Email Marketing Laws: Understanding GDPR In The UK

Recently, I’ve had the misfortune – along with several business associates – of receiving cold emails. Now, I’m all about reaching out to your target customers – I’ve built a whole business around it! But I always advise my clients to stick within the boundaries of the very clear email marketing laws.

Email marketing laws aren’t the most exhilarating topic. I know anything to do with the rules of GDPR or cold emails is often met with an eye roll and people zone out. Bear with me – because it’s REALLY vital that you understand them, at least at a basic level. 

In this blog, we look at cold emails, the legal boundaries of email marketing, GDPR in the UK (and other countries), the consequences of noncompliance and how we can stay on the right side of the law.

What are cold emails and are they illegal?

Cold emails are unsolicited emails sent to someone who has not previously expressed an interest in receiving emails from the sender or their business. Cold emails are typically used for marketing purposes, such as promoting a product or service, or for networking purposes, such as seeking new business opportunities.

Cold emails are a massive nuisance to most people but they are not inherently illegal – to a certain degree. The legality of cold emails depends on the specific laws and regulations in the country where the email is sent. In general, most countries require businesses to obtain the recipient’s prior consent before sending them marketing emails. 

As we will see later, cold emails aren’t always illegal, but sending them without proper consent or in violation of the applicable laws can result in penalties, fines and damage to a business’s reputation.

What is GDPR in the UK?

GDPR in the UK is General Data Protection Regulation. It’s a set of regulations that govern the way personal data is collected, processed, stored, and shared by organisations operating within the EU – including the UK. 

Under the rules of GDPR, personal data is defined as any information relating to personal identification, such as a name, address, email address, or IP address.

Email marketing campaigns and agencies must follow these rules of GDPR:

• Agencies must obtain consent from individuals before collecting, processing, or storing their personal data and before sending any marketing emails.

• Consent must be freely given, specific, informed and unambiguous.

• Agencies must keep a record of how and when consent was obtained. 

• Individuals have the right to access their personal data, request its deletion and object to its processing in certain circumstances.

• Agencies are also required to report data breaches to the relevant authorities within 72 hours and to notify affected individuals if the breach poses a high risk to their rights and freedoms.

International email marketing laws

GDPR in the UK is one in a number of international email marketing laws that businesses and email marketing agencies need to be aware of. These include:

• CAN-SPAM (Controlling the Assault of Non-Solicited Pornography And Marketing) Act: This is a US law that governs commercial email messages. It requires businesses to include a clear and conspicuous opt-out mechanism, accurate subject lines, and identification of the sender in commercial emails.

• CASL (Canada’s Anti-Spam Legislation): This is a Canadian law that requires businesses to obtain consent from individuals before sending them commercial electronic messages. The consent must be obtained through an opt-in process and must be explicit and specific.

• CCPA (California Consumer Privacy Act): This is a California law that gives consumers the right to know what personal information businesses collect about them, the right to request deletion of their personal information, and the right to opt-out of the sale of their personal information.

• Australia’s Spam Act: This law regulates the sending of commercial electronic messages, including email, in Australia. It requires businesses to obtain the recipient’s consent before sending them marketing emails, and prohibits the use of address-harvesting software and address lists obtained from harvested addresses. 

• Germany’s Federal Data Protection Act: This incredibly strict legislation sets out stringent requirements for businesses when obtaining & processing personal data, which includes double-consent and provision to individuals with information about how their data will be used.

• Singapore’s Personal Data Protection Act: Along with other data and spam laws, this data protection law in Singapore requires businesses to obtain individuals’ consent for the collection, use, and disclosure of their personal data, and they must notify individuals of the purpose for which their data is being collected. It applies to both physical and electronic data – including emails.

Penalties for non-compliance

Businesses and email marketing agencies that fail to comply with email marketing laws can face severe penalties and consequences. Here’s a brief overview of the penalties for non-compliance under the rules of GDPR and other international laws:

• GDPR: Organisations that fail to comply with GDPR can face fines of up to 4% of their annual global turnover or €20 million, whichever is higher. The fines can be imposed for various violations, including failure to obtain explicit consent, failure to notify authorities of data breaches and failure to comply with individuals’ requests to access, modify, or delete their personal data.

• CAN-SPAM Act: Violators of the CAN-SPAM Act can face fines of up to $43,280 per email sent. 

• CASL: Violators of CASL can face fines of up to $10 million for businesses and $1 million for individuals per violation.

• CCPA: The CCPA allows consumers to sue businesses that violate their privacy rights. The fines can range from $100 to $750 per consumer per incident, or actual damages, whichever is greater.

• Australia’s Spam Act: Businesses that breach the Act’s requirements can face significant penalties, including fines of up to AUD 2.1 million per day for repeat offenders.

• Federal Data Protection Act: Breaching the BDSG can result in significant penalties, including fines of up to €20 million or 4% of global annual turnover, whichever is greater. 

• Singapore’s PDPA: Individuals who breach PDPA can be fined up to SGD200,000. The financial penalty for businesses may be up to 5% of the organisation’s annual local turnover, or up to SGD 1 million.

The fines can be imposed for various violations, including failure to include a clear and conspicuous opt-out mechanism, failure to identify the sender of the email, failure to provide accurate subject lines and failure to provide accurate identification of the sender.

Why cold emails are bad for your business

So cold emailing isn’t exactly illegal. And while the penalties for noncompliance to laws and the rules of GDPR are predominantly financial, that’s not to say that it won’t impact your business. 

Non-compliance to email marketing laws can lead to loss of customer trust and damage to the brand’s reputation. We cannot undermine the reputational impact of bad emailing etiquette, such as:

• Risk of spam complaints: Sending cold emails can result in a high number of spam complaints, which can lead to legal consequences and damage your deliverability reputation so you emails will usually end up in spam folders and promotion tabs.

• Low conversion rates: Cold emails often have low conversion rates, meaning the effort and resources spent on creating and sending the email may not be worth the return on investment.

• Time-consuming: Creating and sending cold emails can be a time-consuming process, taking away from other important business activities.

• Limited targeting: Cold emailing is often sent to a broad audience without any prior qualification or targeting, resulting in a low response rate and wasted resources.

• Damage to brand image: If your cold emails are perceived as spam or unsolicited, it can harm your brand image and make it difficult to establish trust with potential customers.

• Risk of legal consequences: Cold emailing without obtaining the recipient’s consent or following relevant laws and regulations can result in legal consequences and penalties.

Overall, while cold emailing may seem like a quick and easy way to reach potential customers, it can have massive negative consequences for your business.

Instead, consider building relationships with potential customers through opt-in email lists or other targeted marketing strategies, like engaging with ideal customers with personal outreach which is much more beneficial. 

How to get on the good side of email marketing laws

Now that we understand the rules of GDPR and the ins and outs of email marketing laws, how do we ensure that we can abide by them? 

Consider hiring a professional to set up your email marketing so you know that you are complying with the necessary email marketing laws in your area.

Here are 10 tips to keep you on the right side of the law!

1. Acquire consent and permission: Before sending marketing emails, obtain consent and permission from individuals to receive them. This can be done through opt-in forms on your website, or by asking for permission when collecting email addresses.

2. Store your subscriber’s data properly: Ensure that personal data, including email addresses, is stored securely and in compliance with data protection laws.

3. Abide by content requirements – no misleading information: Ensure that your marketing emails contain accurate and truthful information and do not mislead or deceive recipients.

4. Respect email frequency preferences: If subscribers are given the option to choose how frequently they receive emails from you, ensure that you respect their preferences and do not send them emails more frequently than they have requested.

5. Introduce yourself and your business – including your address and contact information: Clearly identify yourself and your business in your marketing emails and include your contact information.

6. Indicate that your email is an advertisement: Clearly indicate that your email is a promotional advertisement, to avoid any confusion or misunderstanding.

7. Include an unsubscribe option and honour opt-out requests: Include an unsubscribe option in your marketing emails and ensure that opt-out requests are honoured promptly.

8. Learn the specific laws of your region: Familiarise yourself with the specific email marketing laws and regulations that apply to your region.

9. Use double opt-in: Consider using double opt-in, which requires subscribers to confirm their consent by clicking a link in a confirmation email, to ensure that individuals are actively and intentionally opting in to receive your emails.

10. Provide value in your emails: Focus on providing valuable content and offers in your emails, rather than solely focusing on promotional messages. This can help build trust and engagement with your subscribers, and reduce the likelihood of complaints or unsubscribes.

By following these tips, you can ensure that your email marketing campaigns are compliant with relevant laws and regulations and avoid potential legal and reputational consequences.

Conclusion

Nobody likes cold emails! A successful email marketing campaign relies on a targeted effort towards people who want to read your content and want to utilise your business. 

Understanding email marketing laws like GDPR in the uk will not only keep you away from nasty penalties but it will ensure the engagement and the retention of your customers.

Relying on cold email is a counterproductive effort. Email marketing is just like a real life relationship, consent is the key! Nobody wants to be a nuisance. 

* Please note that I am not a lawyer, this article is meant for information so you have a starting point to understand email marketing laws. These laws can change so I advise checking the rules where you are located, before you start using email marketing in your business.