Sorry, we could not find the combination you entered »
Please enter your email and we will send you an email where you can pick a new password.
Reset password:


By Thomas Baekdal - May 2018

Newsletters and GDPR?

This is an archived version of a Baekdal Plus newsletter (it's free). It is sent out about once per week and features the latest articles as well as unique insights written specifically for the newsletter. If you want to get the next one, don't hesitate to add your email to the list.

In this edition of the Baekdal Plus newsletter, we are going to talk about reaching young people, the media fighting tech companies, and how to deal with newsletters and GDPR.

  1. How Publishers Can Focus on Young People
  2. The Media vs Tech Battle That Nobody can Win
  3. Do You Need Separate GDPR Consent for Newsletters?

How Publishers Can Focus on Young People

Young people are the future of media, because they are the ones who are going to drive the changes that we all need. But when it comes to creating a valuable newspaper or magazine for young people, traditional publishers have a rather suboptimal way of doing it.

Our assumptions about young people are wrong, and for some topics (like politics) our focus doesn't align with the world young people live in.

In my latest Plus report, I go through all the big picture changes you need to make to appeal to a younger audience.

The Media vs Tech Battle That Nobody can Win

The ongoing 'war' between media and tech companies is never going to end, but it is getting a bit annoying.

The problem is that when you compare what media and tech companies do, you realize that they are not in the same market. Both are competing for people's attention, but in very different ways.

Media companies approach the world by choosing what to publish, which increases the overall quality at the expense of scale. Tech companies are choosing what not to publish, which increases their scale tremendously, at the risk of not being able to filter out all the bad things.

The problem is that you can't combine these worlds, nor can you replace one with the other.

In this article, I explain why:

Newsletters vs GDPR?

Over the past several weeks I have received many questions about what publishers need to do about GDPR (the EU General Data Protection Regulation) and newsletters.

Do you need to get a separate consent for newsletters? Do you need to ask every subscriber again before May 25th? Do you need to delete your lists?

The short answer is no. But here is a very quick guide:

When people sign-up for a newsletter, that in itself is consent. So you don't have to do anything else. This also means your current newsletter lists are fine, because you got people's consent when they signed up.

But, what's important is that GDPR defines consent as being 'specific', so if someone signs up for the newsletter, you only have consent for the newsletter and not anything else (like tracking, 3rd party stuff, etc).

And obviously, it only applies to those who specifically chose to sign-up for your newsletter. If you have people on your newsletter list that you just added yourself, they haven't given consent and need to be deleted.

You might have a higher level of consent. Like if people have become a member of your publication, of which the newsletter is a part (like a premium newsletter). In this case, your overall consent also applies to the newsletter, and you don't have to ask for it again.

Remember that it has to be 'specific'. What people signed up for and what you send out, have to be the same. If your magazine is about gardening, but your newsletter is about 'marketing offers from our partners', this would not be considered the same. But it is the same if you run a business magazine where your premium newsletter is a specific part of the 'product' that you offer to people when they subscribe.

Keep in mind, though, that it's always a good idea to ask people about newsletters separately, regardless of your level of consent. Newsletters have a poor reputation overall, so you don't want to 'surprise people' with them. Make it something they want to get.

The next part is, "What must happen when people unsubscribe?"

Well, here GDPR is pretty clear about it. Newsletters cannot be considered critical data (like transaction or accounting data), so when people unsubscribe they withdraw their consent, which activates the right to erasure.

Specifically, we are talking about Article 17, 1, a/b:

The data subject shall have the right to obtain from the controller the erasure of personal data.

When the following applies:

"The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

The data subject withdraws consent on which the processing is based.

This means that you have to delete their email address as well as any profiling, tracking, and analytics data you have about them. You cannot keep this after they have unsubscribed.

Here, for instance, is what my new privacy page says about it:

The Baekdal Plus newsletter is managed by MailChimp, and, if you receive it, your email is currently stored on their servers, but linked only to

You can always unsubscribe from it using the link in the bottom of each email, and, as soon as you do this, your email is permanently deleted from MailChimp's servers.

You can also contact and tell us to delete it for you. In any case, the email address used to sign-up for the Baekdal Plus newsletter is only stored as long as you are an active subscriber.

And this is what you must also do. There is no argument that you can make as a publisher for retaining this data after people have unsubscribed.

The problem is that most services, like MailChimp, don't support this yet. They are only marking the account as 'unsubscribed' but all the data/analytics/scoring is still there. I'm currently discussing this with MailChimp, because they have to fix this before May 25th.

MailChimp say that they will get this done, in their reply to me they wrote this:

However, while addresses marked as "cleaned" can not currently be deleted without deleting the entire list (not recommended), MailChimp is currently in the process of assessing and developing new, GDPR-friendly tools and features for our users, many of which are aimed at helping our users comply (or more easily comply) with requests from individual data subjects pursuant to their new rights under the GDPR. One such potential new feature is a mechanism that would allow data subjects (like your subscribers) to exercise their right to be forgotten while still honoring unsubscribe requests. As these features are still in the research and development phases, we do not have any details to share with you as of today. But, please know that we are actively pursuing enhancements to our platform that will help our users with requests like these from data subjects, so please keep an eye on new release information from MailChimp over the coming months.

And in a subsequent blog post about how they plan to "Quickly handle contact data requests", they wrote this:

When you delete someone from your list, we will remove all traces of that contact's personal information from your reports as well as your list. Anonymous, aggregate reporting data will remain visible in your account, but any use of a deleted contact's name and email address, for example, will be removed.

So, MailChimp are at least trying to get this done before the deadline. But of course, this is just for MailChimp so, you need to either implement this yourself, or make sure that your newsletter provider is handling this correctly.

To sum up:

Speaking of GDPR, next week I will publish an in-depth article about what I did to make this site GDPR compliant, because I went kind of crazy with it.

As you might have noticed, Baekdal Plus no longer has any 3rd party services running in your browser. There is only a single cookie (which isn't tracking people by default), and I have completely reengineered my analytics system.

So, stay tuned for that next week, where I go through the business strategies; why I made the decisions I did; as well as how I actually implemented a system so that I don't even need to ask for GDPR consent up front.

This is an archived version of a Baekdal Plus newsletter (it's free). It is sent out about once per week and features the latest articles as well as unique insights written specifically for the newsletter. If you want to get the next one, don't hesitate to add your email to the list.


The Baekdal Plus Newsletter is the best way to be notified about the latest media reports, but it also comes with extra insights.

Get the newsletter

Thomas Baekdal

Founder, media analyst, author, and publisher. Follow on Twitter

"Thomas Baekdal is one of Scandinavia's most sought-after experts in the digitization of media companies. He has made ​​himself known for his analysis of how digitization has changed the way we consume media."
Swedish business magazine, Resumé


—   newsletter   —


The Audience Relevance Model


The future outlook of the brand+publisher market


Can magazines mix advertising and subscription? And what about password sharing?


What happens when you ask an AI to do media analysis?


Operational security and the dangers of online sharing for journalists


How to think about AI for publishers, and the end of the million views