Newsletter and email marketing requirements under GDPR – legal guide & templates

Newsletter and e-mail marketing campaigns are one of the most effective ways to stay in touch with customers and keeping them informed about your current products and services. When starting such a campaign, you should be aware of the requirements that have been put in place in response to data trading, unauthorized use of data such as e-mail address and spammers activity.

How to be GDPR compliant and build customer satisfaction at the same time? Both of these contexts are equally relevant to the achievement of your business goals. In the era of the growing threat of cybercrime and data theft, you do not want to put your company’s reputation to a risk of potential proceedings and financial penalties being served by data protection authority.

In this article, you will learn how to conduct e-mail marketing properly and you will obtain consent templates to be used on your business websites.

E-mail marketing legal basis

Sending e-mail messages to your customers constitutes data processing. According to GDPR, for data processing to be lawful, one of the conditions listed in art. 6 [1] GDPR must occur. With regard to newsletters and e-mail marketing, the legal basis is the consent of the data subject to the processing of data for strictly defined purposes (art. 6 [1] [a] GDPR).

Consent by data subject

Unless you’ve first obtained consent from your customer or potential customer, constituting GDPR-driven legal basis, sending newsletter and other marketing e-mails are unlawful. Consent for sending marketing messages must be freely given, informed, specific, and unambiguous. To ensure the possibility of granting such consent by the individuals you target, it is sufficient to present a checkbox with a clear description that selecting the checkbox means that they agree to receive e-mail marketing. If you wish to communicate with your clients using other ways (e.g. SMS), remember to collect separate consent for each communication channel.

What is crucial, the individual shall give his consent actively, so your online registration or order form must not include a checkbox that is pre-ticked by default. It also follows that such consent obviously cannot result from the acceptance of Terms of Service or other non-negotiable contract bounding the customer.

Obtaining marketing consent in exchange for financial benefits

Consent must be freely given, so as a rule, you cannot make access to a good or service conditional on this consent being given. Nonetheless, if certain benefits are associated with giving consent to marketing content, e.g. you grant a discount on a product or service, then such financial relief may be available to customers provided that consent is given. You can also make a reservation that in the event of withdrawal of consent by the customer, e.g. during the term of the contract, the price for the service will be increased to its standard amount.

Consent withdrawal

The voluntariness also implies the possibility of withdrawing the consent by data subject without a reason. For that reason, you must ensure that your customers can unsubscribe easily and for free at any time they want to. This option should be available both in the customer panel on your website or mobile app, whenever applicable and in every single e-mail sent to the customer based on the consent granted, e.g. by including information: If you do not wish to receive further marketing emails from us, please click here to unsubscribe.

Be aware that customer withdrawal of consent carries certain obligations on your part, that should be fulfilled promptly and without unnecessary delay:

  • provide a clear message about the fulfillment of customer’s request
  • make sure that your or your subcontractor IT solutions are correct so that no customer who withdrawn his consent receive further content
  • delete the data collected for the purpose of sending marketing content. In practice, there may be other legal basis for further processing of the same data (in the case e-mail, telephone number it may be performance of the contract, under Art. 6 [1] [b] GDPR), but you should always make sure that you do not process any data without a valid legal basis.

When do you need to collect consent?

What is also important, you can take as a rule that you should obtain consent to data processing only when it is necessary – i.e. when you find no other legal basis under art. 6 [1] GDPR to apply. For example, you do not need consent when a potential customer makes an inquiry or wants to get more information about your product. Then, according to GDPR, you have a different legal basis for data processing, which is taking steps at the request of the data subject prior to entering into a contract (art. 6 [1] [b] GDPR)

Law compliance and customer satisfaction

Being compliant with GDPR and other applicable laws is one thing, but let’s not forget what the main goal of newsletter and e-mail marketing is – developing sales and increasing brand recognition. For this reason, apart from the legal requirements, you should keep customer satisfaction in mind.

The best way to get an answer to a question whether your newsletter and e-mail marketing is being conducted appropriately is to put yourself in the shoes of the person who gives consent – your customer. We would all like to receive content that we have actually agreed to, and also receive it in a reasonable and not excessive amount.

By adopting such attitude, you will reduce the risk of you being accused of unlawful data processing and losing your customers and potential customers who were actually interested in your goods or service for some reason in the first place.

Email marketing consent form template

Below we present ready-made newsletter and e-mail marketing consent form templates that you can use on your business’ website.

I consent to the processing by … (name of the data controller) of my personal data for the purpose of sending me marketing information regarding products and services offered by …. (name of the data controller) by:

[ ] email

[ ] SMS

[ ] post

Summary

When designing your e-mail marketing campaigns and newsletter, remember to keep in mind to:

  • obtain consents only when necessary
  • ensure consent voluntariness (do not access to the service conditional on consent and apply non pre-ticked consent checkboxes)
  • collect separate consents for each communication channel
  • provide the possibility of consent withdrawal, that is simple and free-of-charge (unless you have granted a discount in exchange for consent)
  • make sure that you react to the withdrawal of marketing consents by customers correctly and in a timely manner

You may also want to see other GDPR related article – Privacy policy & cookie policy – ultimate guide and template.