Email marketing is built on data. But not just any data — compliant, permission-based, and responsibly managed data.

Without a database of subscribers, we'd be reduced to distributing leaflets to people on the street, and ROI would be tragique.

Get that wrong, and the consequences go beyond poor campaign performance.

A recent case from the Information Commissioner's Office (ICO) made that clear. TikTok was fined £12.7 million for failing to properly protect children's data.

That's not just a big-brand problem. It's something every email marketer should be thinking about.

What the TikTok Fine Tells Us About GDPR & Children's Data?

The ICO's findings focused on three key failures:

• allowing children under 13 to use the platform without parental consent,
• not clearly explaining how user data was collected and used, and 
• failing to process data lawfully, transparently, and responsibly.

There's also a less obvious — but important — lesson: concerns were raised internally and not acted on.

That's the kind of detail regulators pay attention to.

Could This Happen To Your Email Marketing List?

It's easy to assume this only applies to large platforms. 

But… if you collect email addresses, you're processing personal data — and the same UK GDPR rules apply.

Ask yourself:

• Can children under 13 sign up for your emails or access your content?
• Do you have any age checks in place?
• Would you know if a child was on your list?
• Could you prove you're handling that data responsibly?

If the answer to any of these is "I'm not sure", it needs fixing.

Because fines are one thing.  Losing trust is another.

Why Clear Data Practices Matter (for compliance & conversion)?

One of the ICO's strongest criticisms was around transparency. Users weren't given clear, accessible information about how their data was being used.

And this isn't a legal issue —  it's a commercial one.

If people don't understand what they're signing up for, they're less likely to:

• subscribe
• stay subscribed
• trust your brand

Good email marketing starts with clarity:

• say what you collect
• explain why you need it
• keep it short and readable
• offer a real way to get in touch

Simple beats clever every time.

How To Stay Compliant With Children's Data Rules?

You don't need a complete overhaul — but you do need to be intentional.

Start with the basics:

1. Review your sign-up forms. Are they clear and age-appropriate?
2. Check your consent process. Especially if younger users might access your content.
3. Audit your database. Remove or flag any questionable data.
4. Document your decisions. Regulators like evidence, not assumptions.

The ICO's Age Appropriate Design Code is detailed, but it's worth bookmarking as a reference point.

The Bottom Line

If email marketing is part of your growth strategy — as it should be — data protection is part of your brand.

Getting it right helps you:

• stay compliant with GDPR
• build trust with your audience
• protect your reputation
• improve long-term engagement

Getting it wrong? That's where things get expensive.