GDPR email templates: things to know

Do you need a GDPR email template?

The new European data protection regulation has imposed security measures also for what concerns email, both from the point of view of the management of the mail accounts and the carrying out of email marketing activities.

A GDPR Readiness Statement Letter and Prove List, as you can read in this article. With our template, you do the job:



The objective is always the same: the protection of personal data, that is, of all those data or information that, used alone or in combination with others, can serve to identify a specific individual. For more information, see our Case Study.

But how do the directives of the regulation apply to the various activities that involve the use of email?

Let’s find out together! What company mail do you use? As explained on the European Commission website:

“(…) information relating to individual companies may constitute personal data if they allow the identification of a natural person. The rules also apply to all personal data relating to natural persons during a professional activity, such as for example employees of a company / organization, such as company e-mail addresses of the type “[email protected]. it »or the company telephone numbers of employees.”

In simpler words, this means that corporate emails should also be considered as personal data when they are registered. In fact, even if it is related to the business, from an email of the name [email protected] it is possible to identify the person who writes: from the name and surname and from the company for which he works we can in fact trace precisely to a specific individual. In this case the email falls within the scope of the regulation of privacy and must therefore be protected.

This does not mean that by using e-mail of this type you risk a sanction, but simply that the e-mail also represents a matter to be treated with care. To avoid possible risks to privacy and consequent penalties, a solution could be to make mail non-nominative and replace name and surname with a more generic term, for example relating to the field of operation (marketing, sales, support, etc.).

But exactly, how can you protect corporate e-mails?

First of all, access to the account should be guaranteed only to the owner of the e-mail, who should also be the only one authorized to check the contents. The employer can check emails only with prior consent.

Attention should also be paid to spreading the e-mail to third parties, precisely for the reasons explained above concerning the identification of the individual. According to the legislation, for full consent verbal authorization would be required, even if in reality this is very often implicit.
Last but not least, you need to choose a mail provider suitable for business use, which is functional and in line with the policies indicated by the Regulation.

Currently, GSuite can be considered as the only truly GDPR compliant mail provider: the paid web app suite created by Google for companies is in fact the only one to allow remote device management through the account. A particularly useful feature in the case of loss of corporate mobile devices (smartphones, tablets), because it allows you to delete the account and all the data related to it and thus avoid the data breach.

And the GDPR email template?

You need to inform your partner, who process personal data as your customer’s data, to confirm their compliance to the GDPR. Furthermore you have to record the answer: have a look to our ready to use template!