BLOG   |  CONTACT   |  1.866.526.9955

The Lasso Blog

Updated October 2019

You’ve got your audience, you’ve got your service, but you’re unsure if you can put two and two together all because of four letters: GDPR.

For the majority of our clients who focus on North America, you will need to be mindful of someone from an EU country filling out a form on your site or a partner’s site, because they will have the rights and benefits given to them by the GDPR.

Similar to Canadian Anti-Spam Legislation, there are some hoops to jump through to make sure you can send individuals in the EU marketing communications. We’ve broken those hoops down into just two steps to give you a sense of the key issues – but remember this article isn’t a substitute for legal advice!

Step 1

For marketing to individuals in the EU, the first step under GDPR is to identify whether you are going to use legitimate interests, or consent:

  • Legitimate Interest: If you can establish that your use of data is proportionate in the circumstances, and doesn’t unfairly impact on individual’s privacy rights, you can use that data for your intended purpose without having to collect consent.
  • Consent: If an individual has consent to receive marketing from you, then you can send them marketing in line with their preferences

Once you’ve decided on a lawful basis, we can move on to step two – complying with specific marketing legislation in the EU.

Step 2 – the EU marketing rules

This EU marketing rules vary slightly across the EU, so we have summarized the UK position:

  • Telephone: If you are using legitimate interest from step 1, you can telephone people provided they are not registered on the Telephone Preference Service or the Corporate Telephone Service (these are equivalent to Canada’s National Do Not Call List). If you are using consent from step 1, you can telephone people in line with what you told them when you collected their consent.
  • Email & text: For email and text messages, what you can do depends on who you’re contacting:
    • If somebody has opted-in (consented), then you can email or text them in line with what you told them when they opted-in. But remember that GDPR consent degrades over time, so always check how old that consent is!
    • For emailing or texting companies and business professionals, you can email or text them unless they have opted-out. But who qualifies as a business professional is tricky, so do your own research! Also make sure they are reasonably likely to want to hear from you, or you won’t be able to establish your legitimate interest under GDPR – remember that it comes down to making sure your marketing is fair in all the circumstances.
    • For emailing or texting consumers you can only do this without an opt-in if you gave them the chance to opt-out when you first collected their details, and they haven’t opted-out since. But who qualifies as a consumer is tricky too, so do your own research!

It’s important, that with every message you send out, you include instructions about how the recipient can stop you sending them another. And you can’t establish a legitimate interest to send marketing to somebody who’s already told you they don’t want it.

As a final note for step 2 – make sure your privacy policy aligns with whichever basis you choose – tell your users what you do and why you do it!

How can Lasso help?

Lasso manages and organises all the data that has been entered into the platform, including address information and consents. This allows you to work out who you can market to, why you can market to them and more importantly who you should avoid reaching out to!

This level of information can be organised in a number of ways within Lasso:

  • First, via the Create Custom List functionality and selecting the EU countries from the Address Information; or
  • Secondly, you can perform a Client Export of your data and review/analyze your registrant data via Excel (the quality of the data is dependent on the completeness of each record upon initial registration and update).

We also provide the ability to track an individual’s country of residence – so you can establish which laws you need to consider. It’s important to speak to your web developer about including this information on your registration pages or creating geo-specific registrations pages for website visitors from the EU and track that information in Lasso.

For further information or assistance with finding this information, please contact your Client Director or email

Share This