Sending marketing emails is an excellent way to increase sales. Those who don’t make sales don’t do business. However, a question arises as to whether this complies with strict data protection rules. It is known that the Data Protection Inspectorate is increasingly vigilant and imposes hefty fines for violations.
Personal data or not?
First, it is important to understand whether personal data is being processed when sending marketing emails. If the recipient’s email address does not contain a name, for example, This email address is being protected from spambots. You need JavaScript enabled to view it., then personal data is generally not processed, and sending marketing emails is allowed. If the recipient has an email with a person’s name, such as This email address is being protected from spambots. You need JavaScript enabled to view it., then sending an email to them is considered the processing of personal data. In that case, it is necessary to consider whether sending marketing emails is allowed.
Marketing emails with consent
The safest approach is to seek prior consent from the recipient of marketing emails. However, ensuring that the method and text of seeking permission align with GDPR requirements is crucial. Consent must be clear and given for a particular purpose. If consent has been obtained for a different purpose, it cannot be used as a basis for sending marketing emails. For example, if an event participant consented to their photo to be taken at the event, that same consent does not mean they can receive marketing emails. The purpose of this marketing email should have been described when collecting the approval.
Marketing emails without consent – legitimate interest basis
Alternatively, it is possible to send marketing emails without consent. Still, certain rules must be followed because personal data can be used for marketing purposes under the legitimate interest basis in certain situations. For simplicity, let’s call these rules the “Five Commandments” of marketing emails.
First Commandment – Marketing emails can only be sent to existing customers whose email addresses are already on file. Cold marketing, as per these five commandments, should not be done.
Second Commandment – The content of marketing emails must offer similar or related services or products that have already been provided or sold to the customer. For example, a law firm can send a marketing email to a client to whom they have previously provided legal services. It is prohibited to market services or products of cooperation partners or other third parties.
Third Commandment – An opt-out option must be provided when collecting an email address. Simply put, if a customer is asked for their email address, they must be allowed to refuse marketing emails.
Fourth Commandment – Every marketing email must have an unsubscribe button, allowing customers to easily and freely opt out of future marketing emails. Most modern newsletter software solutions provide this option.
Fifth Commandment – A document must be prepared that analyzes compliance with the above rules and puts this analysis in writing. This obligation is not something lawyers invented but arises from GDPR itself.
In conclusion
Marketing emails are one of the most common ways to communicate with existing contacts and share news, products, or service information with them. You can send these emails with consent or based on legitimate interest. In either case, it is crucial to follow specific rules to ensure it is possible and lawful.
By Henri Ratnik, Attorney at Law, Lextal