The advent of GDPR has launched an industry of, lawyers, experts, consultants, speakers, many of whom warn pharmaceutical companies about the dangers of communicating with customers without an opt-in.
As the consultants tend to say: without an opt-in, a business can not send an E-Mails But wait, that’s too simple. In fact, there are many situations where a business can send an E-Mail, even without an opt-in.
Before I continue, let me say that I am not a lawyer. However, having listened to and read the advice of a number of experts as well as having read the actual text of the directive, I can confirm that there are many gray areas in GDPR and a fair amount of disagreement among the experts.
In fact, I would like to point out a few cases where businesses can legally send E-Mails to recipients who have not given an opt-in. For simplicity, I use the term E-Mail this article. However the same applies to other forms of electronic communication such as SMS, social media, online messaging services and fax.
1. A genuinely personal E-Mail. I’m not referring to a mass mailing where the salutation has been personalized to “Dear Mr. Bond.” But I do mean truly personal E-Mails, for example: “Hi James, it was great to see you at our kids’ soccer game last weekend. I’d love to follow up on our discussion.” No marketing department would generate such an E-Mail. You can safely send it out, even if James has not given you specific permission to do so. In fact, you can send it even if James has given you specific instructions NOT to do so. Whether or not that’s a good business decision is another question. But at least it’s legal.
2. Any E-Mail that your contact can expect due to the situation. This could be in connection with a meeting, event, request for material, sample drop or any other transaction that has already been entered into or considered by both parties, e.g. “Hi Jim, I just wanted to confirm our meeting that you requested next Tuesday at 10:00” or “I’d like to inform you that the sample was shipped today.” Again, no specific opt-in is required for such E-Mails.
As you can imagine, the text “can expect the E-Mail due to the situation” leaves a lot of room for interpretation. And yet that’s what GDPR says.
3. When your contact is already a customer. This gives you a green light to send marketing E-Mails and newsletters to doctors and pharmacists who have ordered or prescribed your products, attended your events, or, according to some interpretations, merely met with your sales reps – even without an opt-in. Just make sure you add an opt-out link to such E-Mails.
Based on this interpretation, most pharmaceutical companies could continue to send out newsletters to a large portion of their contacts even without an opt-in.
GDPR is only weeks old. Some pharmaceutical companies will attempt to stretch the rules to their advantage. Others companies may follow a more restrictive interpretation of the rules.
Once the regulators get to work and issue the first warnings or even fines, the lawyers and courts will get busy. It may take months or years until we have clarity on GDPR.