GDPR Email Marketing Consent Examples - The Good, The Bad, and The Ugly

by Startacus Admin
Want to ensure your email marketing is fully compliant with GDPR rules? Here is an overview to help keep you right...
Over the last couple of years, with an increased social distancing between businesses and their target customers, organisations are relying more than ever on various forms of direct marketing. No wonder why email marketing has become one of the most popular marketing channels, according to a research study conducted by the Data Marketing Association (DMA) in 2021.
To help organisations navigate the GDPR and make their email marketing campaigns fully compliant, this article will highlight what comprises valid consent, why it is required to maintain GDPR compliance, how the rules differ for B2C vs B2B email marketing, and also share some good and bad examples of email marketing consent.
Understanding consent with regards to email marketing
To get a better idea of the term “consent” in regard to email marketing, let's understand what exactly makes consent “valid”, according to Privacy and Electronic Communications Regulations (PECR) and UK GDPR. According to these regulations, consent will be considered valid only if it’s:
- Specific to a particular condition and not bundled with any other form of consent or terms and conditions. For example, if someone has signed up for your email newsletter, it’s not justified to send them other forms of marketing communication such as text messages and all social media messages, without requesting their consent for it separately.
- Provided without any preconditions (such as denying access to a product or service without the forced opt-in).
- Collected from the user through an affirmative action on their part, explicitly suggesting their consent. Note that using an opt-in form in which the checkboxes are already ticked (or any other forms of opt-in mechanisms that are borderline shady) will not count towards valid consent and may get your business into trouble.
- Clear to the individual what they are agreeing or consenting to by sharing their personal details at the time of opt-in
- Possible for the data subject to withdraw their consent at any time with the help of a button or a link shared in your emails, that lets them unsubscribe from any future communication without exception
If the consent you are requesting from your data subjects cannot fulfil any of the criteria mentioned above, it will not be considered as “valid” and chances are high you will face legal issues, penalties, and heavy fines, if the Information Commissioner’s Office (ICO) chooses to scrutinise your business.
GDPR Email Marketing Guidelines Different for B2C and B2B campaigns
As an email marketer, it's important for you to distinguish whether your campaign is oriented towards B2B or B2C, since the rules that apply to B2B marketing are much more straightforward and relaxed in comparison to those that apply to B2C marketing. However, you may still wish to use an outsourced data protection officer to ensure that your marketing is 100% GDPR compliant to help minimise risk.
The requirement to obtain valid consent and use it as the lawful basis for email marketing only applies to B2C marketing campaigns, whereas you can use “legitimate interest” as your lawful basis and use simple soft opt-in, in case you are running a B2B marketing campaign.
However, regardless of whether you are a B2C or a B2B marketer, it is still important to:
- Allow the data subjects to withdraw their consent by unsubscribing to your email marketing list whenever they may please
- Make sure that you are not sending your data subjects any relevant information in your emails
- Regularly clean up your email marketing database to delete any contacts who have not been engaging with your emails
GDPR Email Marketing Consent Examples - The Good, The Bad, and The Ugly
Now that you have a better idea of what's expected from an email marketer to maintain compliance with the GDPR, let's have a look at some acceptable and unacceptable ways to obtain consent, demonstrating the points shared in the above sections.
Example #1: The Good
Here’s an example to show what a GDPR compliant opt-in form looks like:
As you can see, this opt-in form
- Clearly explains to the users what they’re signing up for
- Doesn’t pressurise them to give multiple consents at once
- Doesn’t suggest that filling in their details is a pre-condition of service
- Requires them to take affirmative action and share their consent by ticking the box
Example #2: The Bad
Even though this form does suggest to the user that their consent is being recorded, it does not comply with the GDPR rules because the checkbox is already ticked, which means the user doesn’t need to take an affirmative action to provide their consent.
The ICO explicitly states that pre-ticked boxes do not provide valid consent.
Example #3: The Ugly
This example is the worst case of all because:
- The consent requested for sending marketing messages is coupled with the consent required for other terms and conditions
- The checkbox is already ticked, which means the user doesn’t need to take an affirmative action to provide their consent
- When scrutinised by the ICO, any business using such an opt-in mechanism is sure to get into trouble.
The rule is simple: don’t send marketing communication via email to anyone who has not explicitly registered their consent for receiving it.
Subscribe to our newsletter
If you would like to receive our startup themed newsletter, full of the latest startup opportunities, events, news, stories, tips and advice, then sign up here.
WeWALK, RNIB, and ICL consortium secures UKRI funding to improve mobility for visually impaired and elderly.

The impact of standards, ethics and conduct on business success and profits - Work.Life has some interesting insights...

The lowdown on Space32 - the startup that wants to help hybrid-working businesses find the working space and solution that's right for them.

Global Tech for Good initiative seeks innovative startups and scaleups that are creating positive social impact and enhancing people's lives through tech.

The lowdown on Bidnamic, the startup that's combining advance machine learning with human expertise to help retailers to maximise revenue and profitability from Google Shopping.

Innovative Czech fintech startup 4Trans raises investment to expand first of its type AI driven factoring services across Europe.

Edinburgh-based life science company Cytomos secures funding to support further development of its innovative cell analysis tech.

Ethical Equity and Streets Consulting join forces to deliver Founder Workshop to help close the inequality gap in startup to scaleup funding.

Fancy being featured in this year’s SmallBiz100, which showcases the best of Britain’s vibrant small business community? There's just a couple of days left to do just that!

Screenloop secures major investment to support further development of its AI-driven recruitment platform that helps companies build the best teams and removes unconscious bias.
Published on: 1st December 2021
If you would like to enable commenting via your Startacus account, please enable Disqus functionality in your Account Settings.







- Assistive technology innovators and partners awarded £1.7m project funding 1st Jul 2022 WeWALK, RNIB, and ICL consortium secures UKRI funding to improve mobility for visually impaired and elderly.
- How the pandemic affected each industry 27th Jun 2022 New research from School of Marketing reveals the impact that Covid-19 has had on key business sectors in the UK.
- The Finalists of DBACE 2022 are revealed 21st Jun 2022 The lowdown on the innovative young visionaries that are in the running for this year's Deutsche Bank Awards for Creative Entrepreneurs.
- OKAPI: Orbits raises €5.5m for Breakthrough Space Traffic Management Software 13th Jun 2022 Innovative German SaaS startup OKAPI:Orbits secures investment to support its mission of securing efficient and safe operations in space.