Skip to main content
GDPR in email marketing

The sending of bulk email communications (e.g. newsletters) is associated with several legislative norms and rules valid in the EU

Kateřina Irová avatar
Written by Kateřina Irová
Updated over a week ago

Mailing is not only an ideal way to establish a relationship with your contacts or customers as part of your marketing strategy, but also to build a relationship with your contacts and create awareness of your brand or what you're up to. It's a form of consensual, expected and direct communication where you can also give your contacts a choice of how often or with what content they want to receive your emails.

Everything you need to know about mass mailing can be found in this article.

Article content:

- getting started, collecting new contacts, creating an email campaign

1. Background from a lawyer

Lawyer Petra Stupková from summarizes the most important things for you:

What content is considered a commercial communication?

A commercial communication is any form of communication, including advertising and encouragement to visit websites, intended to directly or indirectly promote the goods or services or the image of the business of the person who is an entrepreneur.

A business message includes a corporate Christmas card or various holidays, as you are promoting your image by sending them. Messages that contain birthday wishes or messages that pretend to be sent from "friends" while containing links to e-shop pages, banners or containing company introductions are also business messages.

We can also include here messages containing various user reviews or purchase ratings (or requests for reviews or ratings). The reason for this is that these messages are also aimed at directly or indirectly promoting the image of the business.

Warning! However, a commercial message is also a message by which you ask a person to agree to send you commercial communication, because you are already promoting services and goods, and as such it is aimed at promoting your business.

The rules for the form of commercial communication and its dissemination are set in accordance with Data Protection Law Enforcement Directive. Please, keep in mind that each country might have a different set of laws. However, the overall rules are the same and our goal is to make sure you can use email marketing within them.

Which messages are not considered commercial communications?

Messages promoting e.g. charitable activities, foundation activities or political parties are not considered commercial communications. Generally speaking, these are messages that do not promote the activities of businesses. Foundations, political parties and other similar entities are not considered to be businesses.

However, if these messages also promote business activities, whether they are ancillary activities or promote another entity that is a business, such a message would already be a business message. The rules described in this article would then apply to them as well. However, if the purpose of these messages is merely to inform about their non-business activities or to inform their members, they are not commercial communications.

Another exception are messages of a technical nature which announce e.g. a new version of the terms and conditions, a stoppage of services or a change in opening hours. If you send these messages to your customers, including those who have opted out of receiving commercial communications, they are not commercial communications.

However, if you send them to persons who are not customers and who have not consented to receive commercial communications, the message would be considered a commercial communication used to indirectly promote the goods, services and image of the business. Even for these messages, you would then have to comply with the requirements set out later in this article.

Who can you send a mass e-mailing/business message/promo to?

In order to send business communications to contacts, you must meet one of two options:

  1. Prior consent (opt-in mode): contacts must consent to the processing of their email for the purpose of sending the newsletter before you can reach them with the mailing (see "Collecting new contacts" below).

    In practice, this will most often involve various newsletter sign-up forms. In these cases, pre-ticked consent boxes cannot be used. As a reminder, consent must have the attributes according to GDPR and setting up a subsequent verification of the email address by the recipient (double opt-in) is considered necessary (more on this in the "Collecting new contacts" section of this article).

  2. Legitimate interest in the promotion of similar products, services (opt-out mode): you can also send commercial communications if the addressees are your active customers. These are customers who have not previously opted out. We recommend that you give the opt out option of the newsletter by using the checkbox in the last step of the order with the text "I do not wish to receive the newsletter". In addition, commercial communications to this category of contacts must only relate to goods or services that are similar to what the customer has purchased from you.

    If you already offer a wide range of goods and services, the customer can expect to receive offers for the entire range and no consent is required. However, if you were to expand your range to include other completely different products or services that you would like to promote, you would need to obtain consent from your recipients to receive commercial communications.

Both cases need to be taken into account and correctly described in your Privacy Policy.

It doesn't matter if you are addressing consumers or business contacts. Both natural persons and legal entities enjoy protection under the law. In addition, even a company email can be personal data if it is information that leads you to a specific person.

The subscriber (whether they are your customers or have subscribed) must be informed of the marketing communication, including how long you consider them to be active and therefore you will process their data for the purpose of the marketing communication.

Who you can't reach with a mass email/business communication

  1. You are not allowed to send to contacts from publicly available or purchased databases. The actual buying and selling of contacts is not regulated by law, therefore is possible. However, problems may arise when implementing the purpose (e.g. bulk mailing) for which the contacts were obtained, i.e. when using them for commercial purposes.

  2. Similarly, it is not possible to approach contacts for whom you are unable to prove prior consent to send commercial communications or to provide evidence of a prior order, and therefore to meet the legitimate interest or prior consent conditions described above.

  3. In addition, you may not contact persons who are only potential customers or who have only participated in your contests without consent. In these cases, they need to give their consent to receive commercial communications.

  4. Lastly, it is not allowed to reach out to contacts who have provided consent to a different business of yours or to receive 3rd party offers (without further specification). These contacts can only be used if they have also provided consent specifically to your business by checking a box.

Warning, it is also not possible to use contact details that are freely available online!

In a nutshell - any contact databases that are obtained for a primary purpose other than to send commercial communications directly by you cannot be used for mailing.

If you do decide to send bulk mailing to contacts to whom it is not allowed by law, a) by importing contacts of such nature into the application you are already violating the Terms and Conditions of Ecomail and you risk blocking your account -> and with it the impossibility to send further campaigns or otherwise use our application, and at the same time you are no longer entitled to a refund of the already paid funds. In the event of a report, you also risk further investigation and heavy fines.

How to handle the contacts in the database?

You have put together contacts to whom you can send commercial communications on the basis of legitimate interest or consent. What now?

First of all, you need to fine-tune your data processing policy. The policy should specify the retention period of the personal data and, if applicable, information on the review of the stored data. They should also set out the scope of the processing (e.g. customer name, surname, email and phone number), the purpose of the processing (e.g. marketing, order processing), the reason for the processing (legitimate interest or consent, see above) and the specific processors (i.e. those who can access the data from the database - for example Ecomail).

As for the duration of the processing of personal data, according to the GDPR it must not be longer than necessary.

Example: you sell toys on your e-shop and plan to send newsletters for 10 years. In this case, this would be an unreasonable period of data storage, not only from a legal point of view, but also from the point of view of the relevance of the commercial communication to the recipients. For example, the database will only be up-to-date if you only send commercial communications to customers who have made a purchase from you in the last two years.

What must the commercial message contain?

  1. The commercial message must be clearly and distinctly labelled. This can be done, for example, by stating "CM, newsletter, news, events, discount" or a similar title in the subject line or before the sender's address. Mere labelling in the content of the message is not sufficient.

  2. A commercial communication must contain an indication of the person to whom it is sent. It is necessary to clearly identify the entrepreneur, the full business name or name with additions, the registration number and registered office, the registration in the commercial register (or trade register), or the person representing the legal entity. For example, a simple link that redirects the addressee to your website cannot be considered sufficient identification. It is not possible to hide or conceal the identity of the sender.

  3. A simple way to refuse to receive commercial communications. This obligation can be fulfilled by including an unsubscribe link in the email.

    It must be included in the commercial communication so that the recipient can directly use the click-through link. If the commercial communication does not contain a valid unsubscribe link, it is an offence for which a heavy fine is possible.

    From the moment you learn of the opt-out, you may not send further commercial communications. It is essential that you keep a contact list in which you record the contact details of persons who have refused to receive commercial communications and exclude these persons from any further mailings.

You can also be fined for sending commercial communications that are not clearly and conspicuously marked as commercial communications, conceal the identity of the sender, or do not contain a link to terminate the communication.

2. The most important links

To begin with

Before importing contacts, we recommend reading the Ecomail Code of Use. For efficient and simple contact management, we recommend working with a single contact list in the application. And don't forget that you need to verify the sending domain before the first distribution for good deliverability.

Collecting new contacts

If you want to collect new contacts on your website or e-shop that you can reach by mailing, you can use a simple collection form creation - but beware, the form must state that it is a mailing sign-up and must also contain a link to the Privacy Policy.

If you use Ecomail forms to collect new recipients, you also have:

  • in the contact list settings (registration settings section) you have the option to activate double opt-in, which allows you to verify registered email addresses by means of a confirmation email (i.e. everyone who enters their email address must still confirm it in the email that arrives in their inbox immediately after registering in the form); this automatically eliminates spam traps (fake email addresses) from the database

Creating an email campaign

If you need advice on how to make email campaigns, we share with you our tips for creating campaigns and newsletters, as well as anti-spam recommendations to help you avoid spam filters from mail clients.

You can also add information in the email (typically in the footer) about how you obtained the recipient's email address, or the reason and frequency of your outreach.

3. Ecomail is here to help

The app should also help you in managing your contacts. Ecomail automatically sorts contacts (according to their behaviour in the campaign) into:

A contact profile is also available in Ecomail. By clicking on the email address of the selected contact, you can see all the information that is stored in the application for that contact. This includes information about the source (i.e. how the contact was acquired) and when the contact was registered (or unsubscribed).

4. How to process the data

How should you proceed to ensure that the data for your contacts in the database is not out of date or held illegally, and how long can you process the contacts?

The processing time for each contact depends on the segment of goods you sell. You may keep a contact who has bought a car from you active in your database for a different period of time, as you expect them to make a repeat purchase after a longer period of time.

For a shorter period of time, however, you should process the data of contacts who have purchased, for example, a t-shirt from you. This is because for fast moving goods you assume that they may repurchase from you much sooner.

In this case, the longest processing time for a contact should be between 2 and 4 years, not more. You calculate this time lag for holding a contact in your active database from the last time they opened your email. You should be able to keep an eye on the length of time you "keep" contacts in your active database, and comply with your own Data Processing Policy. Ecomail can help you with this. So how to do it?

1) Work with segments

If you have not updated the database for a long time, and the time for which you have the right to keep contacts in the database has already passed - create a segment of so-called dead souls, which you will try to reactivate with the last campaign (e.g. with an extraordinary discount). If even then the contacts do not show any relevant activity (clicks, opens, purchases) ➡️ unsubscribe them.

2) Set up reactivation automations

You can mimic the steps described in step 1 here, with the only difference that the whole process will be automated. You will set up the reactivation automation, some contacts will be reactivated thanks to the automation and those who fail - will be automatically unsubscribed from the emails.

If you have any further questions, you can contact us at

Did this answer your question?