A guide to email marketing regulations: Consent and GDPR

Email Regulation GDPR

What is opt-in consent?

“Opt-in” or express consent is given when a contact submits their email address in order to receive email marketing. It is not only required in Pipedrive’s Terms of Service, but is also good for the sender: A list of fully opted-in contacts is likely to be of a higher quality and lead to higher open rates and higher click rates.

You can see an example of an opt-in request below, in the CTA component for our B2B Outbound Marketing Guide for European Markets. You can choose to check the box next to the text that reads “Tick for more of our best how-to guides, templates and ebooks via email”. If you do so, you will opt-in to receive Pipedrive marketing emails.

If this CTA did not have a check box, it would fall into the category of ‘implied consent’ instead of ‘express consent’.

Get your B2B Outbound Marketing Guide for European Markets

This guide will help you build a marketing strategy for European markets while staying compliant with the rules and regulations.

What is implied consent and does it count?

Implied consent unfortunately is not sufficient when it comes to email marketing. It happens when a contact has provided their email address within the last two years in a contact form or as part of a transaction or similar, but has not expressly consented to receive marketing email.

Here are some examples of implied consent:

  • When someone provides their email within the last 2 years as part of a purchase for a good or service (or, in the case above, to download an ebook)
  • When someone is or has been a member of your association or club within the last 2 years

What happens if you don’t have express consent for a group of contacts and you send an email campaign anyway?

Contacts that have not provided express consent are more likely to mark emails as SPAM and less likely to make purchases or take the action your marketing is asking for.

This practice is also much more likely to lead to blocklisting, meaning that any emails sent after the campaign to the non-consent audience would be aggressively filtered so that, in future, you would likely not be able to send any email of any kind to any part of your contact base.

Additionally, this would hurt Pipedrive’s overall reputation and negatively impact the delivery of emails from all of our partners.

So, how does GDPR fit in?

General Data Protection Regulation or GDPR addresses data protection and limits the free movement of the personal data of European Union citizens. It applies to any organization or institution in the world that processes the data of people living and operating in the European Union. This means that it affects more than just EU-based companies, for example, if you are based in Brazil and have clients or prospects in France, you will need to adhere to GDPR rules.

How does GDPR affect you?

If you’re an email marketer, you need to get verifiable permission to send emails to your users. In other words, GDPR requires consent: the people on your email list have to agree to receive your newsletters or promotions.

You can process personal data without breaching GDPR if:

  • You have consent from the email user where it states that you can send emails. It can be a written contract, audio file, or data from a subscription form (IP of the user and the time when they subscribed and the form itself).
  • You need to fulfill legal obligations, e.g. for contract or invoice.
  • It’s needed to protect the data subject’s interests.
  • You have valid legitimate interests.

To fulfill your legitimate interests, you don’t need consent from the subscriber, but these interests must be compliant with the law. You must have a clear and valid argument for the purpose of these actions, (sending email or processing subjects data). They can breach a person’s fundamental rights only when the processed data is used to protect human rights, country, security, and welfare.

Remember that this is an informative article and shouldn’t be perceived as legal advice. For more information on GDPR, visit the official homepage of EU GDPR.

To demonstrate consent from your subscriber, you must have transparent and understandable proof of the approval the subscriber gave you. If you are using subscription forms, it can be an IP the subscriber used at the given time they filled your form and gave their consent.

The subscriber or institution that oversees GDPR may ask you for this data, so you should preserve it. This means that if you have contacts in your email list that have been gathered offline without saved opt-in proof, you still need to have proof of their consent that you can show.

What are the benefits of GDPR?

We believe that GDPR improves your email campaign ROI. Apart from fewer spam complaints and people unsubscribing, we believe our clients will benefit from better open rates and improved KPIs. This will improve your deliverability across different email services and help you maintain a stronger list of subscribers.

Driving business growth