GDPR Email Disclaimers: Understanding the Law
Brought to you by Exclaimer
What is GDPR?
Known as the General Data Protection Regulation (GDPR) 2016/679, this European Union privacy law came into effect on 25 May 2018. Dubbed as one of the most comprehensive data privacy standards to date, GDPR affects any company that processes the personal data of European Union (EU) and European Economic Area (EEA) citizens. This is regardless of where the company is based. This regulation essentially brings order to what was previously a patchwork of various privacy laws enacted by the 27 EU member states.
The main goals of GDPR are to provide greater privacy rights to individuals, protect personal information, and increase organizational accountability for data breaches. With potential fines of up to four percent of an company’s global revenues or 20 million EUR, GDPR has a lot of power behind it.
In its first year alone, 144,376 GDRP complaints were made. These were complaints submitted by any person who felt that their privacy had been impacted. One of the biggest fines levied at a company came in January 2019 when Google was landed a 50 million EUR fine by French regulators. This was for not properly telling users how their data was being used for targeted advertising.
The need for a GDPR email disclaimer
Unlike other legislation like HIPAA or CASL, GDPR does not have any set rules surrounding the use of disclaimers in emails. Employee emails are often transactional in nature, implying a business relationship, so won’t fall foul of breaching the law. Also, anyone that signs up to a B2B service automatically opts in to receive email communications due to its business focus. However, having a GDPR email disclaimer can help provide extra reassurance to recipients, building more trust in your brand.
At the same time, adding an unsubscribe link to your GDPR email disclaimer makes it easy for a recipient to remove themselves from your mailing lists. As an important aspect of GDPR is consent, companies must provide a simple way for a recipient to opt-out of any corporate communications. This is particularly important if you operate in the B2C space.
However, it’s recommended that you don’t add one to every email your company sends such as where there is implied consent. Examples would include:
If you add an unsubscribe link to emails of this kind, the recipient could assume they have been subscribed to communications without giving consent. This could then lead to a GDPR violation complaint being levied against you.
Creating your new GDPR email disclaimer
You can add your GDPR email disclaimer directly into your employees’ email client such as Outlook or Gmail. It’s quick and easy-to-do. However, if you want to ensure everyone in your company is using the same disclaimer text, this becomes more difficult.
You’re going to have to rely on each user copying and pasting the content into their email client. On the other hand, you may have to ask your IT department to visit everyone’s desk individually. Even after all that, there’s no guarantee people won’t delete the disclaimer or modify the text.
Instead, many companies opt to “stamp” every email with an appropriate disclaimer. They do this by using Transport Rules in Office 365 (now Microsoft 365) and Microsoft Exchange Server or the Append Footer setting in G Suite (now Google Workspace). This action occurs after someone sends an email, so the text is automatically added.
However, your GDPR email disclaimer will end up stacking at the bottom of message chains, potentially flooding conversations. Inevitably, what seems like a simple task will lead to an increased workflow for your IT personnel.
Centrally managing GDPR email disclaimers
So, what’s the best way to easily manage a GDRR email disclaimer without causing your IT department undue stress?
Email signature software from Exclaimer ensures all users the most consistent, professional and legally compliant email disclaimers. That includes emails sent from mobiles, Macs and automated CRM systems.