Sending a newsletter is part of email marketing. Email marketing means that you send a commercial email to a large number of contacts at regular intervals. However, these contacts must have explicitly agreed to receive the newsletter.
In the following article, we will explain which prerequisites there are for a newsletter that complies with data protection, how you can design a newsletter that complies with DSGVO and why the General Data Protection Regulation is so important for a newsletter in the first place.
What are the requirements for a DSGVO-compliant newsletter?
According to Art. 5, section c) of the General Data Protection Regulation, data minimization applies to data collection. This means that only the personal data necessary for sending the newsletter may be requested during registration.
Since the newsletter is usually sent by e-mail, only the recipient's e-mail address is required. If the newsletter is to be sent in a personalized form, the name may also be requested in these cases.
Data storage on a server within the EU
The General Data Protection Regulation only allows personal data to be stored in countries where a sufficient level of data protection is guaranteed. In addition to the member states of the EU, there are a number of countries with an adequacy decision, such as Canada or Switzerland. Accordingly, storage in the USA, Russia or China is not permitted.
If you want to send out a newsletter, you should make sure beforehand that the data collection happens exclusively with a legal basis and that you obtain the consent of the users about receiving the newsletter.
The best way to prove consent is to use the double opt-in procedure. Double opt-in means that after successful newsletter registration, an e-mail is automatically sent to the recipient, who must confirm one more time that he or she agrees to receive the newsletter.
Likewise, you must inform the recipients of your newsletter about the rights to cancel the subscription and the possibility to revoke the storage.
Conclude AV contract with tool provider
If you use a tool for sending newsletters, you should make sure that the provider is based in the area of application of the General Data Protection Regulation and also complies with it. If this is the case, you conclude a commission processing contract with this provider in accordance with Art. 28, Section 3 DSGVO.
This contract specifies the scope and nature of the data processed, the obligations and rights of the controller, and the nature and purpose of the processing.
Include unsubscribe link in every email.
In each newsletter sent by email, there must be a link that allows the recipient to unsubscribe from the newsletter. If the user has chosen to unsubscribe, you are obligated to immediately delete all personal data that you have stored from this user. Of course, this also applies to the tool provider.
How do I make a newsletter compliant with the DSGVO?
You can make a newsletter compliant with the DSGVO by primarily using tools for sending newsletters that are based in the area of application of the General Data Protection Regulation - in other words, they must be compliant with the DSGVO. You are obliged to conclude an AV contract with the provider.
DSGVO compliant tools for the newsletter
In addition to being based in Germany, rapidmail is particularly characterized by its ease of use and beginner-friendliness. Via drag-and-drop and with a variety of template suggestions, even beginners can find their way around rapidmail right from the start.
CleverReach is based in Germany and is a clearly laid out software that allows you to create your newsletter email. Thanks to the large selection of templates, creating newsletters is made even easier. With up to 1,000 emails per month, CleverReach is even free.
The German software Sendinblue allows you to personalize your newsletter email in an easy and individual way. The tool is kept very modern and attaches great importance to data protection and DSGVO compliance. This has been confirmed by TÜV Rheinland.
Klicktipp is also a German newsletter software and helps you create a modern and intuitive newsletter email professionally. In doing so, Klicktipp relies on artificial intelligence. Klicktipp is 100% responsive and 100% privacy compliant.
No matter which software you choose: remember to sign an AV contract with the tool provider in order to comply with the General Data Protection Regulation here as well and to legally carry out the process of data collection, transfer and storage.
How do you ensure that the newsletter subscription is compliant with the DSGVO?
Fields to fill in
The fields you put in your subscription form will be filled in later by your visitors. Here, as mentioned above, you must make sure that you only ask for the personal data that is important for sending an email. Only the e-mail address is necessary for this.
Thus, only the field for the e-mail address should be marked as mandatory. Of course, you may also provide other fields to fill in. However, this may only be voluntary information on the part of the recipient.
Note on cancellation
Expand the registration form with a sentence stating that users can unsubscribe from the newsletter at any time if they no longer wish to receive it. To do this, add a link to each newsletter email that allows subscription to the newsletter.
If a recipient of the newsletter has cancelled the subscription, you are obliged to delete their personal data (Art. 17 DSGVO).
Frequency of the newsletter
It is best to write directly in the registration form how often the newsletter will appear in users' email inboxes. The most important thing at this point is that you stick to this indication of frequency and do not send more or fewer newsletter emails than promised.
Information about the exact content of the newsletter
If potential recipients of your newsletter learn what to expect in the newsletter directly when they sign up, they are more likely to actually subscribe to your newsletter.
Again, only send a newsletter with the content you promise subscribers in the sign-up form.
Extend by checkbox for further purposes of use
If you would also like to use the subscriber's e-mail address, for example, to send them discount codes or promotional e-mails, you will need explicit consent for this. At this point, for example, set additional checkboxes that users can click to receive the preferred email.
Why is the DSGVO important when creating newsletters?
When creating newsletters, the DSGVO is important because personal data is required for email marketing. However, personal data may only be collected, stored and processed lawfully, as data protection must be maintained. If this is not done, one is liable to prosecution.
Since 2018, website owners in the EU have been required to comply with the General Data Protection Regulation. This means that personal data is collected, stored and processed lawfully and recipients of the newsletter are informed about their rights and obligations.
Personal data may neither be collected nor passed on to third parties without the express consent and instruction of the recipients. If you do this anyway or use the collected data for purposes other than those stated, you must expect high penalties and/or warnings.
Is your newsletter DSGVO compliant?
Now that you have read this article and know about the essential requirements for the DSGVO-compliant design of a newsletter, you should make sure that your newsletter and the associated registration form are also created and sent in compliance with the law.
If you are not sure whether your newsletter is already designed in compliance with the regulations or how to design your newsletter in a DSGVO-compliant manner, feel free to contact us at any time. Alternatively, you can also benefit from our DSGVO scanner. With the help of data protection audits, we check your website, subpages and any forms for weak points and provide you with a detailed audit report.
Test decareto free of charge for 14 days and discover the benefits. We look forward to hearing from you!
Author: Eckhard Schneider