In case you are not familiar with the term, transactional emails are automated responses triggered by interactions with your company. This includes a whole range of emails, from the Welcome ones when somebody subscribes to your email marketing list to those which are sent following a purchase. Subjectively, the rate of use appears to be increasing.
There is nothing about a transactional email sent to non-subscribers which does not comply with the GDPR. They might be receipts, delivery information or updates of terms and conditions. Recently, a major supermarket chain was heavily fined for an email they believed complied with the regs, so take care.
Thinking, because they are not a marketing email, the GDPR is not relevant, misunderstands the basis of the regulations as, in order to send the emails, reference to a database of personal information is necessary. If the recipient hasn’t given clear consent to receiving a marketing email, there must be a legitimate reason for the transactional email, and one you would be happy to put to the regulating authority if asked. Ask yourself, ‘Do I need to send this?’ Answering ‘Yes’ is only the first stage.
Some transactional emails are pushing against what have been accepted as the normal boundaries. Nothing wrong in this. In fact, it’s something we should do all the time while being aware that a step too far can be an expensive mistake. The most obvious way in which a transactional email can breach the GDPR is to look uncommonly similar to a marketing email.
Many of us have seen major online stores sending transactional emails which can best be described as lightly camouflaged email marketing. Many people seem happy to be sent a link to a downloadable invoice, or to be told of when delivery is expected, but the now-normal offer of, ‘Customers who bought this product also bought . . .’ is risky, but it goes on.
The assumption is the company is suggesting that the products it displays in the transactional email are related to the product that was bought, so it is merely information that’s in addition to the product. I wonder if they cross their fingers.
I have received something similar from a company whose email marketing list I do not subscribe to. I bought a printer. It’s fair to say I’d accepted I would be buying inks and paper at regular intervals so the coupon for 15% off the first purchase of the former was rather welcome. The suggestion included in the transactional email was to save it as it contained a link to the receipt and the code I would have to apply to get the reduction. I can’t see a lot to argue with there.
Remember you might be explaining your interpretation of legitimate interest to the regulator. They could well be convinced by the reference to transactional emails in your privacy policy. If you do not include an unsubscribe button as in marketing emails be clear on this to your customers and have a ready explanation as to why to the regulators.