GDPR + EmpCo 2026: Where the Obligations Overlap

Both GDPR and EmpCo regulate marketing — but different aspects. Anyone wanting to comply with both simultaneously needs to understand the overlaps.

Different protected interests: The GDPR protects the right to informational self-determination of the individual. EmpCo protects the consumer’s right to truthful marketing information.

Overlap 1: Personalised Marketing. If you show a customer a personalised “sustainable product” (based on their interests), both GDPR (lawful data processing) AND EmpCo (substantiation of the sustainability claim) apply in parallel. Both must be fulfilled.

Overlap 2: Newsletters with Environmental Statements. GDPR: Consent with double opt-in. EmpCo: Every environmental claim in the newsletter must be substantiated. Practical advice: Newsletter templates should link marketing texts with concrete substantiations (“Our newsletter highlights our carbon footprint according to the SBTi pathway once per quarter — no blanket advertising statements”).

Overlap 3: Tracking + Conversion Optimisation. If you use an AI tool to optimise marketing texts (Empcora, ChatGPT, Anyword), the data processing must be documented in the register of processing activities. For externally hosted AI (e.g. Anthropic Claude): check the data processing agreement.

Overlap 4: Consumer Complaint Management. If a customer writes with EmpCo concerns (“I doubt that this product is carbon neutral”), both regulations apply: GDPR when responding (data protection), EmpCo when clarifying the matter (substantiation).

Non-overlaps: Pure data protection notices are not an EmpCo issue. Pure environmental advertising without data is not a GDPR issue (e.g. poster advertising).

Practical tip: Both compliance teams should coordinate quarterly. If only 1 person is responsible for both topics (typical in SMEs), they should regularly update their knowledge (training).