not only reduces legal risks but also boosts email deliverability.
Regular list maintenance is equally important. For instance, immediately removing or suppressing contacts who decline to re-consent minimizes legal exposure.
"If you continue to process personal data without valid consent, you expose your organization to significant compliance risk under the GDPR."
– Usercentrics
Automating repermissioning workflows can make the process seamless. Triggers based on subscriber inactivity or missing data ensure your lists remain clean and compliant. Above all, remember that consent must always be freely given, specific, informed, and unambiguous.
Conclusion
This article has delved into the ways strategic segmentation, clear messaging, and accurate record-keeping can drive successful GDPR repermissioning campaigns.
Take the example of LJ Strategies: tasked with reactivating a dormant list of 270,000 contacts, they opted for a phased approach. Starting small with just 5,000 contacts, they eventually built an engaged subscriber base of 125,000. This careful rollout not only safeguarded their sender reputation but also ensured high deliverability rates.
Messaging plays a vital role too. ASOS's "You're in control" campaign is a perfect example of how legal compliance can double as a trust-building opportunity. Meanwhile, Manchester United showed how multi-channel communication can amplify reach. They used everything from website banners to print handouts at games - even stadium ads - to connect with fans wherever they were.
The numbers tell an important story: approximately 45% of re-engaged recipients stay active, while re-confirmation rates for dormant contacts typically range between 5% and 15%. However, these outcomes hinge on maintaining meticulous records. This means logging timestamps, consent methods, and the exact versions of statements used - essential for surviving regulatory audits.
As House of MarTech wisely noted:
A smaller, well-permissioned, properly segmented list will generate more revenue than a large, messy one. Every time. - House of MarTech
These examples highlight how targeted repermissioning strategies can reshape both compliance and engagement. The best campaigns treat list reduction not as a setback but as a chance to enhance deliverability, deepen engagement, and secure long-term compliance. By combining segmentation, transparent communication, and thorough record-keeping, GDPR repermissioning can shift from being a regulatory challenge to a competitive edge.
FAQs
Do I need to repermission my whole email list?
Repermissioning your entire email list depends on two key factors: your compliance status and the quality of your consent records. If you're uncertain about the validity of your existing consents or need to align with GDPR requirements for EU contacts, a full repermissioning might be the safest route. Many organizations take this step to reduce potential risks. However, if your records are already compliant, it’s better to target specific segments - like those with outdated or unclear consent - rather than repermissioning the entire list unnecessarily.
What’s the fastest GDPR-compliant way to capture proof of consent?
The fastest way to ensure GDPR-compliant proof of consent is by sending clear and concise re-permissioning emails. These emails should:
- Clearly ask subscribers to reaffirm their consent.
- Highlight the urgency of responding.
- Make sure the consent is explicit, informed, and unambiguous.
Well-crafted emails not only secure compliance but also serve as documented proof for future audits or inquiries.
How often should I refresh consent for inactive subscribers?
Refreshing consent for inactive subscribers every 6 to 12 months is a smart move, tailored to your region and the specifics of your campaign. This regular process, often called repermissioning, not only helps you stay compliant with regulations but also keeps your email list engaged and focused on active participants. It's a great way to ensure your messages reach the right audience.
