Latest insights from our experts

Dan Griffin

Posted 12 January 2018
by Dan Griffin

GDPR – Do I Need Consent from an Individual Before I Can Email Them?



There has been much confusion about the consequences of GDPR for organisations that need to send emails to individuals.

Some have suggested that the GDPR means that before you can hold an individual’s email address or email them, you need to obtain their consent. This is incorrect.

Where you are not sending direct marketing (i.e. promoting an organisation or product – different rules apply to that) emailing without consent may be permitted provided it complies with other lawful justifications for processing, such as performing a contract with that person or emailing a customer about fees or delivery dates.

The GDPR is absolutely not about requiring individuals’ consent before any data can be used but it does contain additional measures around consent where organisations choose to rely on it or the law requires it.

Where an organisation chooses to rely on it, consent must be freely given, specific, informed and unambiguous. Consent must also be a positive indication of agreement to data processing – it cannot be inferred from silence, pre-ticked boxes or inactivity. It must also be verifiable, for example by a record in the database where the email is held.

Consent cannot be a condition of some other contract which does not require it, for example when concluding a contract online you cannot require an individual to tick a box indicating they agree to a privacy policy which states that you will send them marketing emails in the future.

Consent is not the only means of lawfully processing individuals’ data. There may be other, safer justifications which your organisation can rely on such as where this fulfils a ‘legitimate interest’. It is often worth exploring these before jumping to the conclusion that consent is required.

If you need any advice regarding a matter like this, then please do not hesitate to speak with our Intellectual Property and IT team on 01392 207 020 or email ip@tozers.co.uk.

Want to know more?

Request a call back or ask us a question using our quick-contact form.
Alternatively you can call us on 01392 207020.

About the author

Dan Griffin

Dan Griffin

Associate

Associate within commercial litigation