How does GDPR affect email marketing practices?

• A. Prohibits marketing entirely in the EU.
• B. Requires lawful basis, data minimization, consent management, access/right to erasure, and clear privacy notices for EU subscribers.
• C. Requires data encryption only.
• D. Has no impact on email marketing.

Answer: (B)

The core idea is that GDPR governs how personal data of EU subscribers can be used in email marketing. It doesn’t ban marketing, but it imposes concrete rules you must follow when you process that data. The best choice reflects several essential requirements: you need a lawful basis to process data (often consent for marketing), you must practice data minimization (only collect what you truly need), you must have a system for consent management (documenting consent and honoring withdrawals), you must respect the rights of individuals to access their data and to have it erased, and you must provide clear privacy notices that explain who processes the data, for what purpose, how long it’s kept, and with whom it’s shared. These elements ensure transparency, security, and control for EU subscribers, and they apply even if the marketer is outside the EU.

It’s not about an outright ban on marketing, and while security measures like encryption are important, GDPR covers a broader set of responsibilities than encryption alone, including rights management and transparency.