GDPR Email Marketing Consent Examples - The Good, The Bad, and The Ugly
by Startacus Admin
Want to ensure your email marketing is fully compliant with GDPR rules? Here is an overview to help keep you right...
Over the last couple of years, with an increased social distancing between businesses and their target customers, organisations are relying more than ever on various forms of direct marketing. No wonder why email marketing has become one of the most popular marketing channels, according to a research study conducted by the Data Marketing Association (DMA) in 2021.
To help organisations navigate the GDPR and make their email marketing campaigns fully compliant, this article will highlight what comprises valid consent, why it is required to maintain GDPR compliance, how the rules differ for B2C vs B2B email marketing, and also share some good and bad examples of email marketing consent.
Understanding consent with regards to email marketing
To get a better idea of the term “consent” in regard to email marketing, let's understand what exactly makes consent “valid”, according to Privacy and Electronic Communications Regulations (PECR) and UK GDPR. According to these regulations, consent will be considered valid only if it’s:
- Specific to a particular condition and not bundled with any other form of consent or terms and conditions. For example, if someone has signed up for your email newsletter, it’s not justified to send them other forms of marketing communication such as text messages and all social media messages, without requesting their consent for it separately.
- Provided without any preconditions (such as denying access to a product or service without the forced opt-in).
- Collected from the user through an affirmative action on their part, explicitly suggesting their consent. Note that using an opt-in form in which the checkboxes are already ticked (or any other forms of opt-in mechanisms that are borderline shady) will not count towards valid consent and may get your business into trouble.
- Clear to the individual what they are agreeing or consenting to by sharing their personal details at the time of opt-in
- Possible for the data subject to withdraw their consent at any time with the help of a button or a link shared in your emails, that lets them unsubscribe from any future communication without exception
If the consent you are requesting from your data subjects cannot fulfil any of the criteria mentioned above, it will not be considered as “valid” and chances are high you will face legal issues, penalties, and heavy fines, if the Information Commissioner’s Office (ICO) chooses to scrutinise your business.
GDPR Email Marketing Guidelines Different for B2C and B2B campaigns
As an email marketer, it's important for you to distinguish whether your campaign is oriented towards B2B or B2C, since the rules that apply to B2B marketing are much more straightforward and relaxed in comparison to those that apply to B2C marketing. However, you may still wish to use an outsourced data protection officer to ensure that your marketing is 100% GDPR compliant to help minimise risk.
The requirement to obtain valid consent and use it as the lawful basis for email marketing only applies to B2C marketing campaigns, whereas you can use “legitimate interest” as your lawful basis and use simple soft opt-in, in case you are running a B2B marketing campaign.
However, regardless of whether you are a B2C or a B2B marketer, it is still important to:
- Allow the data subjects to withdraw their consent by unsubscribing to your email marketing list whenever they may please
- Make sure that you are not sending your data subjects any relevant information in your emails
- Regularly clean up your email marketing database to delete any contacts who have not been engaging with your emails
GDPR Email Marketing Consent Examples - The Good, The Bad, and The Ugly
Now that you have a better idea of what's expected from an email marketer to maintain compliance with the GDPR, let's have a look at some acceptable and unacceptable ways to obtain consent, demonstrating the points shared in the above sections.
Example #1: The Good
Here’s an example to show what a GDPR compliant opt-in form looks like:
As you can see, this opt-in form
- Clearly explains to the users what they’re signing up for
- Doesn’t pressurise them to give multiple consents at once
- Doesn’t suggest that filling in their details is a pre-condition of service
- Requires them to take affirmative action and share their consent by ticking the box
Example #2: The Bad
Even though this form does suggest to the user that their consent is being recorded, it does not comply with the GDPR rules because the checkbox is already ticked, which means the user doesn’t need to take an affirmative action to provide their consent.
The ICO explicitly states that pre-ticked boxes do not provide valid consent.
Example #3: The Ugly
This example is the worst case of all because:
- The consent requested for sending marketing messages is coupled with the consent required for other terms and conditions
- The checkbox is already ticked, which means the user doesn’t need to take an affirmative action to provide their consent
- When scrutinised by the ICO, any business using such an opt-in mechanism is sure to get into trouble.
The rule is simple: don’t send marketing communication via email to anyone who has not explicitly registered their consent for receiving it.
Subscribe to our newsletter
If you would like to receive our startup themed newsletter, full of the latest startup opportunities, events, news, stories, tips and advice, then sign up here.
Got a business in the manufacturing sector? These tips on how you can reduce energy costs while being more sustainable are well worth a read...
 Daniel Dierkes, David Schara, and Maximilian Geißinger 2.jpeg)
Innovative InsurTech startup SureIn announces a €4M Seed round to further its mission of making insurance easy, transparent and hassle-free for SMBs.
Nassia Skoulikariti, Director of IoT Programmes, Mobile Ecosystem Forum shares some insights on how IoT is having a significant impact on all our lives.
.jpg)
Roger James Hamilton, Founder and CEO of Genius Group, a world-leading entrepreneur Edtech and education group, discusses how introducing a globalized curriculum will help better prepare students.
SuperFi, the debt prevention platform, has announced a $1m pre-seed funding round to support people during the cost of living crisis.
41 startups from 13 countries, including the UK, have been selected for the 8th Kickstart Innovation program, one of Europe’s leading innovation platforms.
Personal training platform Another Round has secured £300k in its latest fundraise, including investment from angels and its community.
Thingtrax Secures £4.3M to Empower Manufacturers to Build the Factories of the Future
A measure of inflation relief for small firms sees transport costs fall but service price increases remain elevated
Bedfordshire-based HR tech startup HR DataHub has built a range of tools for HR departments
Published on: 1st December 2021
If you would like to enable commenting via your Startacus account, please enable Disqus functionality in your Account Settings.
- SureIn Secures €4M to Close the SMB Insurance Gap 15th Aug 2023 Innovative InsurTech startup SureIn announces a €4M Seed round to further its mission of making insurance easy, transparent and hassle-free for SMBs.
- SuperFi raises $1M pre-seed funding round 28th Jul 2023 SuperFi, the debt prevention platform, has announced a $1m pre-seed funding round to support people during the cost of living crisis.
- Startups rely on AI & sustainability for new partnerships 27th Jul 2023 41 startups from 13 countries, including the UK, have been selected for the 8th Kickstart Innovation program, one of Europe’s leading innovation platforms.
- Another Round closes £300k Seed round to revolutionise personal training 21st Jul 2023 Personal training platform Another Round has secured £300k in its latest fundraise, including investment from angels and its community.
