GDPR and e-Receipts: Everything Retailers Need to Know

These days the question: ‘Would you like your receipt emailed to you?’ is commonplace on the high street.

Brands such as Topshop, Clarks, Apple, and Argos are emailing thousands of customers each day with electronic receipts. And these e-Receipts seem like a handy customer-focused idea. They reduce the amount of screwed-up pieces of paper in pockets, making sure you can easily find your proof of purchase—all while being a little kinder to the environment.

But, e-Receipts aren’t always a selfless act by retailers. Many marketers are using them as an opportunity to collect their customers’ data so they can send them marketing in the future.

Sounds like a good strategy, right? What many don’t realise is that when the EU General Data Protection Regulation (GDPR) comes into force on 25th May 2018, retailers collecting their customers’ email addresses through e-Receipts could be breaking the law.

In this blog post, we take a look at the impact of the GDPR on retailers using e-Receipts and explain what you need to do to avoid bad press, breaking the law, and receiving a hefty fine.


Under the new GDPR regulations, pre-ticked consent boxes are no longer allowed.

Marketers need to make sure consent is clearly requested and customers are fully informed of how their data will be used. If you’re asking someone for their email address for a receipt and then using it for marketing, this is the verbal equivalent of pre-ticking that consent box.

If you plan on using a customer’s email for anything other than that receipt you must tell them then and there so they can actively opt-in to receiving marketing. The wording of the new GDPR legislation is detailed and clear and the excuse of a ‘soft opt-in’ can no longer be used.

But, what if customers say no to the marketing but still want an e-Receipt?

Well, this means you need to give them two options: one of supplying their email address for the receipt, and another for opting-in to marketing. Providing both these options makes sure e-Receipts really are the customer-friendly tool they were intended to be in the first place.


For many the complexities of the GDPR and customer communications might seem like a nightmare.

It’s tough working out how to explain all this to the customer in a way that isn’t off-putting, or doesn’t put a serious dent in your database. The answer is training the staff who speak to your customers on the shop floor.

Talking to your employees about GDPR shouldn’t stop with the marketing or legal departments.

The people speaking to your customers every day need to understand how it works and what to say. Your store staff need to feel prepared enough to answer tricky questions in a world where data privacy is much more on the mind of the consumer.

Many retailers forget that by not training their store staff in data-capture they’re reducing the amount of data they get. Not only this but they risk a hefty fine when ill-informed staff end-up fudging it.

Asking ‘Would you like your receipt by email?’ is fine—but if you are going to send anything else you must follow this up with ‘and would you like to receive future offers and promotions which you can opt-out of later?

If you can’t guarantee your store staff are going to explain it properly then consider asking customers to actively opt-in to marketing when you send them their e-Receipt. That way you’ll have a digital paper trail that satisfies the requirements of the law to clearly show when and how people actively said ‘yes’ to receiving marketing.

Tough questions

Asking customers to opt-in to marketing is a question of short-term pain for long-term gain.

You may be faced with a few ‘No’s’—or people ignoring your request—but by asking people to opt-in you’ll end up with higher-quality data and a more responsive database.

Remember, you can still use products such as PurePromotions to incentivise people to sign up. You can also use an email preference centre to ask them what content they’d like to receive and tell them you won’t bombard them with thousands of irrelevant emails.

Improving deliverability

Using opted-in data means you’re protecting the deliverability of your email marketing in the future.

When customers receive marketing suddenly without explanation they’re often puzzled about how a company got their details. This often results in a negative response, spam complaints, unsubscribing, or just not opening or clicking on your emails.

Negative behaviour like this by recipients increases your chances of being blocked by email providers like Gmail or Outlook who might mistake you for a spammer. By helping you avoid these pitfalls, the new GDPR legislation will help many brands improve their email deliverability.


Remember that when it comes to the new GDPR legislation, consent must be knowingly and freely given, clear and specific.

Further reading: How to Make Sign-Up Forms GDPR Compliant

It can’t simply be assumed after the customer is asked if they want an electronic receipt. Consent must involve some form of positive action such an an ‘opt-in’ to show the customer clearly agrees that they want to receive more than an a record of their purchase.

If problems arise you must be able to clearly demonstrate what an individual has consented to, how that consent was obtained and when. And as always it is important to make sure customers are able to easily withdraw their consent.

So, if you’re preparing your organisation for GDPR then don’t forget to make sure your e-Receipt data-capture process complies. If you don’t ask the right questions now you could end up wasting time, money and paying a hefty fine.

Be ready for GDPR