GDPR has been around for quite some time, but there’s no denying that the regulations around it are still confusing – as a matter of fact, they could be tripping you up when it comes to your email marketing. With this in mind, here are the most common questions that arise when it comes to GDPR and email marketing.
How do GDPR rules affect email marketing?
The General Data Protection Regulation (GDPR) has significantly influenced email marketing, introducing stringent rules that businesses must adhere to.
Under GDPR, explicit consent is required for email marketing. This means subscribers must actively agree to receive marketing communications, and the process for obtaining this consent must be clear and unambiguous. Gone are the days of pre-checked boxes; consent must be freely given.
💡 Want to learn more? Check out this guide on how GDPR affects email marketing.
Does GDPR apply to all EU citizens, no matter where they live?
The term citizen doesn’t actually appear in the GDPR legislation, and it’s actually to do with being ‘in the Union’. Nationality and permanent address don’t play a part. So, for those in the EU, GDPR applies. A good way for businesses to ensure they respect this is to look at a subscribers location/IP address.
Do I still need to consider GDPR if all my clients are based in the U.S.?
If you (your business) are based in the EU, then GDPR applies to you, and you’ll need to provide proof of your subscriber consent. The regulation applies to the “processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not”.
Does my business have to ‘forget’ my unsubscribed subscribers?
If your subscribers haven’t asked to be forgotten, you don’t need to forget them. But GDPR gives more power to the user and one of the rights it grants them is the “Right to be forgotten”. In order to do this, they have to contact you by email or phone and ask explicitly to be forgotten.
How does Brexit affect businesses in the UK?
In June 2021, the EU adopted an adequacy decision for UK businesses, following its departure from the EU. This meant that there was a free flow of personal data between the EEA and the UK until June 2025. The UK have its own version of the GDPR, which was copied across from the EU following Brexit.
What does proof of consent mean?
The specificity around proof of consent is a little vague, but GDPR is clear that the burden of proof lies with the business to provide documentation as evidence that the subscriber agreed to share their data. As a basic rule, you should aim to have at least a timestamp of their consent (the time, date and location), as well as the source of the opt-in (whether it was via a website, social media etc) and a screenshot of the form used to gain their consent.
Are checkboxes necessary if my emails sometimes contain promotions?
If you’re only sending newsletters and they include special offers, then no, because it’s still considered a newsletter and you can’t use subscriber data for other means such as targeted adverts or SMS. However, if you want permission to use data for Facebook ads or other specific channels, then according to GDPR, you need to give the individual the chance to consent to say they’re happy for their data to be processed in that way.
GDPR is a complex topic and doing your research thoroughly on it and the other email marketing rules are critical – if you’re in doubt, you should seek advice from a legal professional in the field for their guidance to avoid any trouble.