How Email Legislation can impact your marketing

Email is undoubtedly an effective marketing channel

There is no denying that out of all the marketing channels at our disposal, email has the potential to be one of the most rewarding. It allows you (assuming you don’t end up in the Spam folder) to reach a highly targeted audience with a carefully crafted message - one that hopefully entices them to open, read and take your desired action.

From a recipient’s point of view – getting emails from a company you are interested in with their latest news or offers can be also be useful and rewarding. It’s when your inbox gets clogged up with emails from people you’ve never heard of, pushing things you don’t want (or even worse trying to scam you) that things start to go wrong.

It is estimated that around 15% of all the emails received are spam, despite anti-spam technology become increasingly proficient in recognising and filtering these unwanted emails. A large proportion of these unwanted emails are from people deliberately spamming us but a sizeable number are from companies either not fully understanding the laws around sending emails; not checking the quality of email lists they are buying or simply not maintaining their own email databases effectively enough.

If you are one of these companies then now is the time to start getting your house in order as there are new EU regulations coming into play on May 25th 2018 that could prove extremely costly to you if you’re found to be breaking them.

So let’s start by looking at the basic Data Protection Association (DPA) rules in the UK regarding sending email marketing messages.


Consumers and Businesses have different rules:

The most basic requirement is that you cannot send an email to an individual who has not actively opted in to receive it. However, at the moment in the UK, the DPA’s Privacy and Electronic Communications Regulations (PECR) allow you to send business related emails to Ltd companies and PLC email addresses without any opt-in requirement.

If you are looking to email a sole trader or partnership (where there is more chance the company email is also the owner’s personal one too) then you can only send unsolicited emails to a generic address such as sales@ or info@.

Include an Opt in: Every email you do send to these businesses must include the option for the recipient to opt-in to receiving future ones. By opting in we mean that they physically have to tick a box to say that they wanted to be contacted by you or carefully selected third parties again. It is no longer acceptable to say “tick this box if you don’t want to be contacted” and hope that they don’t read it.

Who are you and what do you want!?: When you send someone an email it must be clear to them who has sent it; what you are trying to say or sell to them; what the promotion is and if there are any conditions to getting the offer. You cannot hold this information back until they have clicked through to your site.

Promotional v Service Message Emails: If the person is an existing customer then you have the right to contact them to inform them of important account information. This important information cannot be promotional in any way if they have opted out of promotional emails from you.

For example – if they have opted out of receiving emails from you then you could still email them to tell them that there contract is ending next month but you could not use this opportunity to tell them about a 20% offer you are currently running.

Email Preference Service eMPS: As with the telephone preference service, people can also add themselves to the Email Preference Service, which means that they do not want to receive any unsolicited emails anymore and go be removed from national lists. You should regularly screen your email database against this list and remove contacts accordingly. Again, email of a B2B nature sent to a company is not affected even if they have added it to the eMPS.

Third Party Sellers: The grey area here is that you might be buying lists from a third party and, if this is the case, then it is definitely a case of the buyer beware. The email provider should always be able to explain (and prove) where they got the email addresses from; that the emails they are selling you are from people who have opted in to receive marketing emails and that they are updating and regularly cross-referencing their lists against the Email Preference Service.

There are many companies offering hundreds of thousands of emails at incredibly cheap rates and often these addresses have been sourced by scrapers trawling the web. Be very careful and ensure you do proper due diligence on any company before you buy their lists. They are not always that easy to spot but to be on the safe side we would recommend that you go with a well-known and established provider that is a member of the DMA (Direct Marketing Association) - like Kompass.

If you are found to be breaking these rules (usually flagged up by the DMA getting multiple complaints) then you’re liable to be fined up to £500,000. This in itself is a pretty strong incentive to play by the rules for most companies but all that is about to change…


GDPR is coming…be ready!

We have discussed the UK email regulations but currently there is no consistency with other countries in Europe and the rest of the world - some are much less stringent than us. This is what the General Data Protection Regulation (GDPR) is aiming to do - provide blanket protection to its EU citizens.

Not only are the new regulations much stricter but they also come with a much bigger stick to beat offenders with…fines of up to €20 million or 4% of a Brands total global annual turnover (whichever is higher) - that’s quite an incentive to pay attention.

So let’s take a look at what is going to change for you as an email marketer on the 25th May 2018 when it comes into effect.

The first thing to clarify is that this is not only a regulation for companies in the EU - it is for companies anywhere in the world that are emailing EU citizens…all 750 million of them. It also gives increased protection to EU businesses too. For UK email marketers most of these new regulations should hopefully be business-as-usual in terms of what we discussed earlier around active opt-ins and clearly stating who you are. 


Changes to how you collect Email Data

There are a number of ways we try to collect the details of people we can then add to our email database - such as providing their details in exchange for downloading your latest white-paper. Things in this area have tightened up significantly and if they are providing personal information (for example as part of a download form) then you have to inform them what you will be doing with that information and give them the option to opt-out.

Potentially Say Goodbye to Your Email Database

Unfortunately for you this requirement for consent when collecting details and email addresses is retrospective. This means that any of your existing email addresses collected in this way that did not explicitly tell users this information and get their consent are potentially not going to be emailable anymore.

This could be a massive hit to your database of customers that you’ve worked so hard to build up over the years so get the necessary information and permissions in place now so you don’t lose any more. Many companies are contacting their email subscribers trying to retrospectively get these permissions to continue emailing them after the 25th May.

Maintaining Your Email Database and Proving Consent

If you thought your work was done when you’d ensured appropriate consent was captured at point of collection then you’ll be disappointed. Another area where GDPR is tightening up is the way that you record and maintain this information.

If someone complains about you and you get audited by the regulators then you have to be able to prove that you have fully complied with the GDPR regulations. Ensure you can demonstrate where you collected that data (right down to which form) and, in case that form is taken down, it is worth keeping a screenshot of it saved somewhere centrally.

You also need to be continually checking that your database is reflecting the latest opt-in permissions of your intended audience.

The changing regulations can be fairly complicated, especially for larger companies with huge marketing databases, lots of email capture points and numerous email campaigns going out all the time. We recommend that you spend more time reading up on the finer details and ensure that you - and everyone relevant in your company- is fully aware what is expected.


Related articles: GDPR countdown , GDPR regulation - friend or foe? , Dodging the hard bounce


Author: Matt Lester,  SEO Manager at Fidelity International

Disclaimer: Please note that this blog only contains general information and insights about legal matters. The information is not advice, and should not be treated as such.