top of page

GDPR and Spam Email


Companies working with Big Data and marketing data may be sending emails to customers in a way that may not be compliant with the strict requirements as set out under GDPR.

GDPR is asking all organisations use a fresh pair of eyes to revisit the way they engage and communicate with customers.

So what does this mean for email marketers?

If you send marketing emails to EU data subjects then you will need to comply with GDPR and other relevant regulations – for example, PECR.

Under GDPR, organisations need to demonstrate that they are giving customers choice and transparency with regards to consent and the way in which individuals’ personal data is used.


GDPR sets out the key requirements around consent so if you are sending marketing emails to customers, you should check that you meet the stringent requirements around informed consent under GDPR.

Your organisation needs to have documented evidence that informed consent has been obtained.

Customers will be delighted to hear that the cloak-and-dagger and sometimes confusing options of opt-in and opt-out should be a thing of the past under GDPR.


The challenge for organisations is to demonstrate accountable and transparent data processing so that customers are not surprised somewhere down the line when they learn that you are holding and processing their personal data.

Again, GDPR clearly sets out the requirement for organisations to tell people about the personal data they hold at the point of data collection.

Know Your Data

Customer databases need to comply with other requirements under GDPR, such as purpose limitation and data minimisation – to name just a few.

It may be time to review your organisation’s database to ensure that the personal data that you hold is accurate and up-to-date.

Would everyone on your organisation’s database reasonably expect contact from you if you emailed them today?

The Benefits

The potential challenge in maintaining an up-to-date customer database comes with commercial advantages. This should be an opportunity to review the way organisations engage with their customers


General Data Protection Regulation (GDPR, the full document)

The Information Commissioners Office (ICO, UK) 12-step GDPR Guide

DMA and the General Data Protection Regulation (GDPR)

bottom of page