Email marketing when your consent is not up to GDPR standards

                        legal updates
                    
                        So if you collected details from existing customers and had an opt out option, this marketing can continue under GDPR.

Author: Nona Bowkis
Published: February 6, 2018
Reading time: 4 minutes

This article is 8 years old.

Read our disclaimer

This website content is intended as a general guide to law as it applies to the motor trade. Lawgistics has taken every effort to ensure that the contents are as accurate and up to date as at the date of first publication.

The laws and opinions expressed within this website may be varied as the law develops. As such we cannot accept liability for or the consequence of, any change of law, or official guidelines since publication or any misuse of the information provided.

The opinions in this website are based upon the experience of the authors and it must be recognised that only the courts and recognised tribunals can interpret the law with authority.

Examples given within the website are based on the experience of the authors and centre upon issues that commonly give rise to disputes. Each situation in practice will be different and may comprise several points commented upon.

If you have any doubt about the correct legal position you should seek further legal advice from Lawgistics or a suitably qualified solicitor. We cannot accept liability for your failure to take professional advice where it should reasonably be sought by a prudent person.

All characters are fictitious and should not be taken as referring to any person living or dead.

Use of this website shall be considered acceptance of the terms of the disclaimer presented above.

We are advising our members on the standard they must achieve if they wish to rely on consent as their lawful basis for utilising personal data for direct marketing purposes.

Direct marketing being defined in the current Data Protection Act as “the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals”.

As a reminder Article 6 of the GDPR sets out 6 lawful bases for processing personal data:

1. Consent

2. Necessary for a contract with the individual

3. Necessary for compliance of a legal obligation

4. Necessary to protect interest of the data subject or another natural person

5. Necessary for a public interest task or official duty

6. Necessary for legitimate interests of the controller or a third party.

While consent may seem the obvious basis for marketing activity, your pre-existing marketing databases may not meet the GDPR standard and so unless you want to do a Wetherspoons and scrap your entire marketing database, you will need to see if another base can apply. This is where ‘legitimate interests’ can come to your aid.

Automotive ComplianceWE TALK YOUR LANGUAGE, WE KNOW YOUR BUSINESS

Need help with keeping on track with FCA Regulation and Compliance? Partner with Automotive Compliance

Read more Sponsored content

We suspect ‘legitimate interest’ will be well used. The ICO will no doubt be making sure it is not overused. So what will work?

Recital 47 of the GDPR specifically states that “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”. This is good news and could mean we can send out marketing under the lawful basis of legitimate interest. However, we need to balance this against the requirements of the Privacy and Electronic Communications Regulations (PECR) which deals with electronic
marketing.

PECR Regulation 22 requires that a company needs consent to send a marketing email unless;

a) the recipient is an existing customer or potential customer who has previously made an enquiry for a product or service

b) the direct marketing is in respect to similar products and services only; and

c) the recipient has been given a simple means of refusing (free of charge except for the costs of the transmission of the refusal) the use of his contact details for the purposes of such direct marketing, at the time that the details were initially collected, and at the time of each subsequent communication.

So companies will need to meet the GDPR criteria for consent to marketing unless it meets the above PECR criteria which is known as the ‘soft opt-in’ rule. The ‘soft op in’ means you can send marketing to your existing customers about similar products as long as you offered them the opportunity to opt-out when you first collected their details and you offer them to same opt-out opportunity in every subsequent marketing communication.

So if you collected details from existing customers and had an opt out option, this marketing can continue under GDPR (using legitimate interest as the basis). But, you must comply with Article 21 of GDPR which gives customers the ‘right to object’ at any point.

So, if you are a service and repair garage and you email existing customers prior to the anniversary of their car service to give them details of prices, then as long as you gave them the opportunity to opt-out when you took their details and state clearly in the email that they can opt-out at any time, you will be fine to continue emailing them every year. The same will apply if you send those customers details of similar services such as winter checks or MOT deals. Your GDPR lawful basis for processing is then legitimate interests (not consent as there is no opt-in, only an opt-out).

However, if you haven’t been following the law in regard to email marketing already, then you are likely to need to start again and get consent when the customer first makes contact.

Nona BowkisHead of Legal Services / SolicitorRead More by this author

Related Legal Updates

Motor Traders have protection under s.27 of the Hire Purchase Act

Told that s.27 offers Motor Traders no protection at all? Not so. A private purchaser’s good title can flow through the chain to protect dealers, and we map out when it does and when it doesn’t.

Proving the ‘chain of custody’ can be a challenge

Conflicting interests on a used car can turn a simple purchase into a legal minefield. Here’s how to evidence the chain, challenge a finance claim, and spot the red flags before you hand over the cash.

Sale or Return: Why “Private Sale” won’t save you from Consumer Rights Act responsibilities

Dealers using Sale or Return cannot hide behind “private sale” labels unless the agency position is made crystal clear from the advert onward. Miss that step and you risk CRA 2015 claims and a DMCCA 2024 breach.

WhatsApp chats can seal the deal. Here’s why that matters for distance sales

A 2025 High Court case confirmed that a short WhatsApp exchange can form a binding contract. Here is what that means for distance sales in motor retail, including why collection from your site does not change the status of the deal.

Rejected flexible working request: £30,000 injury to feelings award!

An employee lost her flexible working arrangements and walked away with a £30,000 injury-to-feelings award. See how inconsistent WFH decisions triggered the payout.

From Day-One Rights to Six-Month Deadlines: Your Quick-Fire Guide to the Employment Rights Bill

Sweeping reforms are on the way for UK employers. Here’s your month-by-month cheat sheet to make sure you’re ready—before employees start asking the tough questions.

30 Days to Hand the Keys Back: How the Short-Term Right to Reject Really Works

Think a new fault lets buyers walk away, no questions asked? Not quite. Discover why the burden of proof is on the consumer, and how dealers can stay one step ahead.

Get in touch

Complete the form to get in touch or via our details below:

Phone

01480 455500

Address

Vinpenta House
High Causeway
Whittlesey
Peterborough
PE7 1AE

Connect With Us

By submitting this quote you agree to our Terms & Conditions and Privacy & Cookies Policy.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.