The General Data Protection Regulation (GDPR) compliance is a must for businesses doing email marketing in the European Union (EU) or targeting customers in the region. According to the legislation, you must get consent to send your campaigns.

If you’ve invested time and effort to grow your list of verified subscribers, then ensure that your campaign is in line with the regulation. To do that, you need the approval of your subscribers.

In this post, we will share tips on how to write a GDPR consent email — the message asking your subscribers to provide their consent to receive your emails. 

What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is a regulation in the EU privacy law that regulates data protection and privacy within the European Union and the European Economic Area (EEA). It also regulates the transfer of personal data outside of the EU. 

In terms of email marketing, the GDPR governs the collection and processing of personal data of email users within the EU. It requires businesses to update customer data management and usage for marketing purposes.

What can help you understand GDPR even better is its principles. GDPR embodies the following seven principles: 

  1. Lawfulness, fairness, and transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality (security)
  7. Accountability

67% of EU residents have expressed doubt and concern about not having complete control over the information they provide online. With a GDPR compliance email, you can clear their doubts by providing the necessary information about the use of their personal data. 

To inform your email subscribers about GDPR compliance, you need to create a custom email. It must be straightforward, transparent, and informative. 

How to Write a GDPR Consent Email

Under the GDPR, consent is defined as: “Freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

To obtain consent from your subscribers, you need to thoughtfully create an informative consent email. Consider the following tips for creating a GDPR consent email. 

Is your website cookie compliant with GDPR or CCPA? Get CookieYes cookie consent solution for your website and effectively manage consent and third-party script blocking for GDPR and CCPA. Try for free!

1. Explain the Purpose of the Email

Write a quick introduction to clarify why you are getting in touch. Subscribers will be more interested in reading the email if you explain why their consent is essential and relevant.

To get their attention, personalizing the email will help. For example, WhatCounts refers to the subscriber by name in the consent email.

Starting the email with the subscriber’s name will draw them in. The email will seem more personal than a generic announcement.

As you can see in the WhatCount’s consent email, you should also mention the choices that are available for recipients. They need to be aware that they are in control of their data. 

2. Clearly Describe Data Uses

The purpose of the GDPR is to give people an insight into how their data is being used. With that in mind, the consent email needs to directly and explicitly share how the subscribers’ data will be used. 

Explain how your business collects and processes customer data and for what purposes. The information you need to share is:

  • The data you process
  • How you process the data
  • How you protect the subscribers’ data
  • Why you process the data (e.g., for market analysis)
  • If there is any third-party involvement
  • The subscriber’s rights regarding their data
  • How you handle requests and complaints related to their rights

Here is an example to help keep the text concise and easy to understand.

Our company is compliant with the General Data Protection Regulation (GDPR). To learn more about how we collect, keep, manage, and process your personal data in compliance with GDPR, please view our privacy policy.

Bear in mind that besides describing data uses, you must provide a link to the privacy policy that explains all the points you listed in the consent email. Just like this:

PwC GDPR consent email

3. Reassure that Customer Data will be Safe

Take this opportunity to write a brief section stating that you plan to stay committed to sending only relevant content and preserving customer data.

Let the subscribers know that you have no intention of taking advantage or misusing any of their personal information. You can state this within a concise sentence or two. Here’s how South Western Railway does it:

south western railways gdpr email

Reading about the use of their personal data can make some subscribers uncertain about receiving newsletters. That’s why assuring them that “the security of your data is our priority,” as South Western Railway expressed, can make them less hesitant. 

If you cannot manage to put your reassurance into well-crafted words, take some time to browse free samples at Subjecto and study examples of how similar policies are usually written.

4. Give the Links to Relevant Policies

Gone are the days of pre-ticked consent forms and boxes. Now, you must link to your new GDPR-compliant data management policy and related customer support articles.

Here’s an example by Scosche:

scosche gdpr email

A Privacy Policy details the different ways in which your website collects, discloses, manages, and uses the person’s data. Therefore, a link to your privacy policy can give the users access to all relevant information.

Read how to create a privacy policy for your website for GDPR compliance here.

If third-party providers are involved in your email marketing or newsletter management process, you should also provide a link to their privacy policy. 

5. End with a CTA to Update Preferences

The consent email should end with a call-to-action (CTA) button. The CTA needs to invite users to take the next step and continue receiving emails from your company. 

Write a couple of sentences to encourage subscribers to update their preferences. However, do not forget to mention that opting out requires some action, too.

ASOS’ compliance email is the perfect example of how you can make this section organized and enticing. 

repermissioning emails

ASOS provided three CTA buttons for different choices. Besides, they motivated the subscribers to opt-in by showing what they’ll be receiving. 

6. Adapt Your Writing Style

Express all the information in a simple and understandable form. Even though this is an informative email, the language doesn’t need to be overly formal. 

Try to write in a comprehensible, professional, and concise manner. The following compliance email by The Little Green Sheep provides a great example:

little green sheep optin

The email is short, jumps straight to the point, and matches the brand’s style with a friendly writing style and tone.  

Final Thoughts

The GDPR email for user consent presents the crossroads when subscribers decide whether they consent to your company using their data or not. You want this informative email to be digestible, simple, and direct. 

If you manage to create such content, you’ll be able to continue to win over new customers with compelling emails. Therefore, take your time to craft an email consent that your subscribers will be more than happy to say yes to.

Disclaimer: This blog post is for information purposes only and it does not intend to be a substitute for legal advice. Therefore, for any legal assistance, please seek the help of an attorney.