Legall e-mail marketing

How to conduct e-mail marketing in accordance with the law? Find out what legal requirements you must meet.

Legal e-mail marketing


Articles, acts, consents, GDPR, GIODO ... a lot of these terms, abbreviations and legal jargon. In a moment you will learn about the most important issues that will help you conduct legal e-mail marketing. You will learn what requirements you must meet so that your nightmares do not concern official letters  and summons to court.

If there is the bottom line of this article, please remember the sentence: "If you have doubts whether any given law applies to you, it is better to assume that it does." It mainly concerns consents that must be passed on to us by the recipient. Now I will make you sad - or maybe quite the opposite? There is no detailed single template stating how such consent should look like. There are, however, several acceptable forms, keep reading.

Are email addresses always treated as personal data?

The GDPR act describes personal data. It contains regulations regarding the protection of personal data of natural persons. This is where the first question arises - is the e-mail address a personal data? Not always. If it does not contain the first name, surname and other data on the basis of which a specific person can be identified, it can be assumed that it is not personal data. However, when obtaining email addresses through a form, you don't know in advance who will be signing up there. They can be various types of companies, but also physical persons. It can be time-consuming to check each address yourself and decide if it contains personal information or not. Therefore, it is best to obtain consent to the processing of personal data each time you save any customer data.

Can offers and advertisements be sent without consent?

This question is answered by the Act on the provision of electronic services. It focuses on the obligations and principles of liability of the service provider, as well as the principles of personal data protection of natural persons. What is important in the context of e-mail marketing? The act informs that unsolicited commercial information cannot be sent. We must obtain the recipient's consent in order to be able to offer them our products or services and persuade them to buy.

Does telecommunications law also apply to e-mail marketing?

In order to answer this question, I will quote the law literally, as it sounds quite complicated: "It is forbidden to use telecommunications terminal equipment and automatic calling systems for the purposes of direct marketing, unless the subscriber or end-user has previously consented to it."

Let's break it down into details. Telecommunications end devices are considered everything that can connect to the network, that is: telephone, computer, laptop, tablet, TV set. Automatic calling systems means all kinds of technical systems that communicate with the recipient without human intervention. A subscriber is anyone who is a party to an agreement concluded for the provision of services with a telecommunications service provider, and the user is an entity using these services. This law is not entirely clear even to those who specialize in it, so it is better to be safe than sorry and ask the recipient for consent in this matter as well.

Obtaining one consent for any of the above-mentioned acts does not constitute consent for further actions. If at least one of them is missing, you cannot fully comply with the law. If at least one of them is missing, ** you cannot send mailings according to the law. ** In conclusion, it is safest to obtain three separate approvals. There is, however, an exception. ** If you decide to send newsletters without commercial information, you only need to obtain consent related to processing of personal data. **

We smoothly move to the next issue, i.e. the conditions that must be met by consents.

What criteria must the consent meet in order to allow to conduct legal e-mail marketing?

When you place consent on your website or in the body of an e-mail, you must ensure its appropriate content. After all, you do not want to experience a situation where it turns out to be invalid and you will have to spend time asking your recipients for consent again.

What is worth remembering?

  • The consent must be specific, that is, contain information about who will use the data, for what purpose and what the data will be.
  • The recipient may revoke the consent at any time. Nor may he be prevented from withdrawing his consent.
  • Consent must be given consciously, voluntarily and unambiguously. There is no room for tricks, hiding it, for example in the regulations.

• You must have a confirmation of consent by the recipient. The most common method for this purpose is double opt-in. After entering the e-mail address in the form, the recipient will receive a message in the mailbox. He will have to confirm the subscription by clicking on the activation link. Then the e-mail address will be saved in your database.

What do email marketing consents look like?

The law does not specify exactly how the consents to send commercial information by electronic means and marketing information should look like ** The most common choice are checkboxes - the recipient must uncheck them to be able to go to the next step. This method will work, especially if you intend to send out newsletters. The most important thing is that the checkbox should be under the consent and information clause. Another form is communication. It is important that it meets the requirements regarding the content of the consent mentioned in the previous point. It must contain the exact purpose for which the recipient's data is collected.

The content of the GDPR Act directly states that consent to the processing of personal data may be granted by an unambiguous confirming act. This means that there is much freedom in the form of such consent, but we must have confirmation that it has been granted.

Lots of these approvals, right? Unfortunately, I have to make you sad. This is not the end of the work required. Once you have obtained the consent for data processing, you have to store this data somewhere and keep a register.

Do I have to register the database in GIODO?

If you are looking for information on the Internet on how to conduct legal e-mail marketing, this abbreviation surely caught your eye. Many articles from the first list of Google searches contain information that reporting to the GIODO is necessary. Pay attention to the publication dates of the articles - they may be out of date. The GDPR Act of May 25, 2018 abolished the obligation to report collections to GIODO. It was replaced with the obligation to keep a register of data processing activities. This means that you must keep a written inventory of all acquired contacts.

Illegal mailing - is it worth it?

In the heat of the moment, you may say that "this is some kind of absurdity" and that all these consents, registers are pointless. Ba! You're not even going to care about them.

However, I have a warning for you - penalties for illegal mailing  include a fine, restriction of liberty, imprisonment and a fine containing some part of your income.

Of course, on the end it is your decision. Three checkboxes or a fine ... The ball is in your court.

Fortunately, when it comes to email marketing, you just got through one of the least thrilling (but very important) parts. If this has not discouraged you from conducting online marketing, then you have no choice but to choose the appropriate mailing platform using our comparison engine, collect your consent and set off on this online adventure!


Leave your comment here: