Email Personalization, Abandoned Carts and GDPR

There have been numerous scare stories about the impending death of email marketing once GDPR kicks in later this month on May 25th.

As you’ll know, you will be legally obligated to acquire consent (from existing customers, and new) in order to send your email marketing communications. This will no doubt see your email list reduce in size. But on the plus side, this means your email marketing database will only contain people who want to receive your emails. Providing you’re compliant with the new regulations, there’s no reason why you can’t continue to send personalized email campaigns and abandoned cart emails.

Regardless, there still seems to be a lot of confusion around the topic of GDPR and email marketing.

Abandoned cart emails

One of the areas that seems to have raised many questions is the topic of abandoned cart emails and their lawful basis. There has been some debate as to whether abandoned cart emails constitute transactional emails or marketing emails. Some have suggested that they are the former, arguing that legitimate interests can be your lawful basis for processing personal data to send these emails. Others have recommended getting consent and treating abandoned cart emails as marketing emails.

We believe consent is the best option here and in the best interests of customers. Legitimate interests is used as a lawful basis for when the processing is necessary and in ways that customers ‘would reasonably expect’. However, in the case of abandoned cart emails, it’s debatable as to whether a) they are necessary and b) whether a visitor landing on your site would expect such an email.

In this case, abandoned cart emails can then be sent to consumers who have opted-in.

Personalized emails

In much the same way, personalized marketing emails require consent. It’s important when using a personalization tool like Bunting to make sure your vendor is up to date with your email subscriptions.

It’s crucially important to make sure your recipients know that their data will be used for personalized marketing emails, and you’ll need to detail how and why.  This information should be displayed clearly and must be easily accessed. Remember consent needs to be “freely given, specific, informed and unambiguous”.

With all kinds of marketing emails it’s essential that recipients can opt-out – unsubscribe – just as easily as they can opt-in.


Only you are responsible for your GDPR compliance, meaning you need to check your vendors have the structures and processes in place to ensure your own compliance with the regulation.

You should now be in the process of getting consent from your customers – existing customers and new ones – to process their data in order to send them further marketing emails. It’s important that your vendors are also updated with your customers’ consent, which we are well prepared for at Bunting.

For Bunting users we’ve got a guide for how to update your email database in the tool. In this article you’ll find out how to automate this process and keep Bunting up to date with your opt-ins.

Good luck with the rest of your preparations, and if you’ve any questions, just drop us an email at gdpr [at] bunting [dot] com

Disclaimer: nothing in this article should be taken as legal advice. We strongly encourage you to get legal advice to aid your GDPR preparations!

By: Bunting 11th May 2018 Tags: ,

Read More

GDPR and Bunting: What You Need to Know

25th May 2018 will no doubt be marked in the diaries of many a marketer.

It’s the date that General Data Protection Regulation (GDPR) comes into force, and all companies using EU citizens’ data need to comply. The new law regulates how businesses collect, use and protect the personal data of consumers, and hefty fines will hit those who don’t adhere.

Superseding the old Data Protection Act, the GDPR applies to personal data – and this time the definition is broader, referring to any data that can be used to identify an individual, including IP address.

We’re GDPR compliant

At Bunting, we use on-site shopping and behavioural data to personalize and improve the customer experience on websites. The majority of this data is not personal, but we do sometimes process a small amount of personal data such as email addresses. We only collect data that is necessary to perform the function of the tool.

Since last year, we’ve been preparing for the new regulation and working with our data protection lawyers. We’re fully GDPR compliant, having changed our internal processes as well as making important changes to the Bunting tool.

In our view, GDPR is a good thing, and has been worth the effort. It will allow consumers to control the usage of their personal data, meaning more rights that will force better practice in the industry.

GDPR will put pressure on marketers to make their communications truly relevant, and, importantly, to get consent when necessary. Pre-ticked boxes will be a thing of the past as consumers can actively choose which marketing communications they want to receive.

What do companies need to do?

We recommend working with data protection legal professionals to do a full audit of the data flows within your organisation.  The ICO has some very clear guidance to follow on what you need to do.

Importantly, you’ll need to document how you comply with the GDPR, and you must establish your legal basis for using personal data. In some cases you’ll always need to rely on consent (such as email communications); in others, you may be able to rely on legitimate interests.

From an ecommerce perspective, you must display a clear privacy notice detailing how and why you collect personal data. GDPR states it should be concise, written in clear and simple language, and easily accessible. Gone are the days of convoluted small print!

Check with your vendors

Bunting will be amending existing contracts with customers to include GDPR clauses, and Bunting users can find out here how to comply when using the Bunting tool. We recommend speaking to your vendors to ensure they are compliant, too, and get it in writing.

Amend your processes

You’ll need to make sure you’re compliant with the 8 Rights of Individuals under the GDPR – such as the right to access or rectify personal data. If you’re a Bunting customer, you’ll be able to implement your customers’ rights easily through the Bunting platform. Find out more about how to comply with the 8 rights here.

Get in touch…

While GDPR no doubt brings challenges, we do believe this to be a turning point in the industry which will ultimately lead to better, more focused marketing.

The Bunting team are happy to help with any of your questions. Contact us at gdpr [at] bunting [dot] com

By: Bunting 9th February 2018 Tags: ,

Read More