GDPR Email Compliance Checker
Audit your email marketing practices against GDPR requirements with this interactive checklist. Check consent collection, subscriber rights, data processing, and more.
Audit your email marketing practices against GDPR requirements. Answer each question to see your compliance score.
Do you collect explicit opt-in consent before sending marketing emails?
RequiredSubscribers must actively choose to receive emails. Pre-checked boxes do not count as consent under GDPR.
Do you use double opt-in (confirmation email) for new subscribers?
Best PracticeWhile not strictly required by GDPR, double opt-in provides strong evidence of consent.
Do you keep records of when and how consent was obtained?
RequiredYou must be able to demonstrate that consent was given, including timestamp, source, and what was consented to.
Is marketing consent separate from terms of service or other agreements?
RequiredConsent for email marketing must not be bundled with other consents or terms.
Can subscribers unsubscribe with a single click?
RequiredEvery marketing email must include a clear, easy-to-find unsubscribe mechanism.
Can subscribers request a copy of their personal data you hold?
RequiredUnder GDPR's right of access, individuals can request all data you hold about them.
Can subscribers request deletion of their data (right to be forgotten)?
RequiredSubscribers have the right to request complete deletion of their personal data.
Can subscribers export their data in a portable format?
RequiredGDPR gives individuals the right to receive their data in a structured, commonly used format.
Do your emails clearly identify who is sending them?
RequiredEmails must clearly show the sender's identity, including company name and physical address.
Do your emails link to your privacy policy?
RequiredInclude a link to your privacy policy so subscribers can review how their data is used.
Is the purpose of each email consistent with what subscribers signed up for?
RequiredOnly send emails that match the purpose for which consent was given.
Do you have Data Processing Agreements with your email service provider?
RequiredAny third party processing subscriber data on your behalf needs a DPA.
Do you only collect data that is necessary for your email marketing?
RequiredGDPR's data minimization principle means collecting only what you need.
Do you have a data retention policy and regularly clean inactive subscribers?
RequiredData should not be kept longer than necessary for its purpose.
Do you have a data breach notification process?
RequiredUnder GDPR, you must report certain data breaches within 72 hours.
If you transfer data outside the EU/EEA, do you have appropriate safeguards?
RequiredData transfers to countries without adequate data protection require additional safeguards.
Do your signup forms comply with cookie consent requirements?
RequiredIf your signup forms use cookies or tracking, you need separate cookie consent.
Disclaimer
This tool provides general guidance and is for informational purposes only. It is not a substitute for professional legal advice. GDPR compliance depends on your specific circumstances, data processing activities, and jurisdiction. Consult a qualified legal professional for advice on your compliance obligations.
About GDPR and email marketing
- GDPR (General Data Protection Regulation) applies to all organizations processing EU residents' data
- Fines for non-compliance can reach up to 20 million euros or 4% of annual global turnover
- Consent must be freely given, specific, informed, and unambiguous
- Subscribers have the right to access, correct, delete, and export their data
- Even if you are outside the EU, GDPR applies if you have EU subscribers
About this tool
GDPR compliance is not optional for any business sending emails to EU residents, and the fines for violations can reach 4% of annual global revenue. This interactive checklist covers the key requirements: consent collection, subscriber rights (access, deletion, portability), email content requirements, data processing agreements, and international transfers. Use this alongside our CAN-SPAM checker for US compliance, and make sure your emails include proper List-Unsubscribe headers. For technical compliance, verify your DMARC, SPF, and DKIM authentication.
Frequently Asked Questions
More Free Tools
View all toolsSPF Record Checker
Ensure your domain is properly authenticated with our SPF record checker. Avoid spoofing and improve inbox placement.
HTML Email Button Generator
Create bulletproof HTML email buttons that work in Gmail, Outlook, Apple Mail, and all major email clients. Includes VML fallback for perfect Outlook rendering.
Email Warmup Calculator
Calculate an optimal email warmup schedule for new domains or IPs. Get a day-by-day sending plan to build sender reputation without triggering spam filters.
BIMI Record Checker
Check if a domain has BIMI (Brand Indicators for Message Identification) configured. BIMI displays your brand logo next to emails in supported inboxes like Gmail and Apple Mail.