Almost in panic, companies are questioning proven marketing methods because of the new GDPR. Best example: e-mail marketing. The good news first: It is not absolutely necessary to force all previous recipients of newsletters to register again. The bad news: This only applies if the senders of the newsletter have already done everything right. Because e-mail marketing is not a question of the new GDPR. This topic has long been regulated by the law against unfair competition, or LAUC for short.

What do I (always) have to consider?

1. A mail with advertising is only permitted if the recipient has ordered it himself or/and has consented BEFORE to receive it. This consent must be proven by the sender. Best way: A double opt-in procedure (see points 7-9).
2. If the sender cannot (no longer) prove the consent of the recipient, he must actually obtain it again. BUT: Many people simply click such mails away because they are not interested in advertising. Or they are afraid that the mail is a camouflaged attack by hackers (which, by the way, is increasing massively at the moment).
3. Obtaining consent again can therefore lead to a massive reduction in the number of (re)confirmed recipients. Therefore, one should weigh this very critically from the point of view of sales and carefully study §7.3 of the LAUC (see picture).
4. It looks bad if, for example, contact data was simply entered after trade fair visits and used for mail marketing. If the recipient is not a “customer” in the classical sense, but only an interested party in the broadest sense, then at best one could have acted in the grey area of a tacit declaration of consent.
5. For a cost-benefit-risk assessment, it is particularly important that the recipient has been and will continue to be clearly and unequivocally informed of the possibility of objecting to the storage of his or her data each time his or her e-mail address is used.
6. If possible, every newsletter recipient should be able to unsubscribe from the corresponding mail lists with just one click. (For newsletters, which are designed and sent by Alldesign, this is by the way standard.) If he does not use this possibility, one can assume a tacit agreement.

If it has to be new

A 100 percent certainty about the handling of the tacit declaration of consent will result in the next months, years after appropriate legal proceedings. In any case, in future the registration of new persons for newsletters should be GDPR-compliant (and documented):

1. The most secure method (under data protection law in particular) for recording e-mail marketing recipients is a double opt-in procedure, via which the recipient logs himself in. A note especially for business card collectors: At least the person should confirm via confirmation link (e-mail) that he/she would like to receive the company’s newsletter by e-mail in the future.
2. The future recipient must be informed about which news he or she will receive in which digital way. A blanket consent to all communication channels and media is not permitted.
3. Already with the input of his personal data, at the latest with the mail with the confirmation link, the receiver must be pointed out to the possibility of the revocation of the use of his data.
4. Only when the respective recipient has confirmed his “order” by clicking on the link will he be included in a corresponding database.

Incidentally, the GDPR requires that all notification, confirmation and revocation declarations be easily understandable. Legal German is quickly incomprehensible here. However, the GDPR does not like incomprehensible texts at all. So the legal situation. However, it could become quite entertaining what (the judges, if applicable) consider to be “understandable”.