GDPR Emails – 6 Lessons from a Copywriter’s Inbox

I’m sure you’ve been swamped with GDPR emails these past few weeks – until the point you’ve had enough. I have, too. But for me, it’s been kind of a good thing – because I love studying emails, especially the copy. And today, I wanted to share with you some examples of how businesses talked to their audiences about GDPR-related changes. Hope you can still bear some!


There were two types of GDPRmails (mind if I call them that?):


  • ones that listed the changes in privacy policies, terms of service, and all sorts of other legal documents,
  • and reconfirmation campaigns that tried to get people to opt in again.


Not everyone had to send the second type – although some did it “just in case.”

In general, reconfirmation emails tended to be more creative (no wonder – they did have to convince people to subscribe again), while the informational emails often drifted towards tedious legal clauses (or miles and miles of tedious legal clauses.)

But not in every case.

I’ve read enough of them to have some thoughts about general trends, and how some could’ve been made better (i.e., friendlier and easier to understand.)

Disclaimer: I realize that with these emails companies were mostly performing their legal duty under GDPR. But I also strongly believe that every single email, no matter its purpose, can be engaging and show a brand’s personality (or in the very least be easy to understand – because, seriously, why send an email nobody gets?)


So let’s get to it.


Lesson #1

Honesty is the best policy. Wait, or was it privacy?

You know how most of the GDPRmails started with essentially the same thing?


gdpr email cliche, we value your privacy

gdpr email cliche, we value your privacy

gdpr email cliche, we value your privacy

gdpr email cliche, we value your privacy

gdpr email cliche, we value your privacy

gdpr email cliche, we value your privacy

gdpr email cliche, we value your privacy


This must’ve single-handedly been the most overused phrase in emails this year (with variations.)

I have to wonder, if brands value our privacy so much, where in the world does spam come from? Or if they only just started valuing it because of GDPR, why didn’t they care before? Or did they?

Essentially, it’s a good thing. Of course, provided it’s true, and not just a slogan. So why not be honest with your recipients, instead of beginning your emails with the same ol’, same ol’ they’re by now fed up with and don’t believe a single word of? Why not just be open with them and explain things like you would in a conversation?

Luckily, some brands thought better of it and found other ways to assure us they cared. That’s why I loved this simple, to-the-point email from LostIn City Guides:


straight to the point email from LostIn City Guides


And I quite liked this slightly longer one, but still relatable, from the shoe company miista (although it has its flaws.)


an honest email from miista


See? It’s all about honesty and trust. Things an overused phrase just won’t work for.


Lesson #2

Don’t make it all about you.

A mantra a lot of marketers keep repeating, that others are still somehow deaf to. We know you had to send those emails to be compliant. But what does that mean for me, your customer (subscriber, user, pick the right one?)

You know how we (and I mean all of us, sometimes) tend to talk to people not really to listen to what they have to say, but just to respond and talk about ourselves? Brands are like that, too. I noticed a lot (and seriously, A LOT) of senders focused on their own reasons why they needed to send me all this stuff. Like in Ryanair’s example (which actually might be the record-holder in the “we value your privacy and trust” category.)


an email from ryanair


It almost makes you want to ask “So what, Ryanair?” (Okay, it makes ME want to ask them.)

Or in this one from Synerise. It looks short, but it explicitly states the benefit for the company (to stay compliant and be able to send me emails in the future.)


Synerise gdpr email


You see, if you want to show me you care about my data, just go ahead and do it. If you want me to trust you, don’t tell me you want me to trust you – MAKE me trust you. (After all, you wouldn’t send me an email saying “we’re sending you this email because we want you to buy this thing from us.” You’d just convince me to buy it. Right? Right?)

The email above is also a good example of how to overcomplicate things. Because that paragraph-long sentence could’ve been much, much clearer. With a clearly stated benefit for the recipient.

Which actually is…


Lesson #3

Clarity trumps everything.

So let me be clear about this. And I’m sure you’ll forgive me for not including all the long emails with fragments pasted straight from privacy policies written by legal departments. Oh, I don’t have anything against legal departments, seriously, ours has been EXTREMELY helpful. But I know how much work it can take to turn legal jargon into human language everyone can understand.

Because that’s our role as marketers – to make sure people understand what we’re saying. Even (or maybe especially?) if it has to do with the law.


a clear email from fink


(And I just really, really wanted to include this email, because I love this band. But also, because they just told me why they were sending me this and what I should do. Plain and simple. You can be sure I clicked. But then again, I love them.)


Lesson #4

Start right at the beginning.

Which means: subject lines. Or subject lines and preheaders (my favorite couple!), to be exact.

Now, this is an interesting one. A lot of the subject lines were just plain “Privacy policy updates”. Which sends a clear message, but then again, lacks a benefit that would make me want to open the email (especially if you got tens of similar emails around the same time.)

I even had an impression some of these emails weren’t really meant to be opened. Like, brands actually hoped nobody was going to read them. They HAD to send them to comply, but wanted to get it over and done with, before the deadline. But to me, that’s just disrespectful to the recipients. Wouldn’t you agree?

Some of the subject lines were even a little off-putting (although I assume they were supposed to be effective, but to me, that was the kind of click-baity effectiveness that’s just not cool.)


a threatening gdpr subject line


And notice the preview text. I mean, I like you, Web Summit, but come again? Why am I to blame you didn’t collect your optins right the first time?

See, that’s the kind of humor (because I don’t suspect Web Summit of bad intentions) that maybe wasn’t exactly used in the right place, at the right time. (Which brings us back to: always think about your audience and how they might feel about your emails.)

And by the way, always pay attention to what pops up in your preview text (especially when it’s a matter as sensitive as personal data protection.)


preview text


Or to your sender name/address (which is kind of a big deal when we’re talking GDPR AND trust.)


no reply email address


This one’s not only confusing (and might even look suspicious.) It’s also one of my email pet peeves – an address that tells you right off the bat: we’re just here to tell you something, but don’t bother getting back to us. We’re not listening. 

But coming back to humor:


Lesson #5

Adjust your tone.

GDPR is no laughing matter. Nor is it just really boring, extremely complicated stuff only lawyers will enjoy (although some probably ARE enjoying this.) It’s related to all of us. It’s about our personal data and what others do with it. It’s about having the right to information.

Looking at the emails I got, my impression was that the brands that did it best were the ones that went for a moderate approach. Neither formal and boring nor too cool for school. Simply human.

For example, I love how the clothing brand Reformation talks in their emails, and yes, this email was totally in line with their brand voice. But still, it didn’t really give me any valuable information and just left me there, empty-handed. Not really amused. (Maybe that’s because the execution wasn’t perfect – notice our little cliche friend?)


a gdpr email from reformation


The email from MOO, on the other hand, a business card manufacturer whose funny and personable email communication I’ve enjoyed for years, maybe lacked the humor I’d known them for, but then just made things clear and simple. And gave me some facts I could explore if I wanted to.


an update to the moo privacy policy email


Although, sadly, they too fell prey to our we-value-your-privacy friend.

(P.S. Probably one of the rare instances you get away with all kinds of humor and GDPR in one email is when you’re a company like Phrasee:


email subject from phrasee


And one last thing (although I might write a sequel, because I’m way past 1200 words now, and this is by no means the last thing.)


Lesson #6

Don’t assume people know (unless they do.)

It’s what psychologists call the curse of knowledge. I bet most of us marketers were so engrossed with GDPR, we thought everyone knew exactly what it was and why we were sending those emails.

And I guess we were mostly right when our customers were marketers like us.

That’s why it’s perfectly fine to say this when you’re a company like Unbounce:


a gdpr email from unbounce


Notice how despite talking to marketers, they’re still doing a great job by explaining the gist in very simple terms.

But the customers of a lot of B2C companies probably didn’t have the faintest idea what the fuss was about or knew very little. So there’s another reason why clarity is so important. And while it may have been a little too much to explain what GDPR was, maybe, just maybe, there were people among Etsy’s audience who really had no clue.


updates to etsy's policies gdpr email


So there. Just show them you care.

All these lessons boil down to one thing. Well, not a “thing”. ‘Cause it’s people. Your customers.

Whatever emails you send them – even if they’re GDPR-related and no one wants to hear about it anymore (oh, but maybe they do, they just want to understand what you’re saying.) Think about the people reading these emails. They should get your message. They should know what to do. And they should trust you.

But to make them trust you, it might not be enough to say their privacy is important to you.


I bet your inboxes are crammed with more examples. Care to share? The comments are all yours.


GDPR Emails – 6 Lessons from a Copywriter’s Inbox

The post GDPR Emails – 6 Lessons from a Copywriter’s Inbox appeared first on GetResponse Blog – Online Marketing Tips.

Source: getresponse

Leave a Reply

Your email address will not be published. Required fields are marked *