GDPR-Compliant Email Disclaimers
What is GDPR?
Known as the General Data Protection Regulation (EU) 2016/679, this European Union privacy law came into effect on 25 May 2018. Dubbed as one of the most comprehensive data privacy standards to date, GDPR affects any company that processes the personal data of European Union (EU) and European Economic Area (EEA) citizens, regardless of where the company is based. This regulation essentially brings order to what was previously a patchwork of various privacy laws enacted by the 28 EU member states.
The main goals of GDPR are to provide greater privacy rights to individuals and increase organizational accountability for data breaches. With potential fines of up to four percent of an organization’s global revenues or 20 million EUR, GDPR has a lot of power behind it. In its first year alone, 144,376 GDRP complaints were made: complaints that were submitted by any person who felt that their privacy had been impacted. One of the biggest fines levied at a company came in January 2019 when Google was landed a 50 million EUR fine by French regulators. This was for not properly telling users how their data was being used for targeted advertising.
The need for a GDPR-compliant email disclaimer
Unlike other legislation like HIPAA or CASL, GDPR does not have any set rules surrounding the use of disclaimers in emails. Employee emails are often transactional in nature, implying a business relationship, so won’t fall foul of breaching the law. Also, anyone that signs up to a B2B service automatically opts in to receive email communications due to its business focus. However, having a GDPR-compliant email disclaimer can help provide extra reassurances to recipients, building more trust in your brand.
At the same time, adding an unsubscribe link to your email disclaimer makes it easy for a recipient to remove themselves from your mailing lists. As an important aspect of GDPR is consent, companies must provide a simple way for a recipient to opt-out of any corporate communications, especially if you operate in the B2C space.
However, it’s recommended that you don’t add one to every email your company sends such as where there is implied consent. Examples would include:
- Information or a quote specifically requested by a customer.
- Part of an existing commercial transaction i.e. warranties, safety information or other factual information about memberships, loans, accounts etc.
- Employment information or benefit plans.
If you add an unsubscribe link to emails of this kind, the recipient could assume they have been subscribed to communications without giving consent. This could then lead to a GDPR violation complaint being levied against you.
The top 5 examples of GDPR-compliant email disclaimers
Creating your new GDPR-compliant email disclaimer
You can add your email disclaimer directly into your employees’ email client such as Outlook or Gmail. It’s quick and easy-to-do. However, if you want to ensure everyone in your company is using the same disclaimer text, you’re going to have to rely on each user copying and pasting the content into their email client or asking your IT department to visit everyone’s desk individually. Even after all that, there’s no guarantee people won’t delete the disclaimer or modify the text.
Instead, many companies opt to “stamp” every email with an appropriate disclaimer using Transport Rules in Office 365 and Microsoft Exchange Server or the Append Footer setting in G Suite. This action occurs after someone sends an email, so the text is automatically added. However, disclaimers will end up stacking at the bottom of email chains, potentially flooding conversations. Inevitably, what seems like a simple task will lead to an increased workflow for your IT personnel; something they won’t thank you for!
So, what’s the best way to easily manage a GDRR-compliant email disclaimer without causing your IT department undue stress?
Exclaimer solutions ensure all users the most consistent, professional and legally compliant email disclaimers, whether it be for Office 365, G Suite or Microsoft Exchange. That includes emails sent from mobiles, Macs and automated CRM systems.
- Get total control over GDPR-compliant email disclaimers.
- Automatically place email disclaimers on all outgoing messages.
- Create specific versions for replies and internal purposes.
- Make massive cost savings by reducing the load on staff.
- Apply disclaimer updates instantly with a single click.