The General Data Protection Regulation (GDPR) was introduced in 2018. It aims to ensure that organisations that handle personal data use the data securely and provide the individual with control of their data. Failure to comply with the regulations could lead to your organisation being hit with a substantial fine of €20 million or 4% of global revenue, whichever is higher.
The GDPR states that marketing email amount to processing data. Therefore, the GDPR applies to marketing emails. It is important to remember that the Privacy and Electronic Communications Regulations (PECR) apply alongside the GDPR.
There are two main conditions that an organisation can use to comply with the GDPR’s rules on processing personal data.
Under the GDPR, consent must be obtained by an opt-in method. This means the customer must make a positive action to give you consent. This is normally done by making the customer tick a box which states they give consent to receive marketing emails.
- Legitimate interest
This is a vague term that could apply to a wide variety of situations. In theory, it allows the organisation to use personal data for any of its commercial interests or wider societal benefits. Whilst its flexibility could be of benefit to the organisation, it must be thoroughly justified. We will not look at this condition in any more depth as it will not work for marketing emails. To be compliant with the PECR marketing emails must have received prior consent from the individual.
For further information on this topic or on any other legal area, please contact John Szepietowski or Kay Stewart at Audley Chaucer Solicitors on 01372 303444 or email email@example.com or visit our Linkedin page at https://www.linkedin.com/company/audley-chaucer-solicitors/.
This information was correct as of November 2022