Is it OK to Send Emails to a Database That Isn’t Yours?

You must carefully abide by the data privacy requirements of the GDPR when sending emails.

gdpr data privacy rules with email marketing
Shutterstock Photo License - Monster Ztudio

Data privacy is more important than ever. Seventy-seven percent of customers in the United States at at least somewhat concerned about data privacy, according to a 2019 survey by Pew Research. You can’t just focus on protecting consumer data privacy because they expect it. Data protection is now a legal requirement.

The GDPR regulation which we are all too familiar with was introduced in 2016, signaling an end to bulk-sent chainmail which recipients had not consented to receiving. It is the most drastic legislation ever passed to protect data from being leaked.

Prior to this point, marketers were able to email whomever they liked, however much they liked, and it was irrelevant as to how they obtained their contact details. The new legislation means that marketers must take more stringent measures to protect their data. While some people are still debating whether data privacy is a right or a luxury, there is no disputing the fact that it is a legal expectation, at least for companies doing business in Europe.

Now, five years on from GDPR’s introduction, companies and marketers must stay firmly in line with data privacy regulation. This means that they are prohibited from emailing recipients who have not consented to receiving their mail. If marketers fail to comply with these rules, they could be levied with a fine by the ICO following an investigation. In simple terms, it’s risky (and illegal) to not comply with GDPR.

What Are The Data Privacy Rules on Email Marketing And When Can I Send Marketing Emails?

Data privacy requirements don’t usually prohibit you from messaging people that want to be contacted. As long as those you are emailing have opted in to receive contact from you, then you are well within your rights to contact them. This usually refers to emails or text messages, which could contain updates, information, offers, competitions, discount codes and much more. When customers tick that box that says ‘opt into contact’ or words to those effects, it means they want to hear from you, and you are well placed to get in touch.

However, when customers agree to hearing from you, they can change their mind at any point. For that reason, it is pivotal that marketing emails provide the option for readers to unsubscribe from your mailing list. You need a regularly updated database to meet their needs. You have to avoid data privacy complacency at all costs. Failing to honor their request can land you in trouble, and can damage your reputation as you show a lack of care for customers.

You should not seek to buy email addresses, contact lists or similar data from third parties. This is usually looked upon unfavorably, as you are essentially buying data and the ability to contact people who haven’t consented to your contact.  Even so, engaging in brand partnerships can provide you with the opportunity to contact their clientele, with genuine reason and through respectable means. When doing so, you should outline to recipients how you retrieved their details and, yet again, provide the option to unsubscribe.

How Can I Safely Send Emails?

If you are trying to contact somebody for a particular purpose, and their contact details have been made visible by them online, then you are generally safe to send them an email.

‘Contacting someone is perfectly fine,’ said Ben Sweiry of installment loans provider, Dime Alley. “As long as you are not sending endless emails their way, there is nothing wrong with finding someone’s email address if it is already online and sending someone a message.”

“Respecting customer privacy is essential to a strong business. Customers are your audience, and your audience should be treated well.”

“It is also perfectly fine to send someone a follow-up email. Where the line is drawn is where you opt them into regular contact where they have not consented. Adding them to your subscription list without their say-so is in breach of GDPR and can have serious consequences if they report you.”

Partnering with brands allows you to get in touch with a new and wide audience, and this is a safe, and customer-centric means of reaching a greater client base. However, to be safe and respectful, you should always include how you received their contact details, and how to unsubscribe.

If you are still unsure, or have further queries, you should have a look at the GDPR guidelines online.

Toni Allen is the general manager and editor of, she has two decades of experience running online businesses with a focus on web hosting technologies.