GDPR and email marketing

What the GDPR means for your email marketing

The sole entry into force of the EU General Data Protection Regulation since 25. Mai 2018 brought some changes with it. So that you know which requirements you have to observe for your email marketing since then, Vivien Beischau from Newsletter2Go (today part of Brevo) has put together 6 tips for you here.


Please note that this article is for information purposes only and is expressly not to be understood as legal advice. We assume no liability for the accuracy and completeness of the information presented.

Implement the requirements of GDPR in 6 steps

1. shipping only with double opt-in

If you want to collect personal data, you always need the consent of the persons concerned or a legal permission. This consent must be recorded and a reference to the possibility of revocation at any time must be provided. For your email marketing, this means that you need permission in advance to send them your mailing. If there is no consent, you may not send them any newsletters.

It is important that you include a reference to the privacy policy in the consent email and in the registration form. Make sure that this can be viewed at any time.

Double opt-in: The double opt-in procedure is a legally secure way of registering for newsletters. You enter your e-mail address in the registration form and allow yourself to be added to a distribution list. Subsequently, you receive a confirmation e-mail and thus the opportunity to confirm the registration in a legally secure manner. The DOI process is completed when this e-mail has been confirmed.

2. use legally compliant shipping software

There are some requirements for a legally compliant mailing software that you should consider. Among other things, legally compliant mailing software is characterized by the fact that the servers for sending the mailings are located in Germany. The service providers are audited and equipped with appropriate data protection certificates.

A contract for commissioned processing must always be concluded.

3. guaranteed data security

You should be aware that you must ensure that no unauthorized persons have access to your customers' sensitive data. Appropriate technical and organizational measures (passwords, encryption, etc.) must therefore be taken when processing data to ensure that the data is secure.

4. pay attention to data economy

In the context of data collection, you should pay attention to data economy. This means that data is only collected for a specific purpose and may only be used for that purpose. Show your data subjects exactly what they are giving their data for. In addition, you must not collect data that is not appropriate for the purpose.

Example: For a newsletter registration, only the e-mail address is necessary. Of course, you can also request additional data, but this information is voluntary and must be marked as such.

5. complete your sign-up process

Transparency is important and creates trust. In email marketing, for example, this applies to your newsletter registration form. Communicate clearly what recipients receive and what the data is used for. And note that you may only mark the e-mail address query as a mandatory field. All other information must not be mandatory in order to make the newsletter subscription effective.

Another tip for the subscription form: Point out that it is possible to unsubscribe from the newsletter at any time. It is also advisable to include a link to the privacy policy, which must be accepted with a check mark.

6. goodies are not free

You can still motivate your customers to sign up for your newsletter with coupons or promotions. Only in the case of goodies or freebies, such as whitepapers, infographics, e-books, etc., which are combined with a newsletter subscription, you must explain to your customers exactly what this barter deal is. Since data is used to pay, you cannot call the deal "free" and must make it clear that the newsletter is being subscribed to.

It remains to say...

... that with the entry into force of GDPR , the protection of personal data takes the highest position. If these requirements are implemented, you are on an excellent path to making your email marketing GDPR-compliant and avoiding horrendous fines.

Did you like the article?

With your rating you help us to improve our content even further.

Write a comment

Your e-mail address will not be published. Required fields are marked with *