How does Flexmail prepare itself for the GDPR?

Last updated: 17/05/2018

GDPR compliancy is about much more than just your email marketing. There is a good chance that you will have to restructure your contacts. In order to help you with this process, we have developed our own GDPR Contact Converter. It will be launched at the beginning of May. It is a tool to clean up your existing lists and merge them all together into one tidy database in your Flexmail account.

Why do I need to switch to a single list in Flexmail?

When you use several lists, there is a good chance that contacts will occur more than once in your contact management. In itself this is not a problem, but it makes managing consents and unsubscriptions that much more complex. In order to be GDPR compliant with your email communications, we thus strongly advise you to switch over within Flexmail to a single main list. Via segmentation, several target groups can be distinguished. By using a preference centre, you can simply and clearly manage unsubscriptions for your various communications within your database.

What does the GDPR contact converter do?

As a Flexmail client, you used to have the option of creating several lists in the application. Come 25 May 2018, that will be out of order. To prevent you losing contacts and to ensure that they are stored in an organised manner, we have created a special tool that merges your lists into one large database with various segments. This will allow you to develop an organised database and to easily and swiftly dispense with any conflicts. In order to make your contact data GDPR compliant, you will need to tidy up your contact lists. Naturally, exporting your data and putting them in order are time-consuming tasks.

How long will the update take?

The time your update will take will depend on the number of contacts you have. We would advise you to do this update when things are quiet. Logic dictates that the more lists you need to update, the longer it will take. So, don’t start panicking if the update takes longer than you expected.

What can I do to make the transition as smooth as possible?

  • We would advise you to import all your lists in one go. You can always pause the process but do bear in mind that, if you do, your contacts won’t be able to reach you for longer.
  • We expect that many companies will get down to adjusting their lists the week before the GDPR is due to come into effect, i.e. 25 May 2018. As this is likely to cause delays, we would advise you to start early.
  • Also put some though in the time you will be getting down to this job at. Starting your update later in the day/during the evening instead of between 09:00 and 17:00 will speed up matters no end.
  • Make sure not to update your lists straight after a mailing as neither you nor your contacts will be able to access Flexmail during the process. Postponing a mailing will reduce the risk of missing out on contacts.
  • Check your lists before your start to see whether they are still up to date or usable.

GDPR Contact Converter

Unique key

When importing contacts you must always select a reference field. In Flexmail, the default reference field will be the e-mail address but you can also select your own field here, like a customer number for instance.
A reference field is a set of alphanumerical characters that are unique to a specific contact.

Source field

As one of the requirements under the GDPR is that you know the origin of your contacts, it is essential to enter the correct source. By default, the name of the former ‘sub list’ is entered here. Some examples of sources are: ‘2018 trade fair X’ and ‘Opt-in form homepage website’.
Contacts can come from more than one source.


Each contact is assigned a language. This means that this becomes a selection field instead of an optional field. By default, the values you enter are translated into ISO values. The contact converter will allow you to assign a language to any contacts in respect of whom that information was missing.


Up and until now, you were working with several lists of contacts. Once the update effected, you will have 1 large database divided into segments. On the basis of these segments, you will be able to individually contact your various target groups to your heart’s content.

Old list

New list

How are you preparing yourself for the arrival of the GDPR?

To dispense with any concerns you may have in relation to the GDPR, we compiled a list of things you could start focusing on now to ensure that, by 25 May 2018, your company too will be fully GDPR compliant.


  • Check various sources so that you understand what the GDPR entails and what you need to do to be compliant. Click here to read some of the comprehensive articles we have published in the past.
  • Make sure that everyone in the company is au fait with the GDPR. Responsibility does not lie with one department but is a team effort. You could always organise a workshop to make sure that everyone knows exactly what is expected of them.
  • Appoint a key figure who knows the ropes and who is able to assess what needs to be done.


  • Check what data you keep on record, for how long, where they came from and whom you share them with.
  • Create a database. As of 25 May 2018, you will be bound by an obligation to notify, meaning that any data leaks will have to be reported to the authorities within 72 hours.

Update your documents

Only personal data that are required in the context of the services you provide can be processed. As data cannot be stored indefinitely, we strongly advise you to check important documents, such as agreements, terms of business, privacy policies and suchlike. You may need to amend/update them to be compliant with the Regulation.


The upcoming legislation revolves around consent. As the law is designed to protect citizens, your customers’ consent must be given freely, be specific, informed and unambiguous. In addition, customers must actively consent to their data being stored. This, for one, means that you are no longer allowed to send out forms with pre-checked boxes. When dealing with minors, you will be obliged to seek a parent’s or guardian’s consent.

Spell out things in plain language

One of the main issues that gave rise to the introduction of the GDPR is that people were keen to know what their personal data are used for. They demanded more transparency which is what the new legislation will deliver. Come 25 May 2018, you will have to spell out:
  • What you use the data for
  • How long you will store them for
  • Whether you will be sharing them
  • Whether you will be sharing them outside of the EU
  • ...

What rights do your customers have?

  • The right of information and access to their personal data
  • The right to have their data rectified
  • The right to be forgotten
  • The right to object to direct marketing practises, profiling and automated decision-making
  • The right to data portability
As of 25 May 2018, requests relating to any of the above will have to be acted on by law. So, make sure to have procedures in place to deal with any such requests.

Should I appoint a Data Protection Officer?

Only government bodies or companies who regularly process personal data on a large scale, like direct marketing companies, are obliged to appoint a DPO. That obligation can be met by appointing an external consultant or a member of staff as privacy prevention adviser.
By keeping these guidelines in mind you will be on the right track towards turning the GDPR into an opportunity rather than seeing it as a problem!