GDPR Scenario · Pressure Signal: Momentum

Close Enough to Consent?

Q: Does adding an unsubscribe link make the send compliant?

No. An unsubscribe option is required, but it does not supply a lawful basis you did not have. If there was no valid basis to email someone, an opt-out afterward does not fix it.

Q: What if the consent predates GDPR?

Older consent may not meet current standards and often cannot simply be relied on. When in doubt, treat it as invalid for new campaigns and seek fresh, specific consent.

The campaign launches Monday. The bigger contact list is right there. But those people signed up for something else entirely. “They gave us their email,” your manager says. “That’s basically consent. Use it.”

Quick Answer

Can you email people who gave you their address for something else?

Generally, not on the basis of that earlier sign-up. Under the GDPR, consent must be specific to the purpose. Someone who registered for a webinar or another product hasn’t consented to a new marketing campaign, and consent collected before the rules changed may not carry over. The fix is to send this kind of message only to people with a valid, specific basis — even if that list is smaller and the launch slips. A smaller complaint sends beats a bigger unlawful one.

The Pressure Signal: Momentum

The campaign is already moving. The date is set, the creative is done, and the list is loaded. Stopping now feels like failing — like being the person who broke the momentum over a technicality. When everything is in motion, the easiest decision is to keep it moving, and “basically consent” is the story that lets you.

The Situation

Pia is building a product launch email campaign for Velsenhoff Medical, going out on Monday. The clean, properly opted-in list is modest. But there’s a much bigger list available — people who downloaded a different product’s guide, attended an unrelated webinar, or signed up years ago under older terms.

Her manager wants the big list used: “Bigger reach, better numbers. They gave us their email — they know who we are. That’s basically consent. We launch Monday.” Everyone’s keyed up for the launch. The list is loaded and ready. Pia’s hand is on the send button.

Three Ways People Respond

1. Send to the big list.

Bigger reach, launches Monday; they gave us their email. Why it fails: consent has to be specific to the purpose. Signing up for a webinar or another product doesn’t constitute consent to this campaign, and old or repurposed consent often doesn’t carry over. The sending itself is the unlawful act.

2. Send it, but add an unsubscribe link.

Let people opt out if they don’t want it. Why it fails: an exit door doesn’t cure a missing basis for walking in. If there was no valid basis to email them, offering an unsubscribe after the fact doesn’t make the send lawful.

3. Send only to the valid segment, and flag the gap.

Use only the contacts with specific, valid consent for this kind of message, and raise the consent gap with whoever owns marketing compliance. Why it works: see below.

The Right Call

Match the basis to the use. Send to the people who validly consented to this kind of communication — or where another lawful basis genuinely applies — and leave the rest out. Then flag the consent gap so it gets fixed properly: a re-permission campaign, cleaner sign-up flows, better list hygiene. A smaller, lawful send protects the brand and the recipients; a bigger, unlawful one risks both.

And Pia can frame the pushback in the manager’s language: “The reach isn’t worth the exposure — let’s hit the clean list now and build a proper opt-in for the rest so next time the big list is usable.” That turns a blocker into a plan.

Why It’s Harder Than It Looks

“They gave us their email” feels true — they did, after all. The launch date is real. The big list is right there, loaded and ready. And pushing back makes you the person slowing down a campaign everyone’s excited about. Momentum doesn’t feel like pressure; it feels like progress. That’s why the unlawful sending so often happens not in defiance of the rules, but in the rush of a Monday deadline nobody wanted to miss.

“I’d never spam people illegally.”

Nobody calls it that. It’s always “they basically opted in,” “they know us,” “it’s just one email.” The unlawful campaign doesn’t announce itself — it arrives dressed as a reasonable use of a list you already have, under a deadline you can’t move.

How to Run This With Your Team

Take 10–15 minutes. Read the situation, then ask: “The launch is Monday and your manager wants the big list — what do you do?” Let the group feel the momentum before you slow it down. Draw out the rationalizations (“they gave us their email”) and test each against the simple rule: does the consent match this use?

Close on the habit: match the basis to the use, send to the valid segment, and turn the gap into a re-permission plan. Available as a manager-led Decision Brief™.

Go deeper with GDPR compliance training, browse the full GDPR scenario library, or see the US-side companion in the Data Privacy & CCPA scenarios. (GDPR governs EU personal data; CCPA/CPRA governs California residents’ data — different frameworks, different rules.)

Frequently Asked Questions

Is having someone’s email address the same as consent to market to them?

No. Under GDPR, consent must be specific to the purpose. Holding an address gathered for one purpose isn’t consent to use it for a different marketing campaign.

Does adding an unsubscribe link make the send compliant?

No. An unsubscribe option is required, but it doesn’t supply a lawful basis you didn’t have. If there was no valid basis to email someone, an opt-out afterward doesn’t fix it.

What if the consent predates GDPR?

Older consent may not meet current standards and often can’t simply be relied on. When in doubt, treat it as invalid for new campaigns and seek fresh, specific consent.

Build people who match the basis for the use

Run this scenario with your team as a 15-minute Decision Brief™, or explore the full Xcelus approach.

Explore Decision Briefs →
Contact Xcelus