top of page
  • Guest Writer

294 Billion Emails Created Daily

Would this figure be higher if we didn’t have GDPR or data protection rules to follow?

Most marketers and business owners consider GDPR when they’re planning to grow their email marketing list. But PECR – the Privacy Electronic Communication Regulation – is vitally important too.

A useful starting point requires demonstrating compliance with the following data protection principles:

  1. Decide on the justification for your marketing. Most businesses rely on consent or legitimate interest. Pre-ticked opt-in boxes are banned under the GDPR. The option to opt-out must always be offered.

  2. Periodically review and update the data you hold for direct marketing purposes. You need to remember that if you are relying on consent to send direct marketing that consent does not last forever.

  3. If you no longer need the personal data for direct marketing purposes, you must erase (delete) or anonymize it.

  4. You must complete a GDPR risk assessment if you intend to target children, young people, or other vulnerable people for direct marketing purposes. There are other marketing activities that require a GDPR risk assessment too.

  5. You must meet the transparency requirements of the GDPR and provide people with a privacy notice which tells them that you want to use their data for direct marketing.

  6. You must carry out appropriate due diligence when you buy, rent or license direct marketing lists.

  7. You act must swiftly, promptly, and efficiently when individuals exercise their rights. As well as the right to be informed, the rights to objection, rectification, erasure and access are the most likely to be relevant in the direct marketing context.

  8. Maintain a direct marketing suppression list of people who have told you that they do not want to receive direct marketing from you.

  9. The GDPR still applies to B2B marketing if you are processing personal data. It is the PECR rules that may be different for B2B (when compared to contacting individuals).

Email addresses and personal data are your most valuable marketing assets. Understanding all the data protection rules can feel challenging and knowing the difference between GDPR and PECR takes time.

If this topic is still causing you confusion, do get in touch:

A note from MoJo: Christina Tueje, a GDPR consultant from GRC Information Management Solutions (, has provided us with our first guest blog, talking about the essentials of GDPR for both business and consumer data. She is an award-winning GDPR and data protection specialist and is definitely worth connecting with for your business's GDPR needs.


bottom of page