25 MAY 2018

GDPR for e-mail marketing: fight against spam

Today the GDPR, the European new data and privacy law comes into force. Yesterday we saw how to conform to the GDPR for websites, today we will see how the principles of the European new privacy law apply in the field of e-mail marketing.

E-mail marketing is a type of direct marketing that consists of sending commercial messages to an audience via e-mail.

GDPR for e-mail marketing, how to do it

When a company wants to store users’ data, the GDPR requires that the company inform users about what it does with their data. Users must agree, otherwise the company cannot store users’ data. The problem is that now companies that deal with e-mail marketing may have databases that contain contacts collected without having the explicit and informed agreement of users. Consequently, they can proceed only in 2 ways, one drastic and the other less drastic:

  • Delete all contacts from the database;
  • Send an e-mail to all contacts requesting the updating of data and the agreement to use it.

The right to be forgotten is always valid: at any time the user can decide to unsubscribe from the list.

GDPR and explicit agreement

A general agreement is not sufficient: entering one’s own data to download an e-book, the user does not give permission to the owner of the service to send the user an e-mail about a new product: the user can receive only e-mails which are related to the agreement that he has entered into. Any other e-mails for which the user does not give prior agreement, may incur penalties for the owner of the service involved in the e-mail marketing.

The agreement of the user must also be requested if the owner of the service of e-mail marketing wants to monitor the results of his campaign. It means that if the owner wants to measure the results based on the opening of the e-mail or clicking on the link in the text, he must inform the user of this activity and obtain agreement. Of course, the owner must give the user the opportunity to unsubscribe from the service. We can see that one of the aims of the GDPR is to fight spam by ensuring that users only receive e-mails in which they are interested.

If you are a company that manages an e-mail marketing service, remember to ask users’ agreement not only to obtain new e-mail addresses of users for your database, but also to ask for agreement from users whose addresses you already have. The GDPR, in fact, is retroactive and the penalties for not respecting the European privacy law are heavy and starting now, are in effect.

Elaborated by Lucia D’Adamo, in collaboration with Daniele Paiella, supervised by Marco Pirrone