Save by Comparing CRM System Prices Are you currently using a CRM system? Compare quotes - it only takes a minute
Compare CRM Providers Today Compare quotes - it only takes a minute

Business emails and the law

Understanding email and the law will help your business avoid ruinous financial penalties and legal problems...

Our experts

We are a team of writers, experimenters and researchers providing you with the best advice with zero bias or partiality.

This article was co-authored by:

Email is still one of the most accessible marketing channels available to small businesses. And, with tools like CRM software allowing you to create eye-catching emails and then send them, en masse, to targeted lists of contacts, email marketing in 2020 has never been so easy, effective, and affordable.

Affordable, that is, until you end up on the wrong side of the law, and have to pay a hefty fine. We’ve compiled this guide to help you avoid doing just that – so read on to find out how you can navigate the tricky relationship between business emails and the law in the UK.

Please remember, however, that this guide does not constitute legal advice. Legislation is constantly changing (the GDPR, or General Data Protection Regulation, is a testament to that), so we can only present legal information at its highest level. We therefore strongly recommend that you seek the help of qualified legal advice, as we can't provide this.

What we can do, though, is help get you a good deal on CRM software that'll streamline and supercharge your email marketing. Most CRM systems also offer features allowing you to implement GDPR-aligned processes, while automatically adding compliant footers to your emails.

To get started comparing quotes from leading CRM software providers, simply provide us with a few details about your business. We'll ask about the kind of email marketing features you'll need, how many users will require access to the system, and what (if any) contact management software you're currently using.

You'll then receive free quotes tailored to your business' requirements.

Email compliance regulations

According to’s page on marketing and advertising, you can only send marketing emails to customers who:

  • Have consented to electronic mail from you
  • Or, have bought a similar product or service from you in the past, and you provide a simple way to opt out in every marketing message you send them. This is sometimes known as a ‘soft opt-in’

You must not disguise or conceal your identity, and must provide a valid contact address so the customer can opt out or unsubscribe.

B2B regulations

Marketing emails to businesses fall under similar rules. Like customers, sole traders and some partnerships are treated as individuals, meaning they can’t be contacted unless they’ve consented.

However, you can send an unsolicited email to any corporate organisation, limited liability partnership, or government body. But remember: if you’re messaging individuals with personal corporate email addresses, there may be GDPR considerations.

For example, if you’re sending an email to, Jo has the right to object to their personal data being used for marketing purposes.

Email disclaimers

Many of us have received emails with a disclaimer at the bottom of the page. These disclaimers are often very “legal” sounding and are designed to protect the sender from legal action.

The reality is that the courts will probably not uphold the disclaimer but it might help your case.

Most disclaimers cover breaches of confidentiality, propagation of viruses, contractual claims and employee liability. Some disclaimers seem to go on forever!

There’s no one-size-fits-all disclaimer, as what you disclaim will depend on the nature of your business.

Disclaimer Example 1

“IMPORTANT: This message is intended for the addressee only and may contain private and confidential information or material which may be privileged. If this message has come to you in error you must delete it immediately and should not copy it or show it to any other person.”

Disclaimer Example 2

“This email is sent on behalf of XXXX and its associated companies (“XXX”) and is strictly confidential and intended solely for the addressee(s).  If you are not the intended recipient of this email you must: (i) not disclose, copy or distribute its contents to any other person nor use its contents in any way or you may be acting unlawfully;  (ii) contact XXX immediately on XXXX quoting the name of the sender and the addressee then delete it from your system. XXX has taken reasonable precautions to ensure that no viruses are contained in this email, but does not accept any responsibility once this email has been transmitted.  You should scan attachments (if any) for viruses. XXX. Registered in England no.XXX  –  Registered Office(s): XXX”

If you think it’s necessary to include a disclaimer in your business emails, seek legal advice on its effectiveness.

Alternatively, you can look into sending your emails with a CRM system. This software helps you automate GDPR compliance by automatically adding a footer (that contains the essential information you need to satisfy your legal responsibilities) to the bottom of your emails. If you accidentally delete it, the system will remind you – or add it in again before you hit ‘send'.

Explore our guide to the best CRM systems for small businesses, or get in touch with them now. Simply click one of the thumbs below to get started on your CRM journey, and begin comparing quotes from leading suppliers.

Legal requirements for email footers

Failure to include certain details in your email footer could land your business fines of up to £1,000.

The most recent legislation – the UK Companies Act 2006 (amended 2007) states that any private or public limited company, or a Limited Liability Partnership, must include the following:

  • Company name
  • Company registration number
  • Place of registration (e.g. Scotland or England & Wales)
  • Registered office address (which may be different from the office you trade from)

All business emails must now contain this data, whether a director or a dogsbody. If you are a sole trader, the requirement does not apply.

It’s sensible to create a legally sound template footer that can used company-wide. Here's an example of a footer you're expected to include at the bottom of each commercial email you send:

Smallbutgettingbigger is a limited company registered in England and Wales. Registered number: 1234567. Registered office: The High House, 72 Claire Road, Leatherhead, Surrey KT21 5JU.

Monitoring email traffic

As an employer you are able to monitor email traffic to and from your business, to ensure security and protect your business. But you need to let people know…

A typical statement would be:

“Smallbutgettingbigger Ltd may monitor email traffic data and also the content of email for the purposes of security and staff training.”

The specific monitoring of employee emails is subject to a raft of legislation out of the scope of this article. Again, if this is an issue for you then take legal advice or you may find yourself in hot water with the authorities.

GDPR and email

General Data Protection Regulation (GDPR) came in guns blazing in May 2018, updating existing data protection regulation to protect individuals in the digital age.

It hit a lot of companies that relied on vast email databases hard.

According to the official GDPR website, personal data is…

An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

It is, of course, possible to use some of this information without individuating someone. Problems arise when you collect a combination of information that clearly identifies someone.

As fines for the most severe GDPR breaches can amount to €20 million (£17.6 million), or 4% of global annual turnover (whichever is higher), best practice is to err on the side of caution.

Have an audit performed of your whole digital marketing strategy, including:

  • Privacy notices
  • Customer and prospect data
  • The service providers you use for data storage, processing and marketing

CRM software is available from as little as £10 per user, per month, with some free options available, too. CRM software can help you create, personalise, and send emails in bulk, all while ensuring you remain GDPR-compliant.

Email lists

According to the Information Commissioner, current legislation does not apply to ‘legacy lists’. This includes:

  • Any addresses you had at 31 October 2003
  • That has been contacted in the last 12 months
  • That was collected in compliance with contemporary law
  • That haven’t told you to stop contacting them

Once again, if you don’t have an in-house legal team, seek council from a qualified professional.

Next steps

Remember, CRM software is an extremely valuable tool for small businesses running email campaigns.

As well as storing and segmenting invaluable customer information, CRM software allows you to send highly targeted and personalised marketing emails instantly. And, crucially, a CRM system can help you communicate in a way that is compliant, and entirely safe in the eyes of the law.

To start comparing different CRM systems, and get quotes from leading cloud-based CRM providers, let us help. Simply furnish us with a few details about your business' requirements, and we'll match you with supplier best-suited to your specific needs. The form itself takes about 30 seconds to complete, and all quotes are completely free.

Rob Binns
Rob Binns

Senior Writer

Rob has been writing for Startups since the COVID-19 pandemic of 2020. Hailing from Wellington, New Zealand, Rob brings to the table industry-specific knowledge of payments, finance, cryptocurrency, and business loans.


(will not be published)

Get the latest Startup news and information

Please verify before subscribing.