Email Marketing, GDPR Compliancy & The EU Court Rulings

Email marketing around the world had quite the shakeup in 2018 when the General Data Protection Regulation (GDPR) was implemented in the EU. Now, recent Court Justice of the European Union (CJEU) rulings will also have an impact on your email marketing.

Why? Simply put, the EU court’s decision affects which cloud service providers, for email marketing or otherwise, are compliant with the GDPR.

We understand there’s a lot of questions and concerns about this court decision, so we wanted to give you some information about it to help you make the right decisions about your email marketing and server choices.

Let’s jump back a few years and take a quick look at the GDPR before we move on to the new EU rulings and how they affect you.

A Quick Recap of GDPR

For anyone unfamiliar with GDPR, the law was introduced in 2016 to address the data protection and privacy of internet users specifically in the European Union.

The GDPR set up rules, processes, and requirements for how companies were allowed to use individuals’ personal information, regardless of where those businesses were based. So long as a company had data from a user living in the European Economic Area, that company would be required to follow this law and allow private individuals more control over their personal data.

Since the law would impact businesses who did business around the world, many of these companies had to audit how they handled the data privacy of email subscribers to see if they were GDPR compliant, especially when it came to third party service providers like email servers.

The GDPR went into full effect in May 2018.

The Impact of the EU’s New Rulings on Email

Now let’s move ahead a few years to the EU court’s decision. In July 2020, the CJEU ruled that U.S.-based servers don’t adequately protect the privacy of European users’ data, and therefore these American servers are not compliant with GDPR.

The CJEU also ruled that a data protection agreement called Privacy Shield, established by the U.S., the EU, and Switzerland from 2016-2017, was no longer a valid way to comply with EU privacy laws and protection requirements. Previously, this agreement had been the mechanism to legally comply with privacy laws when transferring data from European and Swiss customers into the U.S.

So what does this all mean for email marketing? Essentially, any company using American-based servers or third party providers for email marketing needs to figure out a way to store, collect, and use the data of European citizens in a way that complies with the EU court’s decision as well as previous laws like the GDPR.

This ruling has put many businesses in a tight spot. They either have to choose to stay with their U.S.-based servers and potentially close down their European operations all together, or they need to set up or pay for European servers in order to continue handling EU citizens’ personal data.

And since many businesses use such data in email marketing, this means third party email service providers need to be EU-based, too.

Your Best Option for a GDPR-Compliant Provider

If you’re currently on a non-EU server, especially one that’s based in the U.S., you have a choice ahead of you.

You can stay with your American mail server, which will likely give you more control over and access to your users’ data with the exception of your European customers. Or you can swap to an EU-based mail server to ensure you have bigger reach around the world, despite having less nuanced data on each user.

Fortunately for you, Inboxroad is based in Amsterdam so we have EU-based servers. If you’re a current customer with us, you’ve already taken one step towards becoming compliant with GDPR, EU court rulings, and any future changes that may be made about data privacy across European countries.

And if you’re not yet a customer with us, let’s talk about how you can become more compliant (as well as boost your email deliverability rates) using our SMTP servers. We’d love to help you!

You don’t need to be based in Europe to work with us, either. As long as you’re interested in working towards compliance with EU rulings, you’re well on your way to becoming a more trusted, global brand.