Successful Newsletter Marketing in compliance with the GDPR

newsletter marketing gdpr
Author: Haydar Yuece // 9min

Sending newsletters is a well-established marketing tool in e-commerce and has almost become a bedrock. Despite the increasing popularity of Instagram, YouTube and the like, newsletters are here to stay. No wonder, sending newsletters is an ideal way to inform potential new and existing customers about promotions, innovations and the latest news in an uncomplicated and fast way. Regular contact with a personalised newsletter strengthens loyalty, creates trust and lays the foundation for more sustainable sales.

Since 25 May 2018, however, there have been some legal stumbling blocks in email marketing. On this day, the GDPR came into force and made the GDPR-compliant newsletter indispensable. But what does this mean and what is important for a legally compliant GDPR newsletter? One thing in advance: GDPR-compliant newsletter marketing is easier than it may look.

What are the Advantages of Newsletter Marketing?

Before we get into the creation of a GDPR-compliant newsletter, the question arises as to why one should bother at all. After all, there are a whole lot of other and new marketing tools. That’s true, and they are all important. But email marketing is still the most widely used and efficient communication tool in marketing strategy today, and it still holds enormous potential. This is also the reason why around 95% of the 1000 online shops with the highest turnover in Germany use newsletter or email marketing.

gdpr newsletter

Customer Acquisition and Customer Retention

Sending a (GDPR-compliant) newsletter is not only a cost-effective way of direct marketing, but also serves equally as a sales channel and customer retention tool.

According to statistics, around 50% have subscribed to a newsletter to be informed about new products and 46% to receive special offers. A full 38% are happy to receive a newsletter because they regularly shop at the brand.

newsletter gdpr compliance

Targeting and Personalisation

Newsletters also do well when it comes to targeting and personalisation. Recipient lists, which are nowadays built up in a GDPR-compliant manner, allow for a tailor-made segmentation of the recipients. This ensures that the recipients are always addressed for whom one of the newsletters is really relevant.

The same applies to a variety of personalisation options such as salutation and subject. This not only minimises wastage, but also increases the click and open rates. Which brings us directly to another advantage: the measurability of newsletters. The success can be measured with the help of various tools and thus offers the possibility of constant optimisation. In addition, the effort required has become significantly less thanks to email automation. Some popular tools include Sendinblue, MailChimp, CleverReach and rapidmail.

Confidence Boost thanks to GDPR

Looking closer, the GDPR has even become an advantage for newsletters. Due to the legal certainty that must be guaranteed with it, visitors and customers have gained more trust in the newsletter. In addition, the proportion of qualitative newsletter leads is increasing. This is made possible by the explicit consent via double opt-in registration form and the option to always be able to unsubscribe independently. Let’s take a closer look at a GDPR-compliant newsletter below.

Why is the GDPR relevant for the Newsletter?

The purpose of the GDPR is to protect personal data. In order to lay the foundation for sending newsletters, customer data must be saved. This includes at least the email address. Such data is subject to protection, which can only be guaranteed if the newsletter complies with the guidelines of the GDPR.


There are three different types of GDPR-compliant newsletters that are generally permitted:

1. Emails with consent to the newsletter according to GDPR
2. Newsletters without consent according to GDPR to up to 50 recipients without direct advertising.
3. Emails that meet certain requirements and can then also be sent without consent.


While you are on the safe side with the correctly structured consent to the newsletter according to the GDPR, emails without consent according to the GDPR that reach several recipients can be critical, because legal conformity is usually a matter of interpretation. It is therefore always advisable to obtain consent.

What does a GDPR-compliant Newsletter Marketing consist of?

A GDPR-compliant newsletter starts with the contents of the registration form, continues with consent via the double opt-in procedure and ends with protocolling and the unsubscribe procedure. The end result is a GDPR-compliant mailing list.

1. How is the Registration form for a GDPR-compliant Newsletter structured?

A visitor enters the website and wants to subscribe to the newsletter. Since May 2018, a registration form has been available for this purpose, which must have the following content according to legal guidelines:


  • Name and contact details of the data controller
  • Name of the data protection officer
  • Name of external companies that have access to the data
  • Purpose of the personal data
  • Legal basis for the data processing
  • Period of storage of the data or corresponding criteria
  • Information on rights such as revocation
  • Link to the data protection regulations with mandatory checkbox to be actively clicked on


In principle, all general personal data can be requested, including name, birthday and e-mail address. However, the following applies: Only such personal data may be requested that is necessary for the performance of the services. In the case of the GDPR newsletter, therefore, only the e-mail address field may be a mandatory field.

The checkboxes such as confirmation of consent to data collection must not be preselected. At the same time, it is not permitted to link the activation of checkboxes to conditions. It is therefore forbidden to force registration for the newsletter in order to receive a freebie.

2. What does the consent for the GDPR-compliant Newsletter look like?

The double opt-in procedure is the only legally compliant method to generate registrations for newsletter distribution. Once the interested party has entered their data and activated the checkbox, they receive an email with a confirmation link. By clicking on this link, the interested party expressly authorises the company to store and use his or her data for the purpose of sending newsletters. If this consent is not given, the personal data must be deleted immediately. Important for the confirmation e-mail: it must not have any advertising character.

It is also important to record this consent. This is especially important for possible warnings. Unfortunately, it remains unclear how the proof of consent is to be provided. We recommend making sure that the time stamp (date and time) and the IP data of the entry are logged and stored. Should an emergency arise, presenting the requirements of the duty of proof may suffice.

Likewise, every recipient must have the possibility to unsubscribe from the newsletter at any time. For this purpose, a link is usually implemented at the end of each email that enables unsubscribing from the mailing.

3. How to proceed with existing Email Addresses?

Subject to the aforementioned conditions of consent, the data can now be used within the scope of the newsletter dispatch. These are collected in GDPR-compliant newsletter lists. Many companies are faced with the question of how to proceed with email contacts that were collected before the GDPR. These do not necessarily have to be deleted. It is important to check whether they meet the criteria for e-mails without consent described in the next section.

4. Is it possible to send a GDPR-compliant Newsletter without the Recipient’s consent?

It is possible, if certain requirements are met, to send newsletter emails without consent. The following criteria must be met:


  • The email address was collected in the context of a purchase or booking of a service.
  • At the time of collection, there was an option to opt out at any time without incurring any costs
  • The advertising is for the marketing of the customer’s own similar goods or services.
  • The customer has not expressly objected to the use of the data


If the aforementioned points are not given for existing e-mail addresses or if one is unsure, consent must be obtained or the data deleted.

How does uptain help with the GDPR-compliant Acquisition of Newsletter Subscribers?

With newsletter popups, shop operators offer their visitors the possibility of GDPR-compliant registration for newsletters. The resulting legally compliant e-mail lists are then used by online merchants to send out newsletters.

The big advantage of newsletter pop-ups: they are UX-friendly and do not interfere with the buying process. As a result, they do not alienate customers. At the same time, an individual incentive is played to each visitor, which increases the chance of registration many times over.

In the blog post How Online Shops successfully generate Newsletter Subscribers you can find more information about individual incentives.

Since email addresses, as the core of newsletter marketing, count as personal data in the sense of the General Data Protection Regulation, the GDPR also applies in the case of newsletters. With tools like uptain, you gain quality newsletter subscribers without interrupting the buying process.

  • GDPR: What to consider for Abandoned Cart Emails

    You want to reactivate shopping cart abandoners with the help of emails and are wondering which legal regulations take effects here? Since email addresses fall under personal data, the GDPR also plays a key role in shopping cart abandonment emails. We will show you exactly what GDPR compliant solutions for mailings after shopping cart abandonments look like.

    To the Blog Post
  • How Online Shops successfully generate Newsletter Subscribers

    Convert unknown visitors into known newsletter subscribers and ultimately paying customers: The acquisition of qualitative newsletter subscribers is a profitable business for online shops, because newsletters are ideal for convincing undecided visitors to buy from your online shop in the long term. We show you how to generate these valuable subscribers.

    To the Blog Post
  • Abandoned Cart Emails: Examples & Templates

    The Email after a Shopping Cart Abandonment is an effective way for online merchants to reduce the abandonment rate and build strong customer loyalty at the same time. But for good reason, many online merchants have unanswered questions regarding the structure, content and layout of the Emails. Find out how successful Abandoned Cart Emails look like!

    To the Blog Post