GDPR Email Requirements Matrix
| Key Element | What to Include | Non-Compliant Example | Compliant Example |
|---|---|---|---|
| Consent | Explicit opt-in source (e.g., LinkedIn, website form). | "We found your email online." | "You shared your email via [Source]." |
| Opt-Out | Unsubscribe link + clear instructions. | "Reply STOP to opt out." | "Unsubscribe instantly [here]." |
| Data Transparency | Explain why you’re emailing + how data is used. | None | "We process data to share relevant B2B insights." |
| Identity Disclosure | Your company name, address, and contact details. | "Team at SalesPro" | "Growth Team, [Your Company LLC], [Address]." |
3 GDPR-Compliant Templates
(For different cold outreach scenarios)
Template 1: The "Consent-Based" Outreach
Use Case: Contacting leads who downloaded a resource from your site.
Copy
Subject: Your [Downloaded Resource] + Quick Tip for [Industry] Hi [First Name], You recently downloaded our [e-book/guide] on [Topic] via [Website Form]. We’d love to share a bonus tip: [Specific Value]. **Why we’re emailing**: To send actionable [industry] insights (like this [Case Study](link)). **Your rights**: - Unsubscribe [here] anytime. - Review our [Privacy Policy](link) or email [DPO Email] with questions. Want more tips? Reply "Yes" – we’ll keep them coming. Best, [Your Full Name] [Your Role] @ [Company] [Company Address]
Why It Works: Explicitly ties consent to the download, offers value, and prioritizes transparency.
Template 2: The "Legitimate Interest" Outreach
Use Case: B2B outreach where GDPR allows "legitimate interest" (e.g., targeting decision-makers).
Copy
Subject: [First Name], 3 Ways [Company] Can [Solve Pain Point] Hi [First Name], As [Role] at [Their Company], you might be tackling [specific challenge]. We help companies like [Peer Company] [achieve result] using [solution]. **Why we’re emailing**: We believe our [solution] could benefit [Their Company] based on [public data/industry trends]. **Your control**: - Unsubscribe [here] in 1 click. - Request data deletion via [email]. Interested in a 10-minute demo? Hit reply with "Demo." Regards, [Your Name] [Company] | [Address] | [Privacy Policy](link)
Why It Works: Justifies outreach via legitimate interest, cites public data, and honors data rights.
Template 3: The "Re-Engagement" Follow-Up
Use Case: Post-event or webinar follow-up with clear consent.
Copy
Subject: [Event Name] Recap + Your Exclusive Access Hi [First Name], It was great connecting at [Event Name]! As promised, here’s your [resource/tool] to [solve problem]. **Why we’re emailing**: You opted in to updates when you [action, e.g., scanned your badge]. **Manage preferences**: - Unsubscribe [here]. - Update your interests [here]. Want more? Let us know! Best, [Your Name] [Company Address] | [Privacy Center](link)
Why It Works: Reaffirms opt-in context and gives control over future emails.
GDPR Checklist for Cold Emails
-
Source of Consent: State how/where you obtained their data.
-
Unsubscribe Link: 1-click opt-out, processed within 72 hours.
-
Identity Disclosure: Full company name + physical address.
-
No Pre-Ticked Boxes: Consent must be explicit.
-
Data Retention Note: "We store data for [X] months unless deleted."
Penalties & Prevention
| Risk | Penalty Range | How to Avoid |
|---|---|---|
| No Consent | Up to €20M | Always disclose data source. |
| Missing Opt-Out | €10M + reputational damage | Test unsubscribe links monthly. |
| Vague Privacy Policy | €8M | Use plain language + examples. |
Non-Compliant vs. Compliant Comparison
| Element | Non-Compliant Email | Compliant Email |
|---|---|---|
| Opt-Out | Buried in footer: "Reply to unsubscribe." | Bold link: "Unsubscribe instantly [here]." |
| Consent | "We bought your data from a list." | "You shared your email via [Event/Form]." |
| Data Use | "We’ll email you updates." | "We’ll send [specific content] monthly." |
Pro Tips
-
Localize Language: Adjust for EU countries (e.g., Germany’s stricter BDSG laws).
-
Avoid Assumptions: Never presume consent from business cards or old lists.
-
Audit Tools: Use GDPR-compliant email software (e.g., Mailchimp, HubSpot).
