top of page

Email Marketing - Best Practices And Legal Compliance

Email marketing can be an indispensable tool for businesses of all sizes. Allowing direct communication with customers and prospects, companies can use email marketing to enhance the brand, upsell, highlight products and services, promote events and achievements and build community. Email marketing often invests in former customers which can mean less spend is required to attract new customers. Having a subscribership also implies a loyal following and allows you to keep your customers updated.

Bad practices in email marketing though, can do more harm than good.Companies that do not follow best practices or who fail to comply with regulations around email marketing may not only lose business, they may find themselves being served legal penalties.Whether you run a small business or a large corporation, ensuring that your email marketing strategies comply with relevant laws and regulations is vital for maintaining operational integrity and consumer trust.

This guide is designed to highlight and simplify the guidelines around email marketing, both from a legal and ethical perspective.

What Qualifies as Email Marketing?

Email marketing encompasses any email communication sent to a group of recipients with the intent to promote, inform, or engage them with a company's products, services, or brand. This includes newsletters, promotional offers, advertisements, and any other commercial message aimed at a broad audience.

An unsolicited email is an email you send without permission but to a specific person, which is legal so long as it is sent to a corporation (does not include sole traders or partnerships). Unsolicited email does, however, require you to identify yourself and enable them to opt out of further communications.

Consumer Consent For Email Marketing

Members of the public in the UK must opt-in to receive marketing emails. Pre-ticked agreement boxes or assumptions of consent are not sufficient and this aligns with regulations in most parts of the world.

However, an exception is set out in Privacy and Electronic Communications Regulations (PECR) relating to former customers. This permits you to send marketing communications to customers who have shared their details with you during the process of a sale or provision of services, and this is referred to as ‘soft opt-in’.

The soft opt-in rule applies only if:


  • You have obtained the data subject’s contact details in the course of the sale or negotiations for the sale of a product or service to that data subject.

  • The email marketing you are sending relates to similar products and services only.

  • The opportunity to opt-out is included in every communication

For example, if a client asks me to draft some T&Cs for them I can add them to my mailing list, as long as I include an unsubscribe button on my newsletter, but I can only send them marketing about legal services.  If, for instance, I set up a weekend gardening business then I wouldn’t be able to send marketing emails to my legal clients about that service.

Although not a legal requirement, many companies now choose a double opt-in process which usually requests a subscriber to follow a link in an email to confirm their subscription. This may appear risky, because the customer may rethink their decision, but some businesses have found the drop-off rate to be minimal. This process also tends to result in more engaged and better-verified audiences. 

Your sign-up process should be simple and concise. Yet, you may also wish to indicate the frequency and general purposes of your email marketing, so subscribers are better informed as to what they’re agreeing to.

The Right To Unsubscribe From Email Marketing

General Data Protection Regulations (GDPR) also demand that subscribers have the option to unsubscribe at any time and for any reason. The opportunity to opt out must be present in every communication and be clearly visible. The process should also be quick and simple.

Many email marketers use the unsubscribing process as an opportunity to learn, by asking customers what led them to this decision (too many communications, irrelevant communications, technical issues, etc). When a customer does unsubscribe this should be enacted immediately to ensure they don’t receive any further marketing communications. 

GDPR, PECR And Email Marketing

In the UK and Europe, GDPR and PECR (Privacy and Electronic Communications Regulations) are what we need to be compliant with for email marketing. Although PECR is due to be replaced with newer legislation, currently PECR sits alongside GDPR and both need to be adhered to when operating in the UK and EU. In the US, the regulations to follow would be the CAN-SPAM Act, in Canada it’s CASL and in Australia, it’s the Australian Spam Act. If you’re sending marketing communications globally, you may familiarise yourself with the other country’s regulations because you will need to be compliant if operating in regions covered by other legislation.

GDPR requires consent from every person o

n your subscriber list and demands that subscribers have the right to opt-out, as previously mentioned. The guidance also emphasises the importance of transparency and avoiding misleading or purposefully ambiguous information. This may relate to email subjects, descriptions, sender information and other content within the communication. 

The identity of the company sending the communication must be made clear. Other legislation outside of Europe and the UK tends to go further, insisting that sender contact details are also displayed.

Although under current data protection, this may not be legally required, it is considered best practice to at least link to a place where company contact details can be found. Marketing emails should also be identifiable as commercial communications.

Data protection

GDPR governs the way businesses can capture, process and store personal data. When managing a subscriber list it's your duty to keep the information of all subscribers safe and secure. This means ensuring systems are robust and protected and that access is restricted.

Whenever you request personal data, such as when you require an email address for someone to subscribe to receive your communications, you must link to a privacy policy that explains:

  • What data you're requesting and why

  • How this data will be used

  • How it will be protected

  • How long it will be stored for and how it will, when necessary, be destroyed

The customer’s right to access this information and to remove permission for you to hold this data at any time, must also be made clear. Furthermore, as a collector of personal data, you must also register with the Information Commissioner’s Office (ICO) and pay an annual fee, unless you are exempt (check the criteria).

To learn more about GDPR compliance, please see my Q&A series on Data Protection.

Email Marketing Best Practice

Not everything you should or shouldn’t do, when it comes to group email communications, is spelled out in legislation. However, there are ever-emerging and ever-evolving best practices that set industry standards and can help companies conduct their marketing operations in a way that develops and maintains consumer trust. Some of these include the following:

Subscriber preferences

In a bid to ensure subscribers are not inundated with irrelevant communications or put off by the volume of emails, some businesses allow subscribers to select their preferences from a drop-down or checkbox list. This might relate to the frequency, nature or subject of communications or a combination of all three.

Audience segmentation

Companies may use personal data, purchase history and/or subscriber preferences to segment their audiences. In doing so, the goal should be that marketing communications are adapted for each group so audiences see only what is personally relevant and likely to keep them engaged. For instance, if you have signed up to attend an event, you would expect to thenbe removed from the email list being sent promotions for the event, and instead become a recipient for ticket-holder communications.

Another way to leverage customer information, depending on what data you collect, might be to segment your audience into different target markets. So, National Trust members, for instance, might receive different promotions, news and updates, based on whether they have a single-person membership or a family membership. 

Audience segmentation can be an effective way to streamline communications, thus enhancing engagement and reducing opt-out requests.

Leverage analytics

Most email marketing CRMs will be able to provide you with certain analytics so that you can measure the effectiveness of each campaign. This might include the email open rate and conversion rate, as well as the unsubscribe rate. These can indicate how welcome a communication was and help you improve the quality and grouping of your email marketing.

Does your business send out marketing communications? Book a free consultation today to check if your practices are compliant and if your privacy policy and consent processes meet with regulations.


bottom of page