Sending newsletters by GDPR. Is an opt-out option enough?

Sending newsletters by GDPR. Is an opt-out option enough?

Sending newsletters by GDPR. Is an opt-out option enough?

The GDPR Regulation covers almost every area. This is not the case when sending newsletters to customers. If you have e-commerce, read carefully what you should be aware of when collecting personal information.

Important to know: we cannot just send a newsletter to someone who does not expressly agree with it. If the customer gives their consent (for example by ticking the checkbox), we can send them a newsletter if they do not change their preferences.

According to the opinion of the Office for Personal Data Protection in the Czech Republic, however, there is no need for active consent of customers to the processing of personal data for the purpose of sending a newsletter. This is an opt-out principle, which means that the customer has the opportunity to refuse an unwanted service. The question remains, however, to what step of purchasing it is best to implement the opt-out option.

How to enable opt-out option?

E-commerce can meet GDPR requirements, for example, in terms of business conditions or in the final confirmation of an order where the customer can check the box that they do not wish to receive business notifications. In its statement, the Office for Personal Data Protection proposes to implement a check box within the e-shop through which the customer could refuse to consent to the processing of personal data for direct marketing purposes. Placing such a checkbox in your shopping cart before placing your order is probably the most conservative solution a merchant can apply. However, for e-commerce, such an approach could have a relatively negative impact.


For example, a refusal to send business information could include an order confirmation email. This would allow the customer to exercise their right before the first commercial notice is sent. At the same time, the merchant wouldn't need to add another box to the shopping cart. Another alternative may be to place the interactive link directly into the terms and conditions.

I do not agree with processing

If e-commerce chooses to place such a checkbox in a shopping cart, for example, its wording may read: "I do not agree with the processing of personal data for sending the newsletter." The possibility of refusing to receive newsletters must be simple and available at the time of the order. As far as newsletters are concerned, it is of course still prohibited to disseminate commercial announcements that are not clearly and expressly marked as commercial announcements that hide or conceal the identity of the sender on whose behalf the communication takes place and which would be sent without a valid address, to which such sending may be refused directly and effectively.

What you can and can't do

Even after the introduction of GDPR, you will still be able to offer new customers benefits if they give you permission to be included in the mail database. Some of these benefits are modified as follows:

  • E-books in exchange for e-mail - if you offer to download e-books in exchange for e-mail, it is not and will never be an automatic consent to receive newsletters,
  • Content for consent only - Allowing readers to view an article or watch a video only if the reader / viewer agrees to the e-mail is no longer valid. You can still offer the newsletter in text or video, but the text or video must be accessible without providing it,
  • First purchase discount - If you offer new customers a discount on their first purchase for an email, you won't be affected by GDPR - this is still allowed to do,
  • Free e-mail pricing - GDPR distinguishes between agreeing to receive an analysis or calculation and agreeing to receive newsletters. Everyone must have separate approval. Just sending a proposal or analysis to someone doesn't mean you can also send newsletters to this email,
  • Competition - as in the previous case, the consent to informing about any winnings does not equal the consent to the subsequent sending of e-mails. Here, you need two consents too.

Contact form

Preparation of Security Documentation in terms of GDPR from 139€ with insurance., s.r.o. Námestie osloboditeľov 3/A,
040 01 Košice

Non-binding free quote

from € 139 with insurance

We have provided services
to more than
11 500 clients

Free quote

Questions and answers

Dear client, if you have not found
what you are looking for, do not hesitate
to contact us.

To contact