What else do companies need to pay attention to?
Not only the consent of the mail recipient is relevant from a legal point of view. The following points may also be relevant for individual companies in terms of newsletter data protection.
Data protection: E-mails must be sent in such a way that none of the recipients can see the e-mail addresses or names of other recipients. These and other personal data must not be made visible by the company under any circumstances.
Transfer of data to third countries: Most companies use professional software solutions for their email marketing. Cloud services in particular, such as Mailchimp or Cleverreach, are popular for sending advertising to the respective recipients.
However, the servers of some providers are located abroad. In the case of Mailchimp, the servers are located in the USA and thus in a third country. A transfer of personal data to third countries is not permitted without the consent of the person concerned.
Obtaining explicit consent to be included in the newsletter at a later date is difficult because experience shows that many recipients do not respond to such requests. (The use of Mailchimp or services of other US companies may also be possible, however, by entering into contractual agreements (e.g. based on standard contractual clauses) that guarantee an adequate level of data protection.
Purchase of data records: There is a lot of data trading on the internet, including email addresses for newsletter advertising. Companies that buy data records for advertising purposes have to be extremely careful. If the recipients have not given their consent, they may be in for big trouble.
It is advisable to check whether the recipients of e-mails have expressly given their consent to the transfer of their personal data and to the receipt of a newsletter.