How does GDPR affect email marketing and electronic media?
How GDPR affects electronic media and email marketing, including consent.
Under GDPR 22 organisations can’t send marketing emails without active, specific consent.
Companies can only send email marketing to individuals if:
There must be a valid contact address available to people so they can unsubscribe or opt out. Read more about the GDPR regulations on direct marketing here.
The term ‘electronic mail’ is intentionally non-specific and is defined by GDPR as:
“any text, voice, sound or image message sent over a public electronic communications network which can be stored in the network or in the recipient’s terminal equipment until it is collected by the recipient and includes messages using a short message service.”
The same regulation applies to all forms of electronic media, including emails, texts, picture messages, voicemail, social media messages, video messages and another message that can be stored electronically.
The rule concerning existing customers is sometimes called ‘soft opt-in’. In simple terms, the regulation means that if a person has previously bought something from and given their details recently and did not choose to opt out of marketing messages, then they are most likely happy to receive marketing collateral. It’s assumed that because they did not opt out, they are happy to receive information about similar products even if they haven’t actively consented.
However, for this to be admissible, they must have been given a clear and easy opportunity to opt-out. This should be offered when their initial data is collected and included in every subsequent message sent.
This rule therefore means that while information can sometimes be sent by email or text to existing customers, it does not apply to new contacts or potential customers. It also does not apply to any non-commercial promotion, for example political campaigning or charity fundraising.
If the individual has specifically given their consent to receiving marketing texts or emails, then companies can send them. They can also send to existing customers provided they had a clear opportunity earlier in the process to opt out if they wanted to.
Some partnerships and sole traders are considered to be individuals under GDPR. For these, the rules are the same as above.
Companies can email or text a corporate body (for example, a government body, company, limited liability partnership).
Even so it’s always good business practice to keep a record of those businesses who have said they don’t want to be contacted. The company can then crosscheck any new marketing list against that.