Business emails and the law
Understanding email and the law will help your business avoid ruinous financial penalties and legal problems...
Emails are still one of the most accessible and affordable marketing channels available to small businesses.
Affordable, that is, until you end up on the wrong side of the law and have to pay a hefty fine.
To help you avoid a potentially ruinous financial penalty, we’ve compiled this guide
But please remember that this guide does not constitute legal advice. Legislation is constantly changing, so we can only present legal information at its highest level. It is therefore strongly recommended that you seek the help of qualified legal advice to deal with your specific situation.
Below, we cover:
Email compliance regulations
According to Gov.uk’s page on marketing and advertising, you can only send marketing emails to customers who:
- Have consented to electronic mail from you
- Or, have bought a similar product or service from you in the past, and you provide a simple way to opt out in every marketing message you send them. This is sometimes known as a ‘soft opt-in’
You must not disguise or conceal your identity, and must provide a valid contact address so the customer can opt out or unsubscribe.
Marketing emails to businesses fall under similar rules. Like customers, sole traders and some partnerships are treated as individuals, meaning they can’t be contacted unless they’ve consented.
However, you can send an unsolicited email to any corporate organisation, limited liability partnership, or government body. But remember: if you’re messaging individuals with personal corporate email addresses, there may be GDPR considerations.
For example, if you’re sending an email to firstname.lastname@example.org, Jo has the right to object to their personal data being used for marketing purposes.
Many of us have received emails with a disclaimer at the bottom of the page. These disclaimers are often very “legal” sounding and are designed to protect the sender from legal action.
The reality is that the courts will probably not uphold the disclaimer but it might help your case.
Most disclaimers cover breaches of confidentiality, propagation of viruses, contractual claims and employee liability. Some disclaimers seem to go on forever!
There’s no one-size-fits-all disclaimer, as what you disclaim will depend on the nature of your business.
Disclaimer Example 1
“IMPORTANT: This message is intended for the addressee only and may contain private and confidential information or material which may be privileged. If this message has come to you in error you must delete it immediately and should not copy it or show it to any other person.”
Disclaimer Example 2
“This email is sent on behalf of XXXX and its associated companies (“XXX”) and is strictly confidential and intended solely for the addressee(s). If you are not the intended recipient of this email you must: (i) not disclose, copy or distribute its contents to any other person nor use its contents in any way or you may be acting unlawfully; (ii) contact XXX immediately on XXXX quoting the name of the sender and the addressee then delete it from your system. XXX has taken reasonable precautions to ensure that no viruses are contained in this email, but does not accept any responsibility once this email has been transmitted. You should scan attachments (if any) for viruses. XXX. Registered in England no.XXX – Registered Office(s): XXX”
If you think it’s necessary to include a disclaimer in your business emails, seek legal advice on its effectiveness.
Legal requirements for email footers
Failure to include certain details in your email footer could land your business fines of up to £1,000.
The most recent legislation – the UK Companies Act 2006 (amended 2007) states that any private or public limited company, or a Limited Liability Partnership, must include the following:
- Company name
- Company registration number
- Place of registration (e.g. Scotland or England & Wales)
- Registered office address (which may be different from the office you trade from)
All business emails must now contain this data, whether a director or a dogsbody. If you are a sole trader, the requirement does not apply.
It’s sensible to create a legally sound template footer that can used company-wide.
Smallbutgettingbigger is a limited company registered in England and Wales. Registered number: 1234567. Registered office: The High House, 72 Claire Road, Leatherhead, Surrey KT21 5JU.
Monitoring email traffic
As an employer you are able to monitor email traffic to and from your business, to ensure security and protect your business. But you need to let people know…
A typical statement would be:
“Smallbutgettingbigger Ltd may monitor email traffic data and also the content of email for the purposes of security and staff training.”
The specific monitoring of employee emails is subject to a raft of legislation out of the scope of this article. Again, if this is an issue for you then take legal advice or you may find yourself in hot water with the authorities.
GDPR and email
General Data Protection Regulation (GDPR) came in guns blazing in May 2017, updating existing data protection regulation to protect individuals in the digital age.
It hit a lot of companies that relied on vast email databases hard.
According to the official GDPR website, personal data is…
“An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
It is, of course, possible to use some of this information without individuating someone. Problems arise when you collect a combination of information that clearly identifies someone.
As fines for the most severe GDPR breaches can amount to €20 million (£17.6 million), or 4% of global annual turnover (whichever is higher), best practice is to err on the side of caution.
Have an audit performed of your whole digital marketing strategy, including:
- Privacy notices
- Customer and prospect data
- The service providers you use for data storage, processing and marketing
According to the Information Commissioner, current legislation does not apply to ‘legacy lists’. This includes:
- Any addresses you had at 31 October 2003
- That has been contacted in the last 12 months
- That was collected in compliance with contemporary law
- That haven’t told you to stop contacting them
Once again, if you don’t have an in-house legal team, seek council from a qualified professional.
CRM software can be an extremely valuable tool for small businesses doing email campaigns. As well as storing invaluable customer information, it allows you to send highly targeted and personalised marketing emails instantly. Start comparing CRM providers by filling in the form at the top of the page. It's quick and easy.
Read more: How to optimise email open rates