The Email Marketer’s Guide to GDPR and CAN-SPAM

The implementation of General Data Protection Regulation (GDPR), an effort to ensure data privacy in the European Union, will take place in just four months.

With that milestone quickly approaching, it seems like a good time to provide a brief GDPR primer and look at two other regulations of critical importance to email marketers.

GDPR: Protecting EU consumer data
GDPR, which imposes strict data protections within the European Union and limits the export of personal data outside of it, goes into effect on May 25. This is important news for email marketers who do business in the EU, even if they are not based in a member country. 

The new regulation “applies to any organization that processes EU consumer data, no matter where the company resides or where the servers that collect, store, and process the data are located,” writes Sven Dummer at MarketingProfs. It “will completely upend what is considered acceptable usage and management of consumer data.”

Dummer reports that companies that do not comply with GDPR will risk fines of up to 4% of their annual revenue or up to $23 million.

“A change of this magnitude requires a dedicated and serious response from any organization that either does business within the EU itself or has a customer base or employees that include European residents,” Dummer writes.

For more about GDPR, check out this post on our blog by Forster Perelsztejn and the deep dive we did into it in September.

Additional resources:

GDPR Portal – The “official” GDPR website

GDPR: Report – How marketers can take action on GDPR today

Direct Marketing Association – What U.S. marketers must know and must do about GDPR

CAN-SPAM: Keeping inboxes free of unwanted messages

Consumer’s don’t like SPAM. Email marketers don’t want to be labeled as “spammers.” Viewed in the light of those statements, compliance with CAN-SPAM is a win for both parties.

“Enacted in 2003, the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act codified requirements for email marketing aimed at protecting American consumers from spam,” writes Jess Nelson at Email Marketing Daily. “For example, the regulation requires email senders to include a physical address with their email, accurate header and subject line details, and a way for subscribers to opt out of future commercial email messages.”

Last year, the Federal Trade Commission, which is responsible for CAN-SPAM oversight, announced it is reviewing the legislation, and solicited feedback from interested parties. One aspect that may be revised is a provision exempting transactional messages from compliance, a change some lawmakers may deem necessary because the difference between commercial and transactional messages has blurred in recent years. In the meantime, the law stands as written. 

And if you do business in Canada, be aware of that country’s strict anti-SPAM law, which you can learn more about here.

Additional resources:   

The Federal Trade Commission

A compliance guide for business

Candid answers to CAN-SPAM questions

Copyblogger – CAN-SPAM 101: A crash course in bulk email regulations