GDPR and email databases

GDPR and email databases

GDPR and email databases

25 May 2018 is the date of entry into force of the new European Union regulation - GDPR. The new Directive is intended to increase security in the collection and processing of consumer personal data. The General Data Protection Regulation brings several innovations that companies are obliged to implement in personal data processing processes. One of the innovations is the valid consent of the natural person to the processing of personal data. This new product also affects marketing email. How? What are changes for email databases?

When does a company need consent?

Email marketing is one of the most widespread types of marketing in online business. It might seem that contacting someone by email for marketing is not contrary to privacy policy. But under the new rules? It's a violation!

The company will always need permission from a person who has never made a purchase or used the services of the company before. You cannot send newsletters or other advertising content without the data subject's consent.

To obtain such consent, use the so-called double opt-in, which means double confirmation. Then send an email with a link that, if clicked, the data subject will be able to confirm whether or not he / she agrees to the use of personal data for marketing purposes. Therefore, we note that checkbox is not a solution. The person must know exactly what he / she commits to. Consent must be unambiguous, concrete, free and informed.

Customer consent

Without consent, you can only send marketing content to your current customers. That is, people who have already purchased or used your services. When a person buys at your place, you process their personal data. By purchasing, a natural person agrees with the terms and conditions and confirms by individual consent that he / she agrees to the processing of personal data.

Think of proper awareness

Whether you are collecting data with double consent or dealing with your customer's data, you should never forget proper customer awareness. Ideally, you tell your customers what data you are processing and what exactly is happening to them. Thus, the person must clearly know:

  • what personal data the company processes,
  • what is their purpose,
  • who handles them,
  • how long the data will be archived
  • what rights the consumer has

Failed marketing "tricks"

Competitions, discounts, promotions, e-books, or other appealing marketing moves are in fact effective elements of advertising. Since 25 May 2018, however, such practices are contrary to GDPR and will be subject to the rules of the new directive, which thinks almost everything. Let's look at it more specifically.

Social networks and GDPR

GDPR also covers social networks. The marketing space for communication is really huge. When we talk about sending private messages for marketing via Twitter, Facebook, Skype or Instagram, this is a violation. Conversely, if a person is a fan of your site or is following you (Instagram), this is considered free consent and you have the right to use personal information for marketing purposes.


If a person registers for your contest, he or she gives you permission to inquire about the contest or any winnings. If you do not use the double opt-in consent option, you do not have the right to process the data for marketing purposes.

Discount on first purchase

Another tempting offer. In this case too, you should not forget about double opt-in. You may not propagate such promotion in any other way. Not even by mail.

E-book for e-mail exchange

The fact that a person has requested the sending of an e-book does not automatically mean that the person agrees to receive advertising content. To obtain this consent again, you have the option of double consent. Alternatively, make sure you send us an e-mail with permission that will allow you to process the email to send you an ad offer.

In the context of a marketing activity closely related to the collection of personal data, the business entity must therefore always ask the person to consent to the use of personal data, most often by e-mail, for such activity. Any advertising content sent to the data subject's mail without his or her consent constitutes a violation of GDPR.

Contact form

Preparation of Security Documentation in terms of GDPR from 139€ with insurance., s.r.o. Námestie osloboditeľov 3/A,
040 01 Košice

Non-binding free quote

from € 139 with insurance

We have provided services
to more than
11 500 clients

Free quote

Questions and answers

Dear client, if you have not found
what you are looking for, do not hesitate
to contact us.

To contact