Things to Know about UK Email Laws and GDPR Email Compliance

Email marketing is one of the most popular and effective marketing channels that’s used by thousands of businesses around the world.

However, businesses in the UK that use email marketing for commercial purposes are subject to strict guidelines, which sometimes, can be confusing.

Here are the most important things to know about UK email laws and GDPR email compliance.

UK Email Laws

The data that businesses in the UK can process as part of their marketing campaign is governed by two laws: the Privacy and Electronic Communication Regulation (PECR) and the General Data Protection Regulation (GDPR) law.

GDPR governs how businesses store personal data and PECR deals with consent and marketing by electronic means.

The GDPR UK law

GDPR is a European privacy law that affects every business, regardless of its location, if it deals with the personal data of people that live in the European Union. 

Under this law, personal data is defined as any piece of data that can identify a person. As such, businesses that process the personal data of citizens in the EU have to comply with the GDPR.

A detailed GDPR email compliance checklist 

The GDPR law requires all businesses to have a legal basis (ex. consent) to store data and outlines the rights that individuals have over that data.

GDPR email consent

Businesses often ask customers to give their consent through sign-up forms. However, the law emphasises that this has to be done in a way that’s unambiguous and that the data has to be” freely given” to ensure GDPR email compliance.

For example, your sign-up form cannot have any pre-checked consent boxes. 

Another thing to keep in mind is that data consent and Terms and Conditions are not the same and you can’t condition subscribers to agree to process their data in return for a service.

Under GDPR, businesses have to make a clear distinction between data consents, Terms and Conditions, and privacy notices.

Individual rights

As a business that uses personal data for marketing purposes, you’re required to answer any question from a subscriber regarding how their personal data is used and stored. Individuals can ask you to correct their data, prevent you from using it for certain purposes, like sharing their email address without permission in the UK, or ask to delete it entirely.

Businesses are also obliged (if asked) to let individuals know what data they have on them and give them access to that data.

GDPR unsubscribe rules

GDPR mandates that unsubscribing or opting out of marketing services is always an option. All marketing messages must include an “unsubscribe button.”

Keep a record of consents 

Under the law, businesses must be able to verify that they have obtained consent in an adequate manner and have a written record of how individuals agreed to let a business process their personal data. 

This includes information on who gave consent, when and how they consented, what they were told at the time of consent.

Limit the personal data collected

Businesses are not allowed to gather data that exceeds the purpose of its collection. For example, you can’t ask individuals to provide their phone numbers if you don’t have a mobile marketing campaign.

The PECR UK law

The PECR is part of the European Union ePrivacy Directive and covers the act of sending marketing emails. The PECR applies to all forms of marketing communication, including texts, phone calls, and even fax.

Under this law, businesses in the UK can only send marketing emails to individuals that have explicitly agreed to receive them or have a clearly-defined customer relationship with them. 

What is a clearly-defined customer relationship?

This means that as a business, you can send marketing messages to individuals that have previously purchased your products and services, agreed to give you their details, and did not opt-out of marketing messages.

This applies only in cases where you have given them an option to opt-out.

Individual subscribers vs. corporate subscribers 

Email marketing laws in the UK differentiate between individual and corporate subscribers.

 An “individual subscriber,” per PECR, is a customer or any organisation, including traders and partners. The law prohibits businesses from sending marketing messages to them in cases where they have opted out.

A “corporate subscriber” is a corporate body that has a different legal status, including government bodies, public departments, non-UK partnerships, and LLC partnerships. The PECR law does not apply to corporate subscribers.

Regardless of the status of the recipients, businesses have to clearly identify themselves and provide a valid address, as well as an option to unsubscribe.

Bottom Line

If you are considering launching an email campaign in the UK and the European Union, make sure you go over the things you need to know about UK email laws and GDPR email compliance. 

Don’t forget that GDPR and email marketing go hand in hand and breaking the law can result in heavy fines.