Email Marketing Campaigns and data protection laws:
Key aspects to consider in order to be compliant
Electronic privacy regulations, like the UK’s Privacy and Electronic Communications Regulations, prohibit unsolicited marketing emails.
Email marketing campaigns need to be addressed to recipients who have previously given their express consent to receive promotional messages from you.
For existing customers, you can send them marketing emails without their permission, provided:
- you obtained their contact details when selling them products or services or when they actively showed interest in buying your products or services e.g. this happened when the customers asked for more details about your products and services and gave you their contact details to receive the additional information;
- you will be marketing your own similar services or products; and
- when you first got each customer’s information you gave them the chance to opt-out of marketing. In every message you send them after you first got their information, including in the initial marketing email, you must give them a clear option to refuse getting more marketing emails from you.
When getting consent to email marketing, you need to make sure the individuals’ consent is clear, specific, and knowingly and freely given. Under the General Data Protection Regulation (GDPR), you need an unambiguous and clear affirmative action from the individual to indicate their consent. To follow this requirement, the best practice is to give an individual the choice of “opting-in” to get materials from you, because this shows clear and affirmative consent. An example of opt-in language would be:
□ Click here if you would like to receive by email more marketing information about our services.
Whatever language you use to ask for someone’s consent, it must be clear, easy to understand and prominently displayed.
The consent must cover both your business and the way you will send the marketing messages.
Once you have someone’s clear consent, you need to keep a record of:
- who gave consent to receive the marketing emails
- when the consent was given
- to what and how they gave consent
(e.g. John Smith consented on March 1, 2020 to getting marketing information by email).
This way you can demonstrate your compliance in the event someone makes a complaint.
As people need to have the right to withdraw their consent at any time, offer a clear, easy way for them to do so. Even if an individual has opted-in to receive your materials, if they later complain about you sending them information, you must stop sending them consent-based marketing. The person’s most recent indication regarding their desire to receive marketing (or not) prevails.
When consent is withdrawn, you need to suppress the person’s information from your marketing list. In other words, you should keep just enough information to ensure that you don’t contact them again. Don’t just delete their information entirely, because this won’t ensure that you don’t contact them again in the future.
IMPORTANT: You need to inform individuals through your company’s privacy notice what you do with their personal data.