Create GDPR-compliant email signatures
What must companies take into account when sending e-mails?
The legal regulations strengthening data protection require every company to implement numerous adjustments when handling data and providing information. These measures also include making its email signatures GDPR-compliant. If email signatures were until recently just a good way to endorse corporate image, they are now a must. But this raises the difficult question of what exactly signatures need to contain to be compliant with data protection and how much information is sufficient.
To understand the GDPR, it is helpful to first know its principles. The aim of the GDPR regulation, which came into force on May 25, 2018, is to create more transparency and control over the use of data by imposing information requirements and data processing rules.
The GDPR incorporates the following six principles (source: https://dsgvo-gesetz.de/ as of 10.02.2023)
- lawfulness, fair processing, transparency
- purpose limitation (processing only for specified, explicit and legitimate purposes)
- data minimization (“adequate and relevant to the purpose and limited to what is […] necessary”)
- accuracy (“all reasonable steps must be taken to ensure that [inaccurate] personal data are erased or rectified without undue delay”)
- storage limitation (data must be “kept in a form which permits identification of data subjects for no longer than is […] necessary”)
- integrity and confidentiality (“appropriate security of personal data […], including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage”)
How does the GDPR affect your email signatures?
Legally, since 2007, emails constitute official communications and business letters and are therefore subject to the GDPR. Accordingly, upon first contact with external parties, the company must provide information about how their data will be handled.
If this information is not submitted correctly and completely, the company could face fines of up to 5,000 euros.
The registry court could impose a fine on you. For the particularly serious violations listed in the law under Article 83 (5) of the GDPR, the fine range is up to 20 million euros or, in the case of a company, up to 4% of the total annual worldwide turnover in the previous fiscal year, whichever is the higher. Furthermore, according to Section 14 of the Commercial Code, a maximum fine of 5,000 euros is imposed. In the event of non-compliance, the registration court shall repeatedly set the penalty payment. (Source: https://dsgvo-gesetz.de/themen/bussgelder-strafen/ from 10.02.23)
Step-by-step guide to making your email signature GDPR compliant
What does a well-structured and GDPR-compliant email signature communicate to the outside world?
- Trustworthiness and responsibility
By incorporating GDPR into email signatures, external parties can be confident that the company has the knowledge and priority to keep their personal data secure and confidential.
- Competitive advantage
With a professionally designed and flawless email signature, you can easily distinguish yourself from your competitors. Centrally managed and automated disclaimer and signature solutions, in particular, make work easier and ensure consistency throughout the organization.
Creating an email signature that also complies with all the GDPR guidelines is actually quite easy. We have created a checklist for you to follow. Each company can go through the steps on their own and compare them to their existing email signature. If something is missing, take immediate action to add it and avoid penalties.
GBS Checklist for a DSGVO-compliant email signature
The mandatory information for an email signature varies depending on the legal form, but in general the following information is mandatory.
- Step: Create an email signature template with the employee’s,
- email address
- Step: Add your imprint. This must contain the following:
- company name
- the address
- sales tax identification number
- company contact details
- Optional steps
- Optionally add a link to your contact page.
- Optionally add a consent to the newsletter.
- Optionally add company logo.
- Optionally add some social network links.
- Step: Test the email signature
- for incoming and outgoing emails
- if all links are working.
- Step: Update the email signature regularly to make sure it meets the latest GDPR requirements.
Information such as tax number or bank account details are not mandatory. This also applies to telephone number, fax, e-mail address or website, although they are highly recommended for marketing purposes and to facilitate contact.
By following these steps, you will be able to create a GDPR compliant email signature that is professional and well-structured. As a result, your email signature will communicate a positive image of your company. To ensure compliance with the GDPR, companies should also regularly update their email signatures according to the latest data protection regulations.
Check out our GBS special tip on how to make your entire email communication compliant.
Once you’ve identified what information and links your email signature needs to contain, it’s easy to create it internally. However, there is always the problem of how it will be implemented throughout the organization. Will all employees use it correctly, will they modify it to suit their preferences, will the formatting be maintained, etc.?
There is a way to relieve employees of the burden of managing their signatures on their own, and that is through centralized management via a signature management solution, such as iQ.Suite Trailer. Such a solution enables regular signature updates in line with regulatory requirements and ensures full consistency with corporate design. Another advantage is also that it enables the use of email signature marketing, which is becoming increasingly popular as a targeted and cost-effective marketing tool.
Author: Lukas Schöber