Reminder GDPR emails: How to follow the rules

More than half of all emails sent globally are some form of marketing. It’s thus a huge market that has previously been largely unregulated. E-mail has been covered since 25 May 2018 by the data protection regulation that is common to all countries within the EU. It goes by the name GDPR (General Data Protection Regulation) and means that authorities, companies and organizations must follow a number of rules for GDPR emails – otherwise they risk heavy fines.

GDPR aims to strengthen the protection of the individual when processing personal data. GDPR emails may not be sent to anyone who has not approved it in advance. This not least affects email marketing. Rule offers functions and solutions for companies and organizations that want to be able to send newsletters that are approved according to the GDPR.

Here we will go through what you need to know to be able to market your business in emails that are allowed according to GDPR.

gdpr mailutskick

How does it work to send newsletters with GDPR?

Newsletters are also covered by the GDPR. An approved GDPR newsletter or email may only be sent to those who have given their prior permission. There must therefore be a consent, according to the GDPR, for newsletters to be sent at all. This applies to newsletters which are to be regarded as marketing and which contain information about services and products. Other requirements for GDPR-approved newsletters are that it should be easy and free to unsubscribe from the newsletter and that it should be clear who the sender is.

GDPR e-commerce

GDPR affects, among other things, how a company can interact with its customers, what information the company is allowed to have about them in its registers and what tools may be used to collect information about individuals. Today, it’s possible to collect data about individuals with tools that enable personalized marketing and information. But it’s therefore important that these tools collect information in a way that is okay according to the GDPR.

GDPR e-mails are an important part of it all, but there is more to get acquainted with for anyone involved in e-commerce. By using the platform that Rule provides, it will be easier to follow the GDPR when sending emails and other activities covered by the new data protection regulation.

gdpr mailutskick

GDPR B2B newsletter

Even companies that primarily, or only, conduct B2B activities are affected by the GDPR, but not to the same extent. All emails containing personal data are covered by the GDPR. Salary specifications are an example of a document that may not be sent as an email if it’s not encrypted. Business contacts must also be processed in accordance with the GDPR when sending emails and in registers, for example.

A person with an individual company is protected in the same way as a private person without a company, even though the social security number also identifies the company. It can be said that the GDPR is a protection for individuals, and not companies, but the individuals who work for a company within the EU are also covered by the current data protection regulation.

How is personal data defined according to the GDPR?

To simplify this, it can be said that emails, according to the GDPR, must be based on consent and that personal data must be treated with the utmost respect. What then is counted as personal data? This is, of course, an important issue in this context. The answer is that all information that applies to a person and that can contribute to the person being identified is counted as personal data. This can be contact information, an IP address, car registration number, photographs and of course ID documents. Information concerning an individual’s ethnicity or social identity as well as medical information that can be used in identification must also be processed on the basis of the rules in the GDPR.

gdpr mailutskick

Tips on how to handle emails according to GDPR

  • A company or organization needs to develop a plan for how emails and newsletters should be handled so that they comply with the GDPR. This can be done in the form of policy documents and concrete instructions that everyone has access to and which are updated as needed. With the GDPR, new requirements are placed on how e-mails and newsletters may be designed and on how we may sort and store incoming e-mails. In larger companies, you should take a collective approach to this and not just expect all employees to learn on their own what the changes mean. You should also follow up that the rules in the GDPR are actually applied.

  • Do you have email lists based on recipients who joined the list before 25 May 2018 when the GDPR came into force? Then it’s a good idea to ask for consent for the recipient to continue to receive your emails. A reasonable interpretation of the Data Protection Ordinance, however, is that recipients of newsletters and e-mails who have previously given their consent do not have to do so again, as long as they have had the opportunity to unregister themselves. If your company has purchased an email list, you can expect to need the consent of all recipients if you want to be able to continue processing information about them. Some companies delete their entire database to rebuild it based on the GDPR, but this is not necessary.

  • In addition to requesting consent to e-mails, you may also need to revise what information you store about the recipients of your e-mails so that the data protection ordinance is complied with. The information must be important based on the business you conduct.

skapa email

GDPR does not prohibit email marketing

Although the GDPR means that emails must comply with certain rules, this is not a total ban on e-mail marketing. Communication with the company’s leads is not so much affected. This is about a group that has actively chosen to interact with the company. However, new rules apply to “prospects”, i.e. people who can be assumed to have an interest in what you offer but who have not approved that you contact them. This assumption is not a strong enough reason to make a person a recipient of emails.

How to collect consent for e-mails according to GDPR

It’s important to keep track of what counts as consent. This is regulated by the GDPR and methods for collecting consent that have been used in the past are not always allowed today. Informing about consent in a fine-grained paragraph is not enough. The recipient must have agreed to send an email through an active document. Having a pre-filled check box in a form does not count as an active document in that context.


Gmail GDPR

Gmail is the world’s largest email service with nearly two billion users by 2021. Google has integrated some features that make it easier to comply with the GDPR. For example, it’s possible to send potentially sensitive information via a link in an email. The information is then destroyed after a certain time. This reduces the risk of sensitive data being saved as a result of a mistake. We at Rule also design our services to make it as easy for you as possible to send newsletters and emails based on the provisions of the GDPR.

Become a winner in an era of consent-based marketing

Of course, there were advantages to being able to send newsletters and e-mails to thousands of recipients from registers compiled without any requirements as to what or who was registered. But honestly, the opening frequency is low when it comes to that type of mailing. There are much more effective ways to reach your target group than via mass mail to recipients on email lists you may not have compiled yourself but bought from someone who came across email addresses in a dubious way.

Today, it’s segmentation and data-driven marketing that apply. E-mails should not only be approved according to the GDPR but they should also contain content that is relevant to your recipients. Mass mailings usually get stuck in spam filters and can be very annoying when they do not. A newsletter or an email with personalized offers, on the other hand, creates value for both the recipient and the company that sent them.

Did you know that Rule is a GDPR compliant platform where all customer data is secured? By using our platform for marketing and communication, you can take your email marketing to the next level. Send interesting newsletters as well as good offers and not spam!

Share this article

Drive engagement and growth through smart communication

5 bra marknadsföringstips

5 eggcellent Easter marketing tips

We are heading towards brighter times and Easter is approaching. Therefore, it’s time to start planning for a colorful Easter campaign. Easter is a perfect ...
Read More
BF 2

Successful email marketing during Black Friday

For retailers, Black Friday is one of, if not the biggest sales event of the year. There is a possibility to compensate for lost revenue ...
Read More

Effective ways to increase summer sales using SMS

Encourage repeat purchases using SMS By using SMS sending and the full potential of mobile marketing, you can reach more customers, increase conversion and encourage ...
Read More

Explore Rule Free, without even having to register a debit card.

Discover how you, with the help of Rule and smart communication, can drive growth through increased engagement. 


  • Pre-made templates and free emails
  • Try our features in your own pace
  • No lock-in period or hidden extra fees

Get a personal demo of Rule

Discover how you can increase digital engagement and growth in a personal demo of our platform.