Marketing and Data Protection Consents
When we talk about digital marketing campaigns, we're referring to strategies based on sending promotional or advertising emails with the goal of generating engagement or loyalty. But when is it necessary to obtain the recipient's consent?
If we take a company in Spain as a reference, we must take into account two essential regulations:
- Organic Law on Data Protection and Guarantee of Digital Rights
- General Data Protection Regulation (GDPR)
Legal Basis for Data Processing
If you handle contact, identification, or business data, you must have a legitimate basis to process it under the GDPR. This means that the processing of personal data is prohibited unless one of the following conditions is met:
- Consent of the interested party
- Execution of a contract
- Compliance with a legal obligation
- Protection of vital interests
- Public interest
- Legitimate interest
Sending Advertising Emails: Consent and Exceptions
If a Spanish company wants to send commercial emails to customers and potential customers, it can rely on two legal justifications:
- Express consent of the recipient
- Legitimate interest of the company
Legitimate interest is regulated by the Law on Information Society Services and Electronic Commerce (LSSICE), which requires prior consent for electronic commercial communications, except when:
- There is a prior contractual relationship
- The data was obtained legally
- The company sends information about products or services similar to those already contracted
If any of these conditions are not met, the recipient's consent will be required, which must be:
- Free: Without pressure or coercion
- Specific: Clear acceptance to receive commercial emails
- Informed: With access to basic information on data processing
- Unequivocal: Expressed through affirmative action
Opt-Out Right: Key to Complying with the LSSICE
Regulations require all emails to include a clear option to unsubscribe from future communications (opt-out). Failure to include this option can lead to significant penalties.
Consequences of Non-Compliance with the Regulations
- Law on Information Society Services and Electronic Commerce
- Minor and serious infractions
Minor > Up to €30,000
Serious > Up to €150,000 (Insistent or systematic sending of communications) - Data Protection Regulations
- Up to 20 million euros or 4% of annual turnover
Conclusion
Complying with data protection regulations not only prevents penalties, but also improves your brand's reputation and strengthens your relationship with your customers. Before launching your next email marketing campaign, make sure you have the proper consent and a legally secure strategy.
English 
Español 
london
Hong Kong
