Email Marketing Laws In the UK

The email has evolved from a simple medium of communication to the most effective form of marketing.

Did you know that several UK laws give strict guidelines for the use of email marketing for commercial purposes?

Marketing departments often fail to understand and comply with the rules resulting in hefty fines or tarnished reputations.

Marketing through email is a science as well as an art. Companies often focus excessively on the technical and creative side but ignore the laws governing email marketing.

The article will help you understand what to do with your next campaign to ensure that it complies with the UK laws.

What are the UK laws around email marketing?

In the UK, the two primary laws which deal with email marketing are:

  • GDPR &
  • PECR

1. The GDPR UK Law

Under the GDPR (General Data Protection Rule), individuals can prevent companies from accessing their data.

Personal data is defined as any information related to an identifiable person.

The heart and soul of GDPR are seven key principles mentioned in Article 5 of legislation

The seven principles of GDPR are fairness, lawfulness and transparency; purpose limitation; data minimisation; accuracy; integrity and confidentiality; and storage limitation.

  • Under the GDPR consent of an individual is considered as a critical aspect. The consent can be either expressed or implied.
  • The individuals should freely give their consent. It should be informed, specific and should involve an indication signifying agreement.
  • The GDPR puts tight regulation in holding an individual's personal; data.
  • Personal data can be stored for non-marketing purposes and retained until it has served the purpose.

Read more about GDPR in our article on “Email marketing under GDPR.”

2. The PECR UK Law

The PECR is an abbreviation of Privacy and Electronic Communications Regulation. This law forms a part of the European Union ePrivacy Directive.

PECR accompanies GDPR as a part of the data protection rules in the UK.

These regulations are designed to have a tighter grip on the direct marketing communications made to the individuals through any electronic means such as text, emails etc.

The PECR regulation covers:

  • Use of cookies or any other similar technology for tracking purposes.
  • Any form of electronic communication made for marketing (Text messages, emails etc.)
  • To make sure that the communication service providers are secure. These include customer privacy-directory listing, location-based data, traffic and other identifiers.

Individual subscribers vs corporate subscribers



In England and Wales, the restrictions for sending emails to individual subscribers apply not only to customers but also to traders and partners in a business partnership.

This is because as per law, every business or company is considered as an individual.

You might think that a corporate subscriber only includes partnership firms or companies, but in reality, hospitals, schools, government bodies, public departments and other agencies are also included in this category.

1. Rules for corporate subscriber

It is okay to send a cold email to a corporate customer. But make sure to double-check that it is company id where you are sending your cold emails.

Say, for example, sending an email to “” is perfectly fine until they ask you to stop mailing them.

Sometimes you might be misled by the "" address. This might not necessarily belong to a limited company. In the UK anyone can register a "" domain with ease.

Make sure to add an unsubscribe link at the bottom of the email to make the opt-out process smooth and hassle-free.

2. Rules for an individual subscriber

If you have the required consent from an individual, you are allowed to send direct marketing emails. Sometimes during the subscription process, they will only provide specific consent by ticking/checking only selected boxes while entering their email ids.

In such scenarios, it is prohibited to send emails for the categories they have not opted for.

  • While sending emails to a family address, you should have reasonable grounds to believe that the person who has opted in can speak on behalf of the family.
  • If you allow third parties to advertise through your emails, you need to obtain specific consent from your readers before you do so.

Partnership firms and sole traders have to be treated as individuals under the GDPR (solicitors, accountancy firms etc.). So make sure that you get their permission before sending emails.

Implied consent (Soft opt-in)

Implied consent is when a person has consented to receive emails from you through his specific actions. This is called soft opt-in.

Under the soft-opt in you are allowed to send marketing emails if:

  1. You have obtained their email ids during the process of sale or negotiation of the sale.
  2. Sending marketing emails for similar products and services that the customers have purchased.
  3. The recipient was given a choice to refuse when the details were collected.
  4. They were given ample opportunity to unsubscribe in subsequent emails.

What do you need to do to comply with these laws?



Here are some essential tips to make sure that your email marketing campaign is streamlined with UK laws.

1. Identify your emails as an ad

GDPR laws state that you should clearly and accurately mention that your email is an advertisement.



However, the law does give some flexibility, and you don't need to specifically mention that you are sending an advertising email every time you send a message. Marketers can choose their unique ways.

Even a clear subject line indicating the purpose will do just fine. Say for example "Discount sale for the week" or "30% off on all electronics products" etc.

The most important thing here is that marketers should not deliberately try to trick the readers into thinking that it is a personal email.

2. Make sure that you have permission from your recipients

The General Data Protection Regulation in the UK conspicuously mentions that you can send emails only to those who have permitted you to do so.

Permission can be broadly divided into two: Express permission or Implied permission.

Express permission is when someone directly requests the user's consent to send out emails by entering their id.

Many company websites have a subscriber form where the user could enter the email address and other personal details to opt for newsletters.


Some businesses use a pop up that will appear when a user visits the website requesting them to enter their email address to receive weekly news updates via email.

Another form of permission is implied permission where you have an existing relationship with a firm or a person. Say for example; they are a member of your club or community; or they have donated repeatedly to your charity program, or they’re active customers of your firm etc.

3. Include your details


As per the directive of General Data Protection Regulation in the UK, while sending marketing emails, the companies should mandatorily include a valid postal address of their business.

This should include your premise identifier, details of the street, post town and UK postal code.

4. Never mislead your customers with incorrect details

The privacy protection rule in the UK states that by no means should you include misleading header information to trick the customers into opening your emails.

Header information refers to the extra information you send with your campaign, such as subject line, reply to address, name, etc.

5. Give importance to unsubscribe requests


The GDPR laws direct that any request to unsubscribe should be treated with due regard.

  • The opt-out process should be made uncomplicated and done within ten business days.
  • The company should not ask any personal information from the user during the opt-out process other than their email IDs.

6. Provide an easy way to opt-out

UK GDPR laws are quite strict in ensuring that the opt-out process should be done clearly using an easy to understand the mechanism.

If your business sends out regular marketing emails, it will be a good idea to add an unsubscribe link below the email so that the user can click and opt-out with ease.

Are email laws less stringent on transactional emails?

Transactional emails are mainly sent as a part of the pre-agreed transaction between the company and the user. These include order confirmation emails, delivery confirmation email, account notification, password reset etc.

When compared to other forms of emails, transactional emails have extremely high open rates.

Thankfully, GDPR laws in the UK have an exemption for sending transactional emails, and the majority of their regulations are only applicable for marketing messages.

If you have any messages that you cannot include in your regular marketing emails due to legal regulations, you could include them in your transactional emails at least for now.

Bottom Line

If you are planning to send out emails in the UK as a part of your marketing campaign, it is vital to ensure that your campaigns are running as required by the laws. Take time to research GDPR and PECR legislations to ensure that your campaigns are done as per the provisions in the law.

Finally, ensure that your email marketing service provider has a strong presence in the country and is well aware of the relevant terms and conditions prevalent in the region.

The article is a part of our comprehensive guide on “Email Marketing in the UK”.