May 9

Legally secure and simple GDPR email marketing

E-Mail-Marketing, Marketing & GDPR


On May 25, the European People’s Day. The General Data Protection Regulation (GDPR) came into force on 1 May 2018. Since the unlawful use of personal data can result in heavy penalties, there is great uncertainty in companies regarding marketing campaigns. 

No wonder you, like many others, are afraid to do something wrong. You’re sure to wonder what you need to consider when marketing e-mail with the new GDPR. To what extent are you still entitled to use or store personal data in order to be able to advertise upcoming products in a targeted manner? 

We’ll show you what points you should consider to conduct a legally secure GDPR email marketing and thus maintain privacy when promoting your products.

What does the GDPR change?

First and foremost, legislators have not enacted the GDPR to make life difficult for businesses. The aim of the new regulation is to protect privacy. 

That’s why the GDPR changes two fundamental aspects for personalized email marketing for you as an entrepreneur. On the one hand, you must be able to prove your customers’ consent to the use of data. On the other hand, you are obliged to create transparency. 

What are personal data?

Privacy also includes our personal data, which identifies us as individuals. In addition to sensitive data, such as the social security or credit card number, includes data such as our e-mail address, telephone number, residential address or name.

When you contact someone via e-mail, you use your e-mail address to use personal information that is under special protection under the GDPR. 

What are the penalties for violating the GDPR?

Four percent of annual turnover is the penalty that the legislator imposes in the event of gross disregard for the GDPR provisions. For Google, this meant a payment of 50 million euros. Large companies are now making it clear how seriously they take the GDPR through data protection advertising.

We will show you how to make e-mail marketing legally secure as part of the new GDPR. 

What impact does the GDPR have on my email marketing?

The GDPR should not be a reason to renounce effective email marketing. A large part of the communication and thus also of marketing is now carried out via digital channels. Informative newsletters and e-mail advertising are reliable ways to inform your customers about new products and services. 

When you contact someone via e-mail, you use your e-mail address to use personal information that is under special protection under the GDPR.

With Mautic, the reliable marketing automation software of our choice, your email marketing is directly linked to what your business is doing. With the Mautic version managed by, you conduct legally secure email marketing. The necessary order processing contract is already included in the terms and work. 

And since we are based in the EU, you can rely on our level of data protection. For other third-party providers outside the EU, such as those from the US, it is important to pay attention to their privacy policies. Check whether your terms and conditions and privacy policy are used to send out e-mail marketing GDPR compliant to your customers. And also whether they are under the EU privacy shield.

Can I continue to send promotional e-mails and newsletters under the GDPR?

Legally secure GDPR e-mail marketing requires the consent of the recipients. If you want to attract new customers to send your promotional emails or newsletters, you need to get their consent via the double opt-in procedure. In this way, new customers can tune in to the use of their data. 

If you use the email addresses of customers who provided your details during a previous purchase when sending promotional emails, you must consider three things:

  1. With each promotional e-mail, the recipient receives the opportunity to object to the further use of his data free of charge.
  2. The advertising refers to own products that are similar to those previously purchased.
  3. In the meantime, the recipient has not objected to the storage of his data. Check if the name is now on the Robinson list. This is where companies and private individuals are involved, who in principle do not want to receive advertising e-mails.

By the way, the laws also apply to e-mails that you send to other companies, e.g. to conduct customer acquisition. In order to operate e-mail marketing B2B GDPR compliant, you should also obtain the consent of the intended company.

Can I continue to send transactional e-mails (e-commerce) under the GDPR?

In e-commerce, your customers’ orders trigger an automatic contact. If you want to inform your customers about the successful purchase or shipping of your products through a transactional email, you do not need to obtain consent for shipping. Customers already agreed to purchase the processing of their data.  

If you want to attract new customers to send your promotional emails or newsletters, you need to get their consent via the double opt-in procedure.

However, if your transactional emails contain advertising, you must be careful to conduct your email marketing GDPR compliant. Just as with newsletter sand, you need consent if you want to send advertising content to the recipients.

Can I continue tracking my email campaigns?

Email marketing involves financial and time-consuming efforts. You therefore want to know how many times your customers have opened the delivered newsletter and clicked on your links. 

To analyze the behavior of your email subscribers, it’s especially important that you anonymize the tracked IP addresses. In addition, you should inform your readers at the time of registration about what data, how and for what purpose you will use. You always include this information in the privacy policy, to which your newsletter registration form should also link.

Are my e-mail contacts GDPR compliant? Your personal checklist

Operating a successful and at the same time legally secure GDPR e-mail marketing can be easy. Stick to the 6 following points: 

1. What should my email sign-in form look like?

Since the adoption of the GDPR, the design of your registration form is particularly important. Transparency is paramount. Let your customers know what content is coming to them in the newsletter. Make it clear for what purpose you will use their data exactly and whether you are measuring success. 

also in your privacy policy or Privacy Policy, the right of withdrawal and your terms and balances. 

Since the amount of data also plays a decisive role according to the GDPR, you must not integrate too many mandatory fields. It is correct if your customers only need to provide the email address and can enter the remaining data optionally.

Profitiere durch Marketing-Automation

So that you don’t ignore anything important, subscribe to our newsletter. How to find out how to design your email marketing GDPR compliant! We will help you issue your legally secure registration form.

2. Do I need a double opt-in to collect email addresses?

The double-opt-in procedure is mandatory to perform your email marketing GDPR compliant. This gives you demonstrable consent to e-mail communication from your customers. 

The customer must actively contribute to the storage of his data. It is no longer permissible to use an automatically placed check mark to base data storage. 

In the double-opt-in procedure, interested customers actively enter their e-mail address in the registration form. They will then receive a double opt-in email in which they click on a link to confirm their registration. This e-mail may not be an advertising email yet. 

The double-opt-in procedure is mandatory to perform your email marketing GDPR compliant.

In two ways, you’re on the safe side with the double opt-in method. On the one hand, you offer your customers a transparent and thus GDPR-compliant procedure for consent to e-mail communication. On the other hand, you can safely prove that the customer has consented to the contact by e-mail.  

3. What personal data can I store?

You should build a foundation of trust to connect customers to your business. The provisions of the GDPR are even an important tool to create transparency, despite all pitfalls and hurdles. 

Try to get into your customers! When you provide your data, you naturally wonder what exactly happens to their e-mail addresses and names. Through GDPR-compliant email marketing, you share with your customers what you need the data for. Only if you openly place them in what context they are used, you may store your customers’ data. 

In addition, you must give them the opportunity to revise this consent with each email sent. And there must be no cost to the contradiction. 

4th. GDPR pairing ban: Can I use a goodie (lead magnet) to collect email addresses?

A free goodie, such as a white paper or access to a sweepstakes, are good strategies for getting to new customers. Such pairings are still allowed if you note some points. 

Show your customers that you are offering them something valuable, such as prepared knowledge through a webinar or an e-book. In return, they release their data for advertising purposes. Do not call your offer “free” or “free”. After all, the acquisition has a price, namely the transfer of personal data. 

Collecting e-mail addresses in exchange for goodies is still allowed, taking into account certain points. 

This approach not only guarantees you legally secure e-mail marketing, you also build trust in your customers through your openness.

5. Can I buy e-mail contacts according to the GDPR?

The purchase of e-mail lists is not strictly prohibited. Nevertheless, we advise against this. You can never be quite sure if the purchased contacts have been collected GDPR compliant. In addition, most emails to purchased contacts are ineffective.

Surely your mailbox also lands emails every day, which you delete without even clicking on them. This is exactly what happens with most of the email ads you send to the often worthless contacts you buy. 

And the provisions of the GDPR also apply to purchased contacts. You must therefore be able to trust the provider of the e-mail lists to have obtained the consent of the customers to continue using the data.

6. Do existing contacts have to agree that I can continue to send you a newsletter?

What applies to new contacts also counts for existing customers (whose data you collected before the GDPR). You must treat the data collected in the past just like newly acquired email addresses. This is the only way you do not make yourself liable to prosecution under the GDPR. You must be able to prove that existing customers have consented to the sending of promotional emails. With a GDPR consent e-mail, you can obtain your consent and thus also include existing contacts in your marketing.

Transparency = satisfied customers: Design e-mail marketing GDPR compliant and build trust

You should not use the GDPR as an opportunity to stop using email marketing. Don’t be put off for fear of the heavy penalties of email ads, which is one of the best marketing tools! It is important that you work transparently.

Show your customers and other companies the benefits of sharing their data. Create a valuable basis of trust that will help you gain long-term customers and partnerships.

We help you with GDPR compliant email marketing! Whether you have questions about sending newsletters, using cookies or e-mail archiving according to GDPR requirements, we have the answers for you. 

Über den Author

Natalia Dziadus-Hammerschmied

You may also like

Newsletter spam – 17 tips to protect your emails from being marked as spam

What is a lead magnet + the best 10 examples

Multi-channel marketing: a top strategy for more customers and more profit

Hinterlasse einen Kommentar

Deine E-Mail Adresse wird nicht veröffentlicht.
Pflichtfelder sind gekennzeichnet.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}