Digital marketing enables companies to communicate directly with customers, but data protection law lays down clear rules on the collection and use of personal data.
Consent and Legitimate Interest
For sending newsletters or marketing offers by electronic means, a company generally needs the individual’s explicit consent. Consent must be freely given, clear, and separate from other terms and conditions. In some cases, a company may process data on the basis of legitimate interest (e.g. informing existing customers about similar products), but it must always provide an option to object.
Obligations of the Controller
As a data controller, the company must:
-
keep a record of processing activities,
-
implement appropriate technical and organisational measures for data protection,
-
inform individuals about their rights (right of access, rectification, erasure),
-
in the event of a data breach, notify the supervisory authority and the individuals concerned.
Conclusion
Proper collection and use of contact data for marketing purposes strengthens customer trust and helps avoid fines. Companies should regularly review whether their marketing activities comply with the requirements of the GDPR and the Electronic Communications Act.
