Email: how to be GDPR compliant?

Email: how to be GDPR compliant?

The General Data Protection Regulation (GDPR) that has been in force since May 25, 2018 imposes the notion of consent regarding the processing of customers’ personal data. It impacts on marketing and sales procedures. Companies must take action or face fines from the CNIL (Commission Nationale de l’Informatique et des Libertés), which can carry out checks at any time. Here are some rules for good compliance.

How to create GDPR compliant email campaigns?

1. Buying one of your services does not mean explicit consent

Do not sign someone up for an opt-in (newsletter, email marketing etc.) just because they have created an account or subscribed to a service, this is illegal.

2. Don’t pre-check the boxes to collect your customers’ consent

The CNIL recommendations are clear, you must obtain active consent and therefore not pre-check the opt-in boxes. The GRPD adds another layer: consent must be clear, easy to understand and unambiguous.

3. Keep a record of the consent collected to prove that it exists

No explicit consent, no marketing mail! And yes, it is strictly forbidden. You must be able to prove that your customer agreed to receive your marketing emails. It is recommended that consent be renewed at regular intervals, ensuring that the data subject is always well informed about how his or her data is used and how he or she can exercise his or her rights.

4. Double opt-in rather than single opt-in

To collect consent, the CNIL recommends double opt-in (double confirmation). It is therefore not compulsory, but it is better to prove your good faith.

Double opt-in for GRPD compliance
Source : Sendinblue

5. Always provide an unsubscribe link and a dedicated address in your emails

It is compulsory, if you have a DPO, mention his name and email. Your customer must be able to request that you stop sending them marketing emails or delete their data at any time.

6. Service providers must also be compliant with the GRPD

Any third-party tools you use, which are therefore required to process your customers’ information, must be GRPD compliant. This is particularly the case if these third-party tools are outside the European Union with their own regulations, otherwise everything you put in place is obsolete.

7. Make data collection practices public

Detail in your privacy policies all the uses you will make of the information you collect about your customers.

8. An updated database

Finally, a small subtlety concerning the updating of consent, you must update the collection of consent but be careful not to shoot yourself in the foot unnecessarily.

Les canaux de communication (emailing entre autres) sont dissociés du GRPD. The GDPR only mentions the processing of personal data, not the channels for doing so.

In B2B (legal entity), it is not necessary to have prior consent to process data and send prospecting emails to companies. The CNIL specifies that prospecting by e-mail is possible without consent under certain conditions and in a measured way. The products offered must make sense to the prospect. It is therefore not necessary to send an opt-in confirmation to your existing database in this case, but rather to send an email inviting them to unsubscribe if they wish.

In B2C (natural persons), a clear opt-in must be obtained. The only place where it is possible to carry out canvassing without consent is precisely… in transactional emails! Following a purchase, it is possible to offer the buyer other similar products. As long as the commercial relationship exists, it is possible to offer products (sending invoices, confirming purchases, etc.).

So don’t bother yourself and especially don’t bother your customers unnecessarily with the collection of consent when it is not useful!

Discover the first GRPD compliant mailcatcher that will simplify the sending of your transactional emails

The sending of emails in recipe environments may also contain user data. Don’t send real emails, use Pacomail, the GRPD compliant sovereign mailcatcher.

With Pacomail, no risk is taken during the development of your transactional emails, all accidents and data leaks are avoided.

Pacomail assists you throughout the creation of your transactional emails. Try it for free for 15 days!

Sources :