The complete guide to GDPR email disclaimers

What is GDPR? 

Known as the General Data Protection Regulation (GDPR) 2016/679, this European Union privacy law came into effect on 25 May 2018. Dubbed as one of the most comprehensive data privacy standards to date, GDPR affects any company that processes the personal data of European Union (EU) and European Economic Area (EEA) citizens. This is regardless of where the company is based. This regulation brings order to what was previously a patchwork of various privacy laws enacted by the 27 EU member states. 

The main goals of GDPR are to provide greater privacy rights to individuals, protect personal information, and increase organizational accountability for data breaches. With potential fines of up to four percent of a company’s global revenues or 20 million EUR, GDPR has a lot of power behind it. 

In its first year alone, 144,376 GDRP complaints were made. These were complaints submitted by any person who felt that their privacy had been impacted. One of the biggest fines levied at a company came in January 2019 when Google was landed a 50 million EUR fine by French regulators. This was for not properly telling users how their data was being used for targeted advertising. 

The need for a GDPR email disclaimer 

Unlike other legislation like HIPAA or CASL, GDPR doesn’t have any set rules surrounding the use of disclaimers in emails. Employee emails are considered a business relationship, so are unlikely to breach the law. Having a GDPR email disclaimer can help provide extra reassurance to recipients, building more trust in your brand.  

Your GDPR email signature disclaimer is the perfect location to tell recipients that your company is fully GDPR compliant. By implementing some simple text and adding a link to your privacy policy, you can show recipients the steps your organization has taken to ensure that personal data is processed in accordance with the law. The content of this privacy policy should be written in plain language. This makes it easy for recipients to easily understand how you comply with GDPR. 

At the same time, adding an unsubscribe link to your GDPR email disclaimer makes it easy for a recipient to remove themselves from your mailing lists. As an important aspect of GDPR is consent, companies must provide a simple way for a recipient to opt-out of any corporate communications. This is particularly important if you operate in B2C. 

However, it’s recommended that you don’t add one to every email your company sends such as where there is implied consent. Examples would include: 

• Information or a quote specifically requested by a customer 

• Part of an existing commercial transaction, like warranties, safety information or other customer information like memberships, loans or accounts

• Employment information or benefit plans 

If you add an unsubscribe link to emails of this kind, the recipient could assume they have been subscribed to communications without giving consent. This could then lead to a GDPR violation complaint being levied against you. There’s also a risk that they’ll miss out on important customer information. 

Here are 5 top examples of GDPR email disclaimers. 

Creating your new GDPR email disclaimer 

You can add your GDPR email disclaimer directly into your employees’ email client such as Outlook or Gmail. It’s quick and easy-to-do. However, if you want to ensure everyone in your company is using the same disclaimer text, this becomes more difficult. 

You’re going to have to rely on each user copying and pasting the content into their email client. On the other hand, you may have to ask your IT department to visit everyone’s desk individually. Even after all that, there’s no guarantee people won’t delete the disclaimer or modify the text. 

Instead, many companies opt to “stamp” every email with an appropriate disclaimer. They do this by using Transport Rules in Office 365 (Microsoft 365) and Microsoft Exchange Server or the Append Footer setting in Google Workspace. This means that after someone sends an email, the text is automatically added. 

However, your GDPR email disclaimer will end up stacking at the bottom of message chains, potentially flooding conversations. Inevitably, what seems like a simple task will lead to an increased workflow for your IT personnel. 

Centrally managing GDPR email disclaimers 

So, what’s the best way to easily manage a GDRR email disclaimer without causing your IT department undue stress? 

Email signature software from Exclaimer gives all users the most consistent, professional and legally compliant email disclaimers. That includes emails sent from mobiles, Macs and automated CRM systems. 

• Get total control over GDPR email disclaimers. 

• Automatically place email disclaimers on all outgoing messages. 

• Create specific versions for replies and internal purposes. 

• Make massive cost savings by reducing the load on staff. 

• Apply disclaimer updates instantly with a single click. 

Learn more about Exclaimer or get yourself a free trial today to start centrally managing your GDPR email disclaimers.