Frequently asked questions about POPIA and email marketing

Jun 15, 2021 | Best practice, Data privacy, Email marketing

Here are our clients’ most frequently asked email marketing questions (and answers), specifically in relation to the South African POPI Act.

Melaina Gross

This article was updated on 19 July 2021.

Are you wondering if your organisation is compliant?

Here are our clients’ most frequently asked email marketing questions (and answers), specifically in relation to the South African POPI Act. If you have any of your own questions that aren’t covered below, please share them in the comments and we’ll do our best to get back to you with an answer.


1. Do I need to ask my current list of contacts (who I’ve been mailing already) to opt in?

No, you don’t need to do that. The good news is that you can continue sending them marketing emails. Just make sure you have an unsubscribe link in your emails.

If you have not sent them a marketing email with an unsubscribe link in it before, then you need to get their permission.


2. Do I need to ask new clients and contacts to opt in before I can send them marketing emails?

You can send marketing emails provided the content is similar to the product or service the person has bought from you, or enquired about.

Communicate this to your sales teams. If they’ve been in the habit of adding people to a mailing list during prospecting, they’ll need to approach this in a different way. Specifically ask if their prospect would like to receive the company newsletter and refrain from adding them to the mailing list if they don’t want to receive your news.

And remember the unsubscribe link needs to be included in all marketing emails.

If you want to reach out with a cold email to someone not on your mailing list you may email them once and if they haven’t consented after the first email, then you may not request consent again, nor send them any marketing emails.


3. What is a “marketing email”?

This is an email that’s directed at a person and that promotes or offers to supply any goods or services, or that requests donations from that person. Examples of marketing emails include newsletters, email promotions, coupons and special offers.


4. What emails don’t people need to subscribe / opt in to?

You can send transactional emails without needing people to opt in. This includes invoices and communication in the processing of contracts, legal, and medical matters. If you’re running an ecommerce store, then the emails directly related to the customer’s order don’t require an opt-in. These include order confirmation emails, invoices, and shipping notices. 

5. What is the best way to get their consent? 

The consent needs to be EXPLICIT, meaning it must be very clearly communicated that the person is giving permission to receive your marketing emails. 

Do NOT precheck the subscription checkboxes on your website forms. Users must specifically check that box themselves to give their consent to join you mailing list.

You need to be able to disclose where you got your subscribers’ details from. Most email systems and CRM systems will record the source of the lead (for example, “Facebook lead gen form”, or “mailing list subscription form on website”). Make sure that you’re using the available functionality that helps you do this.


6. Is there anything I need to do on my website?

Update your forms to include a checkbox that users must check in order to join your mailing list.

Add a cookie notice and a privacy policy to your website which includes the name and contact details of your information security officer.


7. Do I need to use a double opt-in?

A double opt-in is when a user who has given permission to join your mailing list receives an email asking them to take some action (usually to click on a confirmation link) to confirm they really want to join your list.

This isn’t necessary under POPIA, but there are benefits to doing it. Subscribers that take this extra step are more likely to really want to hear from you in future, meaning that your list’s general open and click rates will be higher.


8. What is the best way to handle opt-outs / unsubscribes

Make it easy for the subscriber to opt out by making the unsubscribe link clear, and by ensuring that the process is as straightforward as possible.

Your mailing system keeps track of unsubscribed email addresses. Remember to transfer these if you ever change mailing systems so you don’t inadvertently send a marketing email to the unsubscribed email address again.


9. How can I grow my mailing list in a POPIA compliant way?

Your audience engages with you and your company in many different ways. Make sure you’re using different opportunities to encourage people to subscribe.

  • A subscription form on your website and social media
  • Link to the subscription page in your email signature
  • In your store’s receipt emails

Read about generating B2B leads.


10. How should we store and transfer our mailing lists?

Please don’t send your mailing list in an Excel spreadsheet – it’s a terrifyingly unsecure way of sharing information. At the very least, password protect the Excel document with a strong password and don’t provide the password in the same email as the spreadsheet attachment.  Even WeTransfer is better.

We encourage our clients to use a secure ftp when sharing mailing lists.

On that note, don’t gather more information than you need. For example, don’t ask for the subscriber’s ID number if you don’t actually need it.


11. The client bought something from us previously; can we mail them about another service we offer?

You can do this as long as the product or service is very similar to the one they bought from you previously. If not, you’ll need to get their consent.


12. We want to use the mailing list of a sister company in our group of companies. Is that okay?

You’ll need the person’s consent to market to them. You may even need their consent before the information is shared between entities in the group.

Consider the subscriber when you do this, though. If the related service is offered by a sister company, the recipient might be confused to suddenly receive an email from a company they didn’t sign up to. Try to communicate the connection clearly – use both company names in the subject line and / or sender name so this is immediately visible in the inbox. You can also mention it again in the body of the email.


13. We’re thinking of using a “refer a friend” campaign to help grow our mailing list quickly. Is this permitted under the Act?

Previously these sorts of campaigns would use an online form where you could add the names and email addresses of friends. For each name submitted, you’d receive an additional entry into the competition. These are also jokingly known as “betray a friend” campaigns. In this case, the name implies the exact issue.

POPIA is about safeguarding people’s personal information so, as you can imagine, submitting the name and email address of another person without their consent is not in line.

There are other clever ways of running this type of campaign that do comply, though! You’re welcome to drop us a line if you’d like to discuss this.


Disclaimer – We are not giving legal advice. If you are unsure of anything, you should consult with your lawyer.


  1. Patrick Armstrong

    If I have been given a list of prospects’ details as a result of subscribing to a so-called “APPROVED POPIA COMPLIANT BUSINESS DIRECTORY”.
    1). Am I permitted to send a marketing email to these prospects?

    • Melaina Gross

      Hi Patrick, thank you for getting in touch. The answer to your question is that, sadly, there isn’t likely to be such a thing as an “Approved POPIA Compliant Business Directory”. I would be interested to hear how the people that gave you the list qualified it as “POPIA compliant”.

      Sending an email campaign to people that aren’t engaged with your brand isn’t going to give you good results.

      You’re welcome to contact us if you would like to discuss how to grow your mailing list in a POPIA compliant way.


Submit a Comment

Your email address will not be published. Required fields are marked *

Recommended reading