Contacting Existing Customers in Compliance with GDPR
Approaching existing customers is an effective marketing tool for companies. At the same time, GDPR and competition law must be complied with. If you stick to the basics, you can contact existing customers easily and in a legally compliant manner.
Note: This article does not constitute legal advice. If you have any questions about your personal legal situation, please contact Jun Legal GmbH, Würzburg, with whom we work in partnership.
1. What is existing customer outreach?
Existing customer outreach refers to the targeted contact of individuals with whom a customer relationship already exists, e.g., through:
- a previous purchase,
- an ongoing contract,
- or the use of a service.
The communication can take place via email, telephone, post, or digital channels. The aim is usually to advertise similar products or services— in compliance with the GDPR and legally secure.
2. GDPR basics for addressing existing customers
The processing of personal data for the purpose of contacting existing customers is permitted on the basis of:
Art. 6 para. 1 lit. f GDPR (legitimate interest)
Companies may use data if:
- a balancing of interests is carried out, taking into account the rights of the data subject,
- There is transparency regarding data processing.
- and the data subject may object at any time.
3. Competition law (Section 7 UWG)
In addition to the GDPR, the Unfair Competition Act (UWG) must also be observed. Section 7 (3) UWG in particular regulates email advertising to existing customers.
Advertising communications via email are permitted if:
- the email address was collected in connection with a sale,
- only similar products or services are advertised,
- the address is not disclosed to unauthorized third parties (service providers such as Mainition, who work on behalf of and according to instructions, are excluded from this),
- and the right to object is pointed out.
4. Service providers and order processing
Anyone who uses external service providers for marketing to existing customers must comply with the rules on order processing under Article 28 of the GDPR:
- Conclusion of a data processing agreement (DPA)
- Processing exclusively in accordance with the company's instructions
- Implementation of appropriate technical and organizational measures
This ensures that communication with existing customers remains GDPR-compliant, even with external partners. With Mainition's existing customer activation service, order processing in accordance with Section 28 of the GDPR is directly part of our contract. This means we can get started with communication right away.
5. Conclusion: It's not hard!
It is easy to implement GDPR-compliant communication with existing customers —as long as the basics are observed.
With Mainition, this is especially easy: Thanks to our contact filter rules, opt-outs and other advertising restrictions are respected, and customers who have opted out are not contacted again.
This way, thanks to streamlined processes, you can contact existing customers with confidence and reap the benefits of your customer relationships.
