Visisto is the complete website growth system and is GDPR compliant. Data is processed in accordance with EU regulations. A DPA is available on request.
GDPR isn't optional, and in 2025 enforcement finally caught up with email marketing. The ICO, CNIL, and German DPAs collectively issued over €150 million in fines for email marketing violations last year. Most were for three specific failures.
The three most common GDPR email violations
First: pre-ticked consent boxes. Under GDPR, consent must be freely given, specific, informed, and unambiguous. A pre-ticked 'Sign up for our newsletter' checkbox is invalid consent. The subscriber must actively tick the box.
Second: no consent record. Consent must be documented — not just collected. If an authority asks when a subscriber consented and how, you must be able to prove it with a timestamp, the copy they agreed to, and the method used.
Third: bundled consent. 'By creating an account, you agree to our terms and consent to marketing emails' — this bundles two separate consents. GDPR requires granular consent: terms acceptance and marketing consent must be separate.
The GDPR email marketing checklist
- All email capture forms use explicit, unchecked opt-in
- Consent copy clearly states what they're signing up for
- Consent timestamp, IP, and form copy are recorded for every subscriber
- Every email contains a working unsubscribe link
- Unsubscribes are processed within 10 days (GDPR requires prompt processing)
- DPA signed with your email marketing provider
- Privacy policy links to your email data processing practices
- No purchased lists or scraped contacts
- Data subject requests (erasure, access) can be fulfilled within 30 days
How Visisto handles consent records
Every Visisto subscriber record automatically captures: the timestamp of consent, the popup or form they signed up through, the exact copy shown on that popup, the page URL, and the device IP. You can export this data for any subscriber in one click — which is exactly what an authority audit requires.
For EU businesses: Visisto complies with GDPR. We act as data processor for your contact data. Full DPA available at visisto.com/legal
If you want GDPR-compliant email marketing with automatic consent records, Visisto is free to start — no credit card: visisto.com
Enjoying this article?
Get tactics like this in your inbox. Weekly. Free. No spam.
Join 35,000+ readers · Unsubscribe anytime
Written by Venu Vivek Cheruku
Founder, Visisto



