Skip to content

GDPR Email Disclaimers: Understanding the Law

Brought to you by Exclaimer

GDPR - General Data Protection Regulation

What is GDPR?

Known as the General Data Protection Regulation (GDPR) 2016/679, this European Union privacy law came into effect on 25 May 2018. Dubbed as one of the most comprehensive data privacy standards to date, GDPR affects any company that processes the personal data of European Union (EU) and European Economic Area (EEA) citizens. This is regardless of where the company is based. This regulation essentially brings order to what was previously a patchwork of various privacy laws enacted by the 27 EU member states.

The main goals of GDPR are to provide greater privacy rights to individuals, protect personal information, and increase organizational accountability for data breaches. With potential fines of up to four percent of an company’s global revenues or 20 million EUR, GDPR has a lot of power behind it.

In its first year alone, 144,376 GDRP complaints were made. These were complaints submitted by any person who felt that their privacy had been impacted. One of the biggest fines levied at a company came in January 2019 when Google was landed a 50 million EUR fine by French regulators. This was for not properly telling users how their data was being used for targeted advertising.

The need for a GDPR email disclaimer

Unlike other legislation like HIPAA or CASL, GDPR does not have any set rules surrounding the use of disclaimers in emails. Employee emails are often transactional in nature, implying a business relationship, so won’t fall foul of breaching the law. Also, anyone that signs up to a B2B service automatically opts in to receive email communications due to its business focus. However, having a GDPR email disclaimer can help provide extra reassurance to recipients, building more trust in your brand.

Your GDPR email signature disclaimer is the perfect location to tell recipients that your company has reached full GDPR compliance. By implementing some simple text and adding a link to your privacy policy, you can show recipients the steps your organization has taken to ensure that personal data is processed in accordance with the law. The content of this privacy policy should be in written in plain language. This makes it easy for recipients to easily understand how you comply with GDPR.

A GDPR email disclaimer

At the same time, adding an unsubscribe link to your GDPR email disclaimer makes it easy for a recipient to remove themselves from your mailing lists. As an important aspect of GDPR is consent, companies must provide a simple way for a recipient to opt-out of any corporate communications. This is particularly important if you operate in the B2C space.

However, it’s recommended that you don’t add one to every email your company sends such as where there is implied consent. Examples would include:

  • Information or a quote specifically requested by a customer
  • Part of an existing commercial transaction, i.e. warranties, safety information or other factual information about memberships, loans, accounts etc.
  • Employment information or benefit plans

If you add an unsubscribe link to emails of this kind, the recipient could assume they have been subscribed to communications without giving consent. This could then lead to a GDPR violation complaint being levied against you.

The top 5 examples of GDPR email disclaimers

Creating your new GDPR email disclaimer

You can add your GDPR email disclaimer directly into your employees’ email client such as Outlook or Gmail. It’s quick and easy-to-do. However, if you want to ensure everyone in your company is using the same disclaimer text, this becomes more difficult.

You’re going to have to rely on each user copying and pasting the content into their email client. On the other hand, you may have to ask your IT department to visit everyone’s desk individually. Even after all that, there’s no guarantee people won’t delete the disclaimer or modify the text.

Instead, many companies opt to “stamp” every email with an appropriate disclaimer. They do this by using Transport Rules in Office 365 (now Microsoft 365) and Microsoft Exchange Server or the Append Footer setting in G Suite (now Google Workspace). This action occurs after someone sends an email, so the text is automatically added.

However, your GDPR email disclaimer will end up stacking at the bottom of message chains, potentially flooding conversations. Inevitably, what seems like a simple task will lead to an increased workflow for your IT personnel.

Centrally managing GDPR email disclaimers

So, what’s the best way to easily manage a GDRR email disclaimer without causing your IT department undue stress?

Email signature software from Exclaimer ensures all users the most consistent, professional and legally compliant email disclaimers. That includes emails sent from mobiles, Macs and automated CRM systems.

  • Get total control over GDPR email disclaimers.
  • Automatically place email disclaimers on all outgoing messages.
  • Create specific versions for replies and internal purposes.
  • Make massive cost savings by reducing the load on staff.
  • Apply disclaimer updates instantly with a single click.

Try for free today Your new email signature experience
is just a few clicks away