Can I send an electronic Christmas card soon?
What you need to know.
The end of the year period is coming up and you want to send a Christmas card as usual to your family, friends but also to your professional contacts. The sending of Christmas cards to family and friends is a "purely personal activity" which is exempt from the application of the GDPR (see Article 2, c) GDPR). If you, as a company, send a Christmas card to customers and professional contacts, you must, however, comply with the GDPR rules.
What you need to do.
A frequently asked question is whether your company needs the prior consent of the data subject before sending a Christmas card. In the first instance, it certainly seems defensible that your company has a legitimate interest in sending Christmas wishes. However, if the Christmas wishes are sent electronically, for security reasons, you should also take into account the ePrivacy legislation that imposes prior permission for any form of "direct marketing" that is sent electronically. After all, it cannot be ruled out that a Christmas card may be seen as a "promotional message" from your company.
The ePrivacy legislation provides for two important exceptions to the consent obligation that you can make use of:
- sending Christmas cards to individuals with whom you have an existing customer relationship or, in a B2B context, with whom you have had a first contact.
- sending Christmas cards to a purely B2B address (i.e. an info@... address).
Companies wishing to make use of these exceptions must give the data subjects in the electronic communication the opportunity to unsubscribe free of charge and in an easy manner (e.g. at the bottom of the electronic Christmas card).
It goes without saying that companies must also comply with their other obligations under the GDPR, such as the obligation to inform data subjects in a privacy statement about this use of their personal data.
Please consult our website or contact one of our team members if you have questions or require more information: