GDPR Email Marketing Consent Examples - The Good, The Bad, and The Ugly

by Startacus Admin

Want to ensure your email marketing is fully compliant with GDPR rules? Here is an overview to help keep you right...

Over the last couple of years, with an increased social distancing between businesses and their target customers, organisations are relying more than ever on various forms of direct marketing. No wonder why email marketing has become one of the most popular marketing channels, according to a research study conducted by the Data Marketing Association (DMA) in 2021.

To help organisations navigate the GDPR and make their email marketing campaigns fully compliant, this article will highlight what comprises valid consent, why it is required to maintain GDPR compliance, how the rules differ for B2C vs B2B email marketing, and also share some good and bad examples of email marketing consent.

Understanding consent with regards to email marketing

To get a better idea of the term “consent” in regard to email marketing, let's understand what exactly makes consent “valid”, according to Privacy and Electronic Communications Regulations (PECR) and UK GDPR. According to these regulations, consent will be considered valid only if it’s:

• Specific to a particular condition and not bundled with any other form of consent or terms and conditions. For example, if someone has signed up for your email newsletter, it’s not justified to send them other forms of marketing communication such as text messages and all social media messages, without requesting their consent for it separately.
• Provided without any preconditions (such as denying access to a product or service without the forced opt-in).
• Collected from the user through an affirmative action on their part, explicitly suggesting their consent. Note that using an opt-in form in which the checkboxes are already ticked (or any other forms of opt-in mechanisms that are borderline shady) will not count towards valid consent and may get your business into trouble.
• Clear to the individual what they are agreeing or consenting to by sharing their personal details at the time of opt-in
• Possible for the data subject to withdraw their consent at any time with the help of a button or a link shared in your emails, that lets them unsubscribe from any future communication without exception

If the consent you are requesting from your data subjects cannot fulfil any of the criteria mentioned above, it will not be considered as “valid” and chances are high you will face legal issues, penalties, and heavy fines, if the Information Commissioner’s Office (ICO) chooses to scrutinise your business.

GDPR Email Marketing Guidelines Different for B2C and B2B campaigns

As an email marketer, it's important for you to distinguish whether your campaign is oriented towards B2B or B2C, since the rules that apply to B2B marketing are much more straightforward and relaxed in comparison to those that apply to B2C marketing. However, you may still wish to use an outsourced data protection officer to ensure that your marketing is 100% GDPR compliant to help minimise risk.

The requirement to obtain valid consent and use it as the lawful basis for email marketing only applies to B2C marketing campaigns, whereas you can use “legitimate interest” as your lawful basis and use simple soft opt-in, in case you are running a B2B marketing campaign.

However, regardless of whether you are a B2C or a B2B marketer, it is still important to:

• Allow the data subjects to withdraw their consent by unsubscribing to your email marketing list whenever they may please
• Make sure that you are not sending your data subjects any relevant information in your emails
• Regularly clean up your email marketing database to delete any contacts who have not been engaging with your emails

GDPR Email Marketing Consent Examples - The Good, The Bad, and The Ugly

Now that you have a better idea of what's expected from an email marketer to maintain compliance with the GDPR, let's have a look at some acceptable and unacceptable ways to obtain consent, demonstrating the points shared in the above sections.

Example #1: The Good

Here’s an example to show what a GDPR compliant opt-in form looks like:

As you can see, this opt-in form

• Clearly explains to the users what they’re signing up for
• Doesn’t pressurise them to give multiple consents at once
• Doesn’t suggest that filling in their details is a pre-condition of service
• Requires them to take affirmative action and share their consent by ticking the box

Example #2: The Bad

Even though this form does suggest to the user that their consent is being recorded, it does not comply with the GDPR rules because the checkbox is already ticked, which means the user doesn’t need to take an affirmative action to provide their consent.

The ICO explicitly states that pre-ticked boxes do not provide valid consent.

Example #3: The Ugly

This example is the worst case of all because:

• The consent requested for sending marketing messages is coupled with the consent required for other terms and conditions
• The checkbox is already ticked, which means the user doesn’t need to take an affirmative action to provide their consent
• When scrutinised by the ICO, any business using such an opt-in mechanism is sure to get into trouble.

The rule is simple: don’t send marketing communication via email to anyone who has not explicitly registered their consent for receiving it.

Subscribe to our newsletter

If you would like to receive our startup themed newsletter, full of the latest startup opportunities, events, news, stories, tips and advice, then sign up here.

• #email
• #marketing
• #gdpr
• #data
• #legal
• #consent

Published on: 1st December 2021