GDPR Journal: The Steps We Took Towards Working With 3rd Party Providers

Welcome to the fourth instalment of the Mailjet (and my personal) GDPR Journal. So far we’ve looked at how I became a DPO, our GDPR compliance roadmap and how I updated our Privacy Policy to be in line with GDPR. It’s been a rollercoaster and the saga is set to continue as the next step was to look at not just our internal processes, but those of our partners and 3rd party providers.

Why am I focusing on this for a whole journal entry? I hear you ask. Well, because one of our biggest challenges in getting through our GDPR compliance roadmap was to perform an audit of our entire privacy framework. In other words, to audit all our existing third-party providers and software applications to ensure that they themselves were also meeting the GDPR requirements on data protection.

Why are we talking about our own providers?

At Mailjet, we collect and process the personal data of our clients (names, email addresses, IP addresses etc.) and under GDPR we must ensure that our entire privacy framework respects the rules GDPR brings into effect. So, that means our own providers as well. Why? Because some of our data flows to these solutions, thus data protection must be compliant on all fronts.

In a post-GDPR era, we are all equally responsible for the protection of data subjects’ personal data. Meaning, not only will our clients (Data Controllers) be responsible, but also the Data Processors (in this case us), our own providers, their providers and so forth.

What kind of providers are we talking about?

Well it could be; CRM solutions used by Sales and Marketing teams (i.e. Salesforce), cloud IT services (i.e. Google, Amazon) social interaction & messaging systems used by Marketing and Support teams (i.e. Slack, Messenger), project management tools used by Product and Development teams, external payroll & HR management solutions used by Administrative teams. I’m sure you probably use some tools like these.

Being a small agile business, each department regularly uses various online solutions and applications to help with their day to day activities. In the past, a member of Team Mailjet would most likely find a free or relatively cheap tool that could help his or her team, then they would quickly sign-up without reading much of the terms and conditions behind the tool.

So, after functioning in this manner for several years, we found ourselves in a position where the company now had subscribed to various applications across its different departments — and all without much control over the access, uses and information collected.

Ok, so where did we start?

The list was grand and the audit task proved quite daunting. Let’s see my action plan… Here are the key steps we took in order to complete the internal audit and analysis:

1. A complete list of all service providers and applications

The list needed to include;

  • The providers and applications used.
  • The exact customer data that was collected and transferred to these specific providers.
  • Why the data was used.
  • Where they stored the data.
  • If there were any data transfers.
  • What it meant to our clients.

We included other useful information in this third-party provider list such as, the user access rights involved and the dates of the last verifications.

To compile this list, we set aside some time with each department head and began. The exercise actually proved to not only be beneficial for GDPR compliance, but also helps immensely with the control of a growing business, such as Mailjet.

This specific step took us several months. So start now if you haven’t already done so, because the 25th of May is creeping up on us quickly!

2. Ask your 3rd party providers some important questions

Next on my list was to contact every provider and ask some tough questions. I’m a big of making light of a big task, so I decided the best approach was to send out a questionnaire asking for details on their information security and data protection measures. The form included questions on;

  • Information security.
  • Risk management policies.
  • Employee training.
  • Physical security.
  • Access control measures.
  • Data protection organization and technical measures.
  • Take a look for yourself at the 12 questions we asked.

3. Assess the level of risk

Depending on the responses I received back, I then had to asses the risks of transferring any of our own clients’ data to their platforms and centers. This essentially meant verifying their measures, ensuring if they were up to par with industry standards, as well as checking if they were on the right track to data protection compliance.

4. Review all contracts in place and introduce new clauses and/or amendments

As part of the risk assessment, I also had to make sure that we put in place specific contractual clauses and amendments to ensure at all times while we are using their services that these data privacy measures were respected.

I then proposed various EU model clauses or data protection agreements with these providers to ensure we had the correct documentation in place. And, in some cases negotiate the limits of liability between our companies in case of a third-party claim.

5. Switch to GDPR compliant providers

In some cases, the responses I received back were vague or elusive, to say the least. In these cases, a quick evaluation was needed of whether we could improve their commitment levels or switch to providers that could ensure they were on the right track. We started this process early, so that we could switch over to another provider should the need arise. So, be sure to give yourself enough time.

6. Review and control: Right to audit and yearly check

Next, I made sure to include in all contracts and amendments the right to audit the provider upon notice. That way we could make sure if at any moment our providers were not just talking the talk, but also walking the walk.

And finally, now that we’ve successfully jumped this massive hurdle, we need to ensure we update it on a yearly basis. This means that we will need to verify that all our third-party providers continue to maintain the same level of technical and organizational measures to ensure their security and data protection. How will we do this?

  • Perform audits.
  • Re-send the third party questionnaire for updates.
  • Continue to ask the tough questions.

So there you have it, six steps to ensure all your third-party providers are GDPR compliant.

Have you reviewed your 3rd party providers? Or are you now thinking you need to? Share your experience with Mailjet on Twitter.

IntegratedLive 2017: Key Takeaways

At Mailjet we are always looking to improve our marketing efforts and to be up to date with the latest trends. Yes, admittedly we like to try to be the coolest kid on the block ?. But to do this, we need to keep ourselves informed and we have to learn from others. That’s why we put time and effort into taking part at the most important marketing events.

This week our wonderful UK Team took part at IntegratedLive, a one-day summit that provides marketers with an overview and deeper understanding of the latest need-to-know digital trends. As the world of marketing continues to evolve, it’s important to keep pace with the rapid changes if you don’t want your business to pay a high cost for it.

Team Mailjet UK at IntegratedLive

This year at IntegratedLive we’ve learnt much about new trends, from integrated marketing plans and email automation to using VR, AR and AI for marketing purposes. We didn’t want you to miss out, so here we share with you our key takeaways of the day. Now sit down, and enjoy the ride into the present and the future of marketing.

The modern Marketing mix

The era of the customer

As we are entering the era of the customer, we need to understand what our customers want and how to give it to them. A sound marketing plan is based on asking yourself two important questions:

  • Are you offering your customers what they need?
  • Are your customers aware of what you are offering them? (And that it meets their needs!)

If you answered no to one of these questions, warning ⚠️! It’s a sign that your marketing strategy is not taking you quite where you want it to take you, and you need to adapt it.

“But how do I do it?” you are asking. The answer is… (suspense) …you need to create a culture of customer obsession. “What is that?” you are asking now. Well, first of all, you need to grasp who is interested in your business and product, why they are interested in it and how. This will give you a stable basis on which you can build your strategy.

Always remember that customers want to feel valued and they want to be intimate with brands, and you want to deliver a great customer experience that they will want to share with others.

We’ve said, others have said it, we’ll say it again

Recurrent themes at IntegratedLive this year seemed to be integration, automation, and personalization in marketing. We’ve covered these topics extensively in the email sphere, but the fact that many others are now talking about them just shows how important they are for marketers nowadays.


We all collect large amounts of data, which are then stored in multiple locations throughout the business. Integration does not mean that it all has to be brought into one place, but that connections need to be created. What are the benefits?

    • Less manual error. As everything is connected, there is no need for you to look for data in multiple places and transcribe it.
    • Data is available immediately. No need to search for it.
    • Security in maximised.
    • Data is always consistent throughout the business.


Automating your emails means that you improve the immediacy of your responses. What are the benefits?

      • Less work for you to do (yay!).
      • Less missed opportunities.
      • Your responses will be consistent.
      • It will build trust between your brand and your clients.
      • Improved customer experience.
      • Your clients needs will be responded to.


You want to produce personalized content, based on individuals’ data and rich in details. You are not asking why in this case, are you. At the end of the day, that’s what we all want. Someone who knows us and knows how to respond to our needs. Again, make your customers feel intimate with your brand. Like an old friend who’s always there for them.

What we brought to the game: How to get email right in 2018

Mailjet Presentation at IntegratedLive

Email is the platform most people think we will definitely still use in 10 years’ time. “Won’t the email era be over by then?!” You ask. That’s a great question. You couldn’t have asked anyone better. No, it won’t be over. But it will definitely change over time. Here is what you need to consider in your email marketing strategy in 2018:


We have known for a while it’s coming, and in May 2018 it will finally come into effect. You need to ensure that you are compliant before it comes into effect if you don’t want to pay huge fines and damage your business. There are two things that you need to be very careful about. The first one is consent: you will need to ask for explicit consent, in a clear and concise way. The second one is data profiling. Yes we all love automated decisions and marketing automation. But unfortunately there can be some negative implications when it comes to data protection and consumer privacy. Customers need to be informed in detail about what type of content they will be receiving. For more information about GDPR, visit our resource hub.

The Transactional Email Experience

According to our recent research, important opportunities can be missed due to a negative transactional email experience. What can you do to avoid this?

        • Check the spelling and the grammar of your emails, you don’t want any mistakes in there.Don’t include any sensitive data.
        • Ensure your email is consistent with your website in terms of branding.
        • Ensure you land your emails in the inbox and not in the spam or promotions folder.
        • Keep track of the speed of your email. It needs to arrive quickly.
        • Add a touch of marketing to enhance the brand experience.

The Future of Email:

We asked ourselves what consumers could possibly want, and then we decided to ask them directly. It turns out that what they want, is an easy experience: emails tailored to products, real-time and location based messages, and the ability to shop within the email.

Keep your eyes open for the following trends in 2018:

          • Interactive emails, say goodbye to static emails.
          • Data driven emails, that respect consumer privacy.
          • 121 emails, delivering the right message at the right time.

And here you are, ready to embark in a new year of marketing. If you want to find out in more detail how to get email right in 2018, we have created a handy slideshare presentation for you.


If you have a different opinion on the future trends of email, we’d love to hear them on Twitter.

Double Opt-In: Should I Or Shouldn’t I?

Search “Double opt-in” in Google, and you’ll get over nine million hits! Clearly, a lot has been written on the subject. Nine million results, a large part of which are composed of questions like “Should I use a subscription confirmation?” and “Double opt-in or single opt-in?”…which leads us to believe that there is still a great deal of doubt about whether this technique is really necessary.

And with GDPR knocking on our front doors and some ESPs deciding it is time to move to single opt-in, we think it’s time for you get the facts and learn why, at Mailjet, we strongly believe double opt-in is the best way forward.


What is double opt-in?

When your users subscribe to your email marketing program via a registration form, you have a choice. You can welcome them and start sending them newsletters right away, which is what we call single-opt in. Or you can ask your contacts to confirm they want to receive your email communications by sending them an email with a confirmation link. It is this latter possibility that we call the double opt-in. Double, because there is a first authorization at the time of registration and a second one, with the confirmation email. Let’s take a look at what this looks like…


Skyscanner opt-in


Skyscanner’s Price Alert form allows you to check a box to subscribe to their email communications.


Once you’ve filled in the form, Skyscanner follows up with a confirmation email, asking you to click on a link to confirm you want to receive their Price Alerts. In this email, they clearly specify what you can expect from their email communications, and what you need to do if you don’t want to receive any more emails from them.  

The advantages of double opt-in

Double opt-in allows you to be sure:

  1. That the email address is valid;
  2. That the owner of the email address is really the person who subscribed to your mailing list;
  3. Your new contact is really interested in receiving your communications and is more likely to engage with your content.

These three advantages allow you to begin your relationship with your subscriber on good terms:

  • He/she agrees to receive your newsletter; he/she even agreed to it twice. Thus, the subscriber will not classify your emails as spam later on down the road.
  •  By requesting that he/she clicks on the confirmation link, you have already generated your first interaction with your subscriber. This is a positive sign sent to the webmails and a good start for your sender reputation.
  •  You avoid sending your newsletter to an incorrectly typed email address. This will prevent you from having to clean up your list later. Although we recommend cleaning your list every few months to keep engagement as high as possible.

In summary, the double opt-in allows you to obtain a more qualitative and more reactive list of subscribers who are really looking forward to your content. Who could ask for more?


The new double D: Double opt-in & Deliverability

If we look at the reality of the situation, the popularity of the double opt-in has increased significantly, but there are still some senders (and even ESPs) that favour single opt-in.

While some might think double opt-in is an unnecessary step that will make it harder to get email addresses, it should not be seen as a barrier between the user and your company.  Having a more engaged contact list is key to improve your deliverability. A user that really wants to receive your content is more likely to engage with it, which will improve your open and click-through rates. It will also mean you don’t get any undesired email addresses in your contact list, mitigating the risk of falling into a spam trap or being marked as Spam. If you send from a dedicated IP, all of these are key signs for ISPs that will increase your sending reputation and your chances of landing in the inbox.

While not all ESPs do, at Mailjet we strongly recommend double opt-in for those sending from shared IPs too. At the end of the day, every email campaign send to any contact list in a shared IP contributes to its sender reputation, and as a leader in good deliverability we want to ensure all of our users have the best possible chances of reaching the inbox. We don’t want any of our shared IPs blacklisted, do we?

Want to know more about deliverability best practices? Download our guide now!

Banner Email Deliverability

Have any more questions about double opt-in or how it can impact your deliverability? Don’t hesitate to reach out to us on Twitter!


This blog post is an updated version of the post “Double Opt-In: Should I Or Shouldn’t I?”, published on the Mailjet blog on September 13th, 2013.

Email List Cleaning: End Up On Santa’s Nice List, Not His Naughty List

If we take a trip down memory lane (some of our lanes might be longer than others ?), we might remember a parent telling us if we didn’t tidy our bedroom or help clean the dishes we’d end up on Santa’s naughty list and only find a lump of coal in our stocking. Let’s face it, none of us wanted to end up on the naughty list. We wanted to be on the nice list so we could stuff our faces with chocolate on Christmas Day morning or play with that toy we’d been whining on about in the run-up to the holiday season.


As email marketers, we know if we don’t clean our email contact lists we could find ourselves on the naughty list (or as it’s more formally known, an ISP Blacklist…). So, what do we do to avoid this predicament? You’ve guessed it. Follow our top tips to get onto Santa’s Nice List (and make sure your holiday emails land safely in the inbox).

Get your list in order

Chances are the holiday season is one of the most lucrative times of the year for you. So, don’t let all your hard work go to waste. You want your subscribers to engage with your content in the inbox and not for it to land in the junk folder. Removing inactive, unengaged contacts from your list is just as important as growing your email contact list with new and captivated subscribers.

It’s important to remove unsubscribed contacts, and hard bounces from your contact lists to optimize the performance of your email campaigns and give them the best chance of making it to the inbox (and not the spam folder). But, what else can you do to optimize your email contact list? Well, I’m glad you asked.

You could also segment your list based on the engagement of your contacts. Target the ones that have not opened your emails in the past 3 to 6 months. Send them a ‘we miss you’ reactivation email, and if they don’t engage in that, remove them from your contact list until after the holiday season. Let’s face it, if they haven’t engaged with you in the last 6 months the message is pretty clear, they’ve lost interest in your offering. You can always try to capture their attention again once the holiday season is over.


Ramp-up to full capacity

Along with cleaning your list, it’s important not to increase your sending frequency and volumes too quickly. You may think that your list is performing better than ever, so you’re exempt from the normal rules of emailing, but sadly that’s not true. ISPs often become very suspicious if you go from emailing your list once a week to daily and have huge spikes in your sending volume. We know it’s tempting to send more emails to get a higher ROI, and you can, you just need to warm the ISPs up to the idea first. You might end up looking suspiciously like a spammer if you send significantly higher volumes in a short time period, so take your time, and slowly increase sending over a few weeks.

Want to know more about deliverability best practices? Download our guide now!

Banner Email Deliverability

So now you finally know, the secret to getting onto Santa’s nice list is cleaning your email list and ramping-up your sending gradually… not cleaning your room. At Mailjet we recommend you only target subscribers who have engaged with your emails in the last 6 months. We know it’s tempting to reach back further into your email contact lists to maximize potential profit opportunities, but make sure you do it safely. Focus on your most active subscribers first, increasing the size of your list and sending volume slowly. That way, your efforts won’t go to waste and you’ll avoid your emails being blocked.

Do you need some inspiration to create beautiful Holiday email campaigns that not only will end up in the inbox, but also that your subscribers will definitely open? Download Mailjet’s Ultimate Guide To Holiday Emailing and discover great tips, from creating jaw-dropping designs, to crafting original content and working with our unique checklist.

Have you cleaned your contact list and seen great results? We’d love to hear your experiences. Tweet us @Mailjet using the #Iamonthenicelist.

How to Deliver the Best Customer Onboarding Email

The majority of businesses execute their onboarding emails all wrong. But sending useless, nagging messages is even worse for your relationship with customers than doing nothing at all.

Today, we will share with you the most important user onboarding practices and help you get ideas on where your own onboarding process may fall short or need improvement. After that you will write onboarding emails that provide value and that people will appreciate receiving.

How to make your customer onboarding emails great again

The following cases are tell-tale signs that your onboarding emails are not as effective as they could be:

  • Thinking that your customer is already familiar with the product or service you deliver.
  • Being sure that your customers are going to make a purchase because they’ve signed up.
  • Behaving like a cheesy car dealer and make repetitive requests, phrased in the same way over and over again.
  • Forgetting about customers once they have purchased your product.
  • Talking about your product’s features, updates and news, not about how it benefits customers.
  • Using cold or impersonal jargon.

Tips on How to avoid onboarding emails mistakes

Even if you’ve found something familiar in the of onboarding ‘sins’ above, don’t get upset. Instead, use the following tips to add value to your emails and prompt subscribers to start engaging with you.

1. Educate prospects about why your product is awesome focusing on its benefits, not its features.

You should never stop educating people on how great your product is. Demonstrate your value to potential customers by highlighting the benefits of your product until they buy. Then, continue to show them why purchasing was a smart decision.

2. Eliminate choice paralysis: give people a single, clear call-to-action.

Think about how difficult it is to make a decision when there is a wide range to choose from. Therefore, while sending an onboarding email, use a single call-to-action (CTA). Confusing your contacts with too many choices makes it less likely they’ll pick at least one. A single CTA can also dramatically improve your click-through-rate (CTR). With the use of a single large button, you can make it obvious what the next step should be.

3. Keep emails short and simple.

It is easy to say, ‘Keep things simple,’ but often what you think is simple is still too complicated. That said, always mind the importance to be brief and simple enough in order to not stretch your customers’ patience.

4. Feel the churn.

There is always a possibility of losing clients because they are dissatisfied with your products or services. So, it’s really important that you understand the major causes of churn (complicated features, not enough features, high prices, difficulty in using product or service, lack of value), and build safeguards into your onboarding strategy to avoid turning clients away. Customers’ feedback is what will guide you through the endless battle against churn.

5. Ask your customers for feedback. Constantly.

Every time you onboard a new customer, ask for feedback. Whenever you think of deploying something new, ask for feedback. Your customers know better. Sometimes. :)

6. Personalize.

Personalized, timely user onboarding emails are great at improving activation rates.

7. Cater for multiple learning styles.

Human beings learn differently. Some people like to read. Others like to watch videos and take tutorials. Provide more than one way for customers to access information by using instructional videos, how-tos, examples, webinars, Q&As, and live help.

8. Create transparent structure for your onboarding knowledge base.

Content marketing works. That’s why companies are producing so many resources to help customers learn everything they could possibly want to know about a service, product or specific area of interest.

Rather than showing customers a huge amount of content, simplify their onboarding flows by giving them a specific, structured set of tips to follow according to their level of acquaintance with your product.

9. Follow up on the phone/Skype.

When you love your customers, you want to give them everything they need to succeed. That’s why you should do more than just sending an email. Follow up with a phone call. Get people on the phone. Offer them live demos. Most importantly, listen. These conversations will turn into valuable customer development opportunities.

Keep in mind that there are not so many people who would appreciate a cold call. However, you may offer to schedule a phone call.

10. Break down the best competitors’ onboarding practices.

Run out of good ideas for your onboarding emails? Don’t know where to start from? Analyze your rivals’ onboarding flow. Behave like an experienced spy—sign up for competitors’ free trials, newsletters or other marketing communications. Here at Chanty, we’ve started from scratch. Being a Slack alternative and entering a crowded market of business communication tools, our startup has seen a sea of examples of how to manage email onboarding well. And an ocean of examples of how not to treat our customers. So, analyzing your rivals is always a good point.

The three customer onboarding emails you shouldn’t miss

Where to utilize the above-mentioned tips on email onboarding? Here are three must-have types of onboarding emails that will help you establish friendly and productive relationships with your customers.

Welcome email

Your email onboarding typically starts with a welcome email, probably the most important stage in your customer onboarding process. Welcome emails have the whopping 45.7% open rate compared to the 18.8% of promo emails.

To make a long story short, a good welcome email is brief and includes three things:

    1. A reminder about who you are and how your product can help your customers.
    2. An explanation about what to do next and why they should do it.
    3. A single, clear and focused CTA (Call-To-Action) linking them to a landing/getting started page.

Tip: Automate welcome emails in order to send them ASAP. Real-time welcome messages drive up to 10X better results than emails sent even a few hours later.

Chanty Welcome Email

Chanty welcome email

Re-engagement email

A customer signs up for your service. What happens next? The reality is that 40 to 60% of software users will open an app once and never log in again. And only 3% of the rest are going to become your paying customers at best. Customers may abandon your product because they get lost, lose interest, don’t get value from the product or simply don’t understand something. Being focused on onboarding, businesses can minimize this churn.

Getting users back with onboarding emails can be challenging, but possible. Customize the email sequence according to user behavior. A user who logs in three times per day from day one shouldn’t get the same emails as a user who has never logged in after their first session. Two people using your service or product can have very different mindsets and needs – your customer onboarding emails should reflect that as well.

West elm re-engagement email

west elm re-engagement email

Evaluation email

Once users have had enough time to give your product a try, send them an email that motivates them to take the next step in your relationship. For example, you can ask your customers to upgrade their plan or invite a friend to sign up or visit your website.

Cloudapp evaluation email

CloudApp evaluation email


You work really hard to get people to sign up for your service or product, and then even harder to nurture your relationships. Take the time to understand that your clients probably have no idea on how to get the most from your product.

That is why it is essential for every business to master the onboarding flow. It will demonstrate the value your product delivers and walk them through it the way you want them to. The three must-have types of onboarding emails are welcome email, re-engagement email and evaluation email.

All of these tips highlight one key point: the secret of successful onboarding emails that customer are glad to get, is simple. A great onboarding process consists of delivering value and education, to help your clients advancing into the deeper stages of your service.

What about you? How do you prefer to interact with customers via emails?