GDPR in e-mail signatures: How to create a compliant email signature?

General

November 5, 2024

Why does GDDPR matter here?

GDPR (General Data Protection Regulation) is an EU regulation that aims to protect personal data. If your footer contains any personal information, such as your name, email signature or phone number, it is subject to GDPR.

What kind of personal data can be included in an e-mail signature?

The following personal data can be included in the e-mail signature footer:

  • First and last name
  • Job title
  • Email address
  • Phone number
  • Link to your profile on LinkedIn

What are the basic principles of GDPR regarding e-mail signatures?

  • Legality of processing: You must have a legal basis for processing the data contained in the e-mail signature. Most often, this will be the legitimate interest of the data controller (e.g., to conduct business).
  • Information: You must inform recipients that you are processing their personal data, for what purpose and what rights they have.
  • Data minimization: Collect only the data that is necessary to achieve the purpose of processing.
  • Security: You must provide appropriate technical and organizational measures to protect data from unauthorized access.

How to create an GDPR / DPA compliant e-mail signature?

  1. Minimize the amount of personal data: Provide only the necessary information.
  2. Inform about data processing: Add an information clause that explains why you are processing the data and what rights the data subject has.
  3. Ensure security: Protect data from unauthorized access, such as by encrypting the connection.
  4. Update your privacy policy regularly: Remember that your privacy policy should be accessible and understandable to everyone.

Example of an information clause:

We process your personal data to enable you to contact us. The controller of your personal data is [your company]. You have the right to access your data, rectification, erasure, restriction of processing, the right to data portability, the right to object to processing, the right to withdraw consent at any time. For detailed information on the processing of your personal data, please see our privacy policy: [link to privacy policy].

Where to look for more information?

If you want more detailed information on the GDPR and its application in practice, it's worth reading the materials provided by the Office for Personal Data Protection (OPA)

When creating e-mail signatures, remember that GDPR imposes certain obligations on you. By ensuring that your e-mail signature is compliant, you will not only avoid potential sanctions, but also build trust with your customers.

How to add an information clause in gSignature?

  1. Go to the “e-mail signatures” tab: Here you will find all your created email signatures.
  2. Go to “Extensions” and then into “Disclaimers.” In this section you can add various elements to your signatures, including legal clauses.
  3. Click “Add Disclaimer.” This is where you will create your GDPR clause.

  1. Give a title and add text: Enter the name of the disclaimer (e.g., “GDPR clause”) and paste the clause text you prepared earlier.
  2. Edit the e-mail signature: Go to edit the selected footer and in the “Disclaimers” field, select the previously created e-mail signature and save the changes.

Want to learn more? Get in touch with us!