Email Marketing & GDPR: What Actions are Acceptable to Gain Consent?

April 6, 2022

No tags found.
Email Marketing & GDPR: What Actions are Acceptable to Gain Consent?

In recent times, when there was an increased need for social distancing and cost-cutting, many businesses and brands experimented with email marketing for maintaining continuity and generating sales. At the same time, many businesses ended up paying penalties and facing legal issues because they could not maintain compliance with the GDPR. Since most businesses are still not aware of the various nuances of the GDPR and how they apply to email marketing, the demand for data protection services has been rising.

If you too are interested in understanding the GDPR and how it affects email marketing activities, you have come to the right page! In this article, we'll share with you what actions are considered acceptable when it comes to gaining consent for email marketing. But before we dive in, let's have a look at what marketing consent is and why it's important to obtain consent from your email recipients before sending them marketing communication.

Marketing consent and GDPR compliance

The UK GDPR act requires businesses to share the lawful basis through which they operate their marketing activities, including their email marketing activity. The two options when it comes to selecting a lawful basis for marketing activities are “valid consent” and “legitimate interest”. Businesses, in most cases, especially B2C businesses, need to specify “valid consent” as the chosen lawful basis for all their marketing activity. In other cases, “legitimate interest” can be used in place of valid consent. Having said this, keep in mind that if you are an email marketer and planning to send an email blast to your list of potential customers without recording their consent, it can get you in trouble with the law enforcement agencies and the Information Commissioner’s Office (ICO). Now that you understand the importance of gaining valid consent from your prospects before sending them marketing communication via email, let's have a look at what are some acceptable ways to gain consent, as per the GDPR.

Email Marketing & GDPR: What Actions are Acceptable to Gain Consent?

There are multiple regulations for data protection and data privacy that apply to organisations in the UK, and this includes the Privacy and Electronic Communications Regulations (PECR) and the UK Data Protection Act, apart from the UK GDPR. In order to comply with these regulations, you not only need to obtain consent from your data subjects before sending them marketing communication, but also ensure that it's considered valid consent as per these regulations. Below are some points to clarify what's meant by valid consent:

  • ●Consent should be provided freely by the users without forcing them to opt-in or making the opt-in a precondition for them to gain access to your products or services
  • ●The users should know exactly what they are consenting to and what they are agreeing to receive in the form of marketing communication in the future (and how frequently)
  • ●The users should have the option to withdraw their consent in a hassle-free manner, if they wish to stop receiving marketing communication from your end, at any point
  • ●The concern should not be bundled with any other clauses, terms or conditions and should be related to a single clause at a time
  • ●The users should take affirmative action on their part and the opt-in form should not have any checkboxes or fields that are prefilled

If the consent you have obtained fails to meet any of the above-mentioned criteria, it will be considered invalid, if your marketing activities come under the scrutiny of the Information Commissioner's Office (ICO). Now that you know how to gain consent for sending marketing emails let's have a look at a couple of examples to understand this better.

Example #1:

As you can see, this opt-in form uses a pre-ticked checkbox.Practices like these are a big no-no as per the GDPR, when it comes tocollecting consent for email marketing, because such anopt-in form doesn't allow the users to take affirmative action on their part,in order to confirm their consent.

Example #2:

As shared in the previous section, the opt-in form should request consent for a single specific purpose. However, in this example, there are two different clauses bundled together. You should avoid employing tactics like this, if you are serious about maintaining compliance with the GDPR.

Example #3:


This opt-in form would be considered GDPR-compliant because it lets the users take affirmative action independently and tells them the exact purpose for which they are sharing the consent.

Final Thoughts

As a rule of thumb, always gain consent from your list before you start sending out marketing emails, avoid sending irrelevant content to the recipients, consider working with an outsourced DPO, and make sure your emails contain an unsubscribe link for your recipients to withdraw the consent if they would like to. Keep your email marketing list updated and regularly prune it for any recipients who have not been engaging with your emails actively.

Take the next step

Buy My Book
"Take your Shot"

How to Grow Your Business, Attract More Clients, and Make More Money. Learn to change your perceptions of your own business so that you get out of your own way.

Find out more

Are You Ready to Put Your Prices Up?

Answer 40 questions and we’ll send you a personalised report with feedback tailored to your specific needs. It quick and free and you get a FREE copy of Take Your Shot.

Take the Fearless Quiz

Want to work with Robin?

Sometimes it's difficult taking the first steps; in reality it's easy. Hit the big red button below to book your Diagnostic Call.

30 Minute Diagnostic Call