GDPR y email marketing

On May 25, 2018, the new General Data Protection Regulation (RGPD or GDPR) came into force. It is normal that when a new regulation is applied, doubts arise about its implementation and its implications for companies, so we will try to solve them in this article.

What is the GDPR?

The European Union has updated its regulations on data protection. This new standard is called the General Data Protection Regulation (RGPD, hereinafter), and is generally applied to all types of entities, from public authorities to small and medium-sized companies, without differentiating whether the treatment takes place within from the EU or outside, as long as it affects European citizens. The main novelties that this European directive brings are:

  • They explicitly agree : the implicit consent that has been done in many data processing is “de facto” annulled and a real express and explicit consent is implemented. With the new regulation, the consent has to inform what the objectives of the treatment will be and the person responsible for it. You must be informed if the personal data that is the object of the treatment will be managed in third countries. It is recommended that this international management be carried out in EU countries.
  • Controls on suppliers are increased: with access to data especially for suppliers from outside the EU. These should be more exhaustive and all aspects that affect the security of the information handled will be regulated by contract.
  • Privacy by default: the approach to any new activity has to go through protecting the privacy of the information that is handled, from the moment of its conception.
  • The rights over personal data are increasing: the right to be forgotten is established, which makes it possible to delete user data; the right to portability, which allows data to be carried from one provider to another and the right to object to profiling for marketing purposes with user information.
  • Notification of incidents: incidents that have an impact on the security of information and personal data will have to be communicated to the control authorities and affected users within a maximum period of 72 hours.

You can check the percentage of compliance that your company has with respect to the GDPR with our self-assessment tool.

How does it affect email marketing?

The reality is that while this new regulation increases the protection of subscriber data, it does not prohibit anything that was not before. Spanish data protection legislation, made up of the LOPD and LSSI, was already one of the most restrictive in Europe, so the changes that have occurred do not affect email campaigns.

In the event that you have a business relationship with your subscribers or they have confirmed their consent by subscribing via a double opt-in email (subscription confirmation email), you can continue to send campaigns as normal.

What tools are in Acumbamail to comply with the GDPR?

Our forms are prepared to comply with the requirements of explicit consent, with a checkbox or box that the user must actively check that he accepts the privacy policy. Also in the form itself you can link to the privacy policy of your company.

  • To add a checkbox to a form, you must first add it as a field in the list where you have the form included. Within the list, click on the Fields tab and add a checkbox/boleaan field.

Then, go back to the form in the list and in step 3 of creating forms you can drag the checkbox field into the form template and modify the text with the editor. You can also make it mandatory to subscribe (for that, double-click, select the pencil icon and check Required to subscribe).

You can add a link to your privacy policy directly in the text editor like this:

  text .

In the same way, our forms have an automatic double opt-in system (which you can configure in the section of Notifications within the list where you have created the form) and our customers have at their disposal tools for querying and downloading personal data.
But not only that: our servers are located in Spain, so there is no international data transfer.
Therefore, from Acumbamail we have made sure that you can continue sending your newsletter without problem, giving you all the facilities to comply with this new regulation.

Does Acumbamail share customer data with third parties?

Acumbamail does not share in any case the data of its clients with third parties. The databases that you upload to Acumbamail will be private and you will be the only one who can make use of them. No commercial communication will ever be sent to your customers and your database will not be shared with any other company.

Should I ask my subscribers for consent to send them campaigns?

Maybe you've consulted with an attorney or searched Google for information and concluded that you need to send a campaign but are you really required by law to submit this type of campaign? Probably not.
In what cases do you not have to send this type of campaign?
  • When the recipients of your campaign are your customers: usually with customers contracts are signed (or accepted) in which it is clear that the personal data they provide you will become part of an electronic file registered with the Data Protection Agency. These customers have given their explicit consent when accepting this contract and, therefore, you can continue to send them emails.
  • When the recipients voluntarily subscribed to your shipments: this case is quite clear, since most subscription systems use a method known as double opt-in (basically an email is sent to verify the address and thus make sure that the person subscriber is the owner of the email address). This acceptance by double opt-in is considered an explicit consent, so any email verified by double opt-in is considered valid to continue sending you campaigns.
  • When a registration is made without email verification but with acceptance of your privacy policy: when someone has accepted your privacy policy, the case is similar to that of an old client, since an acceptance of the clauses between which is the use of personal data for this type of purpose.

In such cases that correspond to the vast majority of subscribers, it is not necessary to send a campaign of consent. Keep in mind that if you send this type of campaign, and more during these days, you're exposed to people not giving you their consent simply because of the gigantic volume of emails out there and you'll lose a large part of your database and business, so try to send it only to people who don't meet those assumptions.

How can I send campaign consent file?

If once you have read the previous section, you still want to send the campaign, in Acumbamail we have prepared a tool that will make it easier for you how to do it. The steps you need to do to do this are as follows:

1. Crea una campaña normal o clásica, selecciona tu lista y elige una plantilla de la categoría "básicas", por ejemplo "Básica notificación" (Recuerda que debes usar el nuevo editor).

2. Al editar la plantilla recuerda que debe ser lo más simple posible. Debe tener un texto explicando el motivo de la notificación, por ejemplo: que si quieren seguir recibiendo tus campañas y para cumplir con el GDPR necesitas que te den de nuevo su consentimiento.

3. Por último, debes meter un botón con el texto "renovar consentimiento", "volver a suscribirse" o el que tu consideres. Al editar el enlace de este botón debes darle a "Enlaces especiales" y a "Renovar consentimiento GDPR".Una vez que envíes tu campaña se creará en tu lista automáticamente un campo con el nombre "GDPR Aceptada" y se marcará a Verdadero para todos los suscriptores que hagan clic en el botón. Además en los suscriptores que hagan clic, se creará otro campo en tu lista con el nombre "GDPR Fecha" en el que se pondrá la fecha exacta en la que hicieron clic en el botón de consentimiento. Con esto ya tendrás el consentimiento mediante una acción afirmativa (pulsar el botón) y lo tendrás almacenado en tu lista de Acumbamail.

renew gdpr consent

renew gdpr consent


Subscribers who press the button will be taken to the "Thank you for subscribing" page, as they really re-subscribe to your notifications. Remember that you can change this page from the Notifications tab within a specific subscriber list. You can learn more about this aspect in Lists.