Do I need to re-permission?

To process a person’s data, in this case marketing to them, you need a lawful basis to do so. You can read more about this in my previous blog. For marketing this is nearly always going to be consent.

To be valid consent under GDPR, the following needs to be adhered to:

  • No pre-ticked boxes
  • Separate out from terms and conditions and other tick boxes
  • Record evidence of when consent was given

If you don’t already comply with the above you do not have valid consent under GDPR and should carry out a re-permission campaign. This is something that should be done anyway on a regular basis, it’ll clean out people who don’t want to hear from you and save money on sending emails, postage costs etc.

Examples of re-permissioning


auto trader repermissioning

AutoTrader sent out a very simple re-permission email with a clear call to action to make it as simple as possible for their subscribers to stay subscribed to their emails.


asos repermissioning

Asos have sent a series of emails over the last couple of months informing their customers of what communications they are opted in to and give them the opportunity to change what they get and how they get it (email or SMS).

Manchester United

Manchester United have been running a re-permission campaign for several months now, under the “Stay United”, campaign. As well as emails, they’ve sent mailers to their subscribers and advertised pitch side during the games.

I don’t think I need to run a re-permission campaign

Many large brands have notified the subscriber base of the changes to allow them to make an informed choice. Having quality subscribers who want to receive your communications is far more important than the size or your email list. It would be sensible to keep a clean list and check on an annual basis that your subscribers are happy with the content they are receiving.

Need help with re-permissioning your subscribers?

Get in touch
Contact Get in touch