Under GDPR, what are the requirements for valid marketing consent? (Select all that apply)

Consent must be freely given without coercion or bundling with other terms. Additionally, Consent must be specific to the purpose - marketing consent is separate from service consent. Additionally, Consent must be informed - the person must know what they're consenting to. Additionally, Consent must be unambiguous - requiring a clear affirmative action.

A contact originally opted in to receive marketing emails but later clicked 'unsubscribe.' What should you do?

Stop all marketing communications immediately - consent withdrawal must be honored right away.

Your company purchased a list of 10,000 'GDPR-compliant' contacts from a data broker. Can you send them promotional emails?

No - the contacts gave consent to the broker, not to your organization. Purchased lists rarely meet GDPR standards for direct marketing.

Marketing Consent Management

Learn to distinguish between consent categories, understand why purchased contact lists rarely meet GDPR standards, and properly segment campaigns. Discover what makes consent legally valid: freely given, specific, informed, and unambiguous through a clear affirmative action.

What You'll Learn

Recognize common cybersecurity threats
Respond appropriately to security incidents
Protect sensitive information
Follow security best practices
Report suspicious activities

Training Steps

Introduction

Welcome to GreenLeaf Marketing Solutions! You are Alice, a Marketing Coordinator responsible for managing email campaigns and customer communications. Today, you will learn about GDPR consent requirements and how to properly manage marketing consent to avoid serious compliance violations.
The Campaign Request

Alice receives an email from her manager Sarah asking her to send a promotional campaign for a new product launch to 'all contacts' in the marketing database. Sarah mentions that the CEO wants maximum reach for this campaign and expects it to go out by end of day.
Checking the Contact List

Before sending to all contacts, Alice decides to review the marketing database to understand what types of contacts are included. She logs into the GreenLeaf Marketing platform to examine the contact list and their consent status.
Understanding Consent Categories

Alice opens the contact list and immediately notices something concerning. The database shows contacts organized by their consent status, revealing five distinct categories. She examines each consent category to understand what types of emails can legally be sent to each group.
Viewing Consent History

Alice now understands the full picture - of the 15,000 contacts Sarah wants to email, only 3,200 have valid marketing consent. The rest either consented only to service updates, withdrew consent, came from purchased lists, or are soft opt-in customers. Before proceeding, Alice needs to verify the consent records are properly documented. Under GDPR, organizations must keep records of when and how consent was obtained.
Understanding Consent Records

The consent history shows detailed records for each contact. This audit trail is critical for demonstrating GDPR compliance. Alice examines the records to understand what information is tracked and how consent changes are documented.
Creating Compliant Segmentation

Alice uses the campaign builder to create a segment that only includes contacts with explicit marketing consent. The campaign builder shows filter options for each consent category. Alice needs to select the 'Marketing Consent Only' filter to ensure only contacts with valid consent are included.
Explaining to Management

Alice needs to explain to Sarah why she can only send to 3,200 contacts instead of 15,000. She opens Sarah's original email to compose a reply explaining the GDPR requirements and the risks of non-compliance.
Key Takeaways

Alice successfully identified the compliance risks and communicated them to her manager. By taking the time to review consent records and segment the contact list properly, she protected the company from potential GDPR violations. Key principles learned: Consent must be freely given, specific, informed, and unambiguous Pre-ticked boxes and silent acceptance are NOT valid consent Consent for service updates does NOT equal consent for marketing Withdrawn consent must be honored immediately Purchased contact lists rarely meet GDPR consent standards Organizations must keep records proving when and how consent was obtained The 'soft opt-in' exception only applies to similar products for existing customers

Knowledge Check Questions

This training includes a 6-question quiz to test your understanding of Security Awareness threats and defenses.

Under GDPR, what are the requirements for valid marketing consent? (Select all that apply)
A contact originally opted in to receive marketing emails but later clicked 'unsubscribe.' What should you do?
Your company purchased a list of 10,000 'GDPR-compliant' contacts from a data broker. Can you send them promotional emails?
A customer signed up for 'product updates and service notifications' on your website. Can you send them promotional emails about a sale?
What is the 'soft opt-in' exception under the ePrivacy Directive?