Return to site

Five things you should know about GDPR when you send e-Mail Newsletter or use direct Marketing

General Data Protection Regulation

· Privacy,Direct Marketing,EU-law,E-Mail Newsletter

The General Data Protection Regulation is coming! The European law will be in force on 25th of May this year in all Member States. Evelyn Jadin, Lawyer at Securex, answered our five questions about the new Regulation and how it will affect your communication.

What is GDPR?

GDPR, or General Data Protection Regulation, covers data protection and the processing of personal data in your company.

How will GDPR affect email marketing?

The new General Data Protection Regulation has a direct impact on email marketing. In concrete terms, what GDPR means for email marketing is that from now on you must not only inform the consumer about the storage of his personal data. You also have to provide evidence that the consumer has agreed to the storage of his data and that you have foreseen a method to enable the consumer to query, or delete, his personal data.

How can I do email marketing under GDPR?

Basically, you are only allowed to send advertising emails following the approval of the recipient. If you want to create an address list, the intention of your advertising should be clearly visible. Due to the general information requirement, in future, you will have to inform the consumer directly about the nature of your mailing, for example that he will receive a newsletter with regular offers. Besides this, you have to balance your interests as data processor with the interests of the consumer concerned. Proportionality is the keyword here.

To do email marketing, you basically only need an email address. In future, you will need to obtain the explicit agreement from the advertising email or newsletter recipient to the reception of your advertising email. The agreement may not be, for example, part of your terms and conditions, but must be provided separately. Tip: Apply the so-called “double-opt-in” procedure.

Can I still send email marketing campaigns to my existing contact list?

Check how you acquired your contacts. Did you apply the “double-opt-in“ procedure? If you have the explicit consent of your contact allowing you to send emails to a specific individual, a renewed consent is not required. If this is not the case, you should obtain a new and explicit approval from your contacts.


„I agree to let Company X collect and use the personal data which I have provided in this form. In addition, I specifically allow the provision of marketing material according to the data protection policy of Company X (link). Tick the corresponding boxes to agree or decline."

What do I have to change to get my email unsubscription right?

You need to ensure that the application for deletion protects the interests of the consumer. The application must be processed immediately, i.e. within a period of one month (in special cases it is possible to extend this period).

Do I have to adapt my imprint (Website and social media), and what new elements will be added?

You should check your existing data protection declaration, in particular with regard to the requirements for precise and transparent consumer information, and if necessary, adapt it to a clear and comprehensible language. Also make sure you keep an eye on the latest developments in ePrivacy regulation.

Your privacy matters to us! As you have read, the Regulation requires the explicit approval of every subscriber. Therefore we invite you to register here to continue receiving our news after 25th of May. Of course you can always unsubscribe by a simple click or request. Thank you!

Photo by Scott Webb on Unsplash