Jul 21

How to be compliant when emailing your clients or prospects

The GDPR makes salespeople and marketers nervous because it’s hard to understand what the legislation means for daily sales and email marketing activities, which is a fair concern. 

First, it’s important to understand that GDPR is only a small part of what governs direct marketing to consumers. We also have to look at the so-called ePrivacy Directive, or rather, the different national laws implementing the ePrivacy Directive.

The ePrivacy Directive 

The ePrivacy Directive dates back to 2002, and since it is a directive and not a regulation like the GDPR, it has been implemented into national law – in other words, each EU member state has their own. The ePrivacy Directive concerns all marketing in electronic communication such as by email, phone or sms, regardless if we’re using personal data or not. Since it has been translated into national law, some differences exist from country to country, but when it comes to direct marketing to consumers, the basics are quite harmonised. The EU is in the process to adopt an ePrivacy Regulation at the moment, something that will ensure harmonisation among Member States. 

What is direct marketing?

Direct marketing includes any form of sales promotion that is directed to a particular individual. The direct marketing message does not need to offer something for sale; it could be a promotion of a free offer or promoting the sender’s organisation in some way. For example, it can include charities and political organisations which send emails for fund-raising purposes — the definition is broad.

Examples of email communications that do not constitute direct marketing activities and do not fall under the ePrivacy Directive are the following:

  • Marketing communications that are not directed to specific individuals (e.g., when you send an email to a company without mentioning a specific contact person e.g. hello@nullcompany.com) 
  • Purely service-related emails (e.g. emails sent to individuals to inform them about the status of an order)

The ePrivacy Directive requirements for B2C direct email marketing

The rules for sending direct marketing emails depend on whether they are in a B2C or B2B context. For B2C direct marketing by email, the rules are somewhat harmonised among EU member states. Let’s have a look at the requirements imposed on any organisation that wants to send direct marketing emails to consumers:

  • Opt-in consent

The first requirement is to always obtain prior opt-in consent from consumers to send them marketing emails. 

After the enforcement of the GDPR, the requirements for valid consent (freely given, informed, unambiguous and specific) apply also when consent is required by the ePrivacy Directive. Therefore providing pre-ticked opt-in boxes doesn’t count as valid consent as of May 2018.

The only exception to the opt-in requirement is when you already have an existing relationship with the individuals and you have obtained their contact details “in the context of the sale of a product or a service”. This is known as the “soft opt-in exception”.

That means that you can send marketing emails to individuals on an opt-out basis if you fulfil all of the three following requirements:

  • You have obtained customers’ data in the context of the sale of a product or a service.
  • You have sent the marketing emails in order to promote your own similar products or services (not of third parties).
  • You offer individuals the opportunity to opt out every time you send them a marketing email in a simple way and free of charge.

You must be really careful when you assess whether this exception applies or not. For example, the soft opt-in exception won’t apply in the case that a prospect signs up for lead generating content such as a webinar. The reason why is that the webinar is not the product you’re selling, but a way to attract prospects. So when participants provide details before watching a webinar, that does not count as “contact details obtained in the course of a sale”.

So if you want to use the registered email address to send subsequent emails to nurture your lead or set up a sales call – you’ll need to get specific consent for email marketing. You can do that by using a separate checkbox at the time they sign up for the webinar, asking permission/consent to send email marketing communications.

When it comes to assessing your requirements under the ePrivacy Directive, you should also check the national law that implements the ePrivacy Directive. Some countries (Austria, Belgium, Denmark) interpret the term “sale” in a strict way, while other countries (like the UK and the Netherlands) interpret the term more broadly to include pre-sales communication.

  • Possibility to opt out

The second requirement is to provide a valid address or contact point where individuals can send an opt-out request. Since the opt-out address must be appropriate to the medium by which the marketing communication has been sent, for email marketing, it would be appropriate to provide an opt-out email address or an opt-out hypertext link. The rule of thumb here is that it should be as easy to opt-out, as it was to opt-in.

You also need to make sure that:

  • You do not hide the identity of you as a sender of the marketing email, and
  • Your message can be clearly identified as commercial communication.


In summary, the golden rule is to ensure that you always have a prior opt-in consent as defined in the GDPR before you send any direct marketing communication to consumers, unless the soft opt-in exemption applies. Not only will it help you target audiences who are more likely to be interested in your products and services, but it will ensure you are compliant with the ePrivacy Directive.

See more related posts »

Related blog posts