February 27, 2020// Category: Digital Marketing
Email marketing is one of the most effective tools that you have. It can help you speak to your customers directly in a place where they want to hear from you, and it takes relatively little time or up-front investment.
But with the advent of the GDPR and CCPA (and what’s sure to be more laws to come), playing by the rules has become more complicated than ever – and, if you get it wrong, your business can severely pay the price.
Here are all the most important anti-SPAM laws that you need to know about as an email marketer.
In 2003, President George W. Bush signed the CAN-SPAM Act bill into law to stop the onslaught of spam that was clogging up everyone’s inboxes.
The law, which basically lays out email rules that every company needs to follow, was updated in 2008, and it’s applicable to anyone who is “promoting or advertising a commercial product or service through electronic communication.”
Pretty much every country has its own version: Canada, in particular, has the CASL Laws and the UK has the Privacy and Electronic Communications Regulations of 2003.
The CAN-SPAM Act requires that you:
1. Make sure that you have permission to email the people on your list
Depending on the laws, this can be, “implied permission” or “express permission.” To play it safe, opt for express permission, which is when someone explicitly gives you permission to send an email (by entering their email address in a subscription form, for example).
2. Tell readers where your email is coming from
The “From,” “To” and “Reply to” fields need to tell the recipient where the email is from – aka they should have your name or the name of your business (no catfishing).
3. Write an honest subject line
Advertising a new product or a promotion? You have to say it – no lying or offering fake things in your subject line (like “Get A Year’s Worth Of Product Free” when you’re really just offering 10% off) to get more clicks.
Sephora does a great job of this in their email campaigns:
4. Give a physical address
Your emails have to have a physical address somewhere. This can be your current street address, a postbox address, or an address with a registered commercial mail-receiving company.
Most businesses put them in the footer – but if it’s not somewhere you could be fined.
5. Every email needs an easy opt-out option
Don’t make the “unsubscribe” button hard to find, and make sure it’s included in every single email.
6. Honor opt-out requests quickly
Have you ever opted out and continued to receive emails for months to come? Then you’re dealing with a company that broke the law. Once someone hits that “unsubscribe” button, you legally have 10 days to get them off our list.
7. Monitor what others do for you
If you have another company manage your email lists, you’re responsible if they break any laws. Make sure that you stay on top of them and know what’s going on at all times.
While the GDPR and the CCPA don’t relate exclusively to email laws, they’re both really important to understand have top of mind.
The EU’s General Data Protection Regulation (GDPR) was enacted in 2016 to help control data transmissions and privacy guidelines in Europe. It’s seen as the most important change in data privacy regulation in the last 20 years, and its overarching goal is to increase user control and protect user privacy across the board.
California followed suit in 2019 with the California Consumer Privacy Act (CCPA), which is essentially the state’s version of the GDPR. It applies, specifically, to businesses that meet at least one of the following criteria:
Since these two pieces of legislation are so similar, it makes sense to suppose that such rules are going to be standard protocol in the near future.
Here’s what you need to know about the GDPR and CCPA:
Overall, the GDPR and CCPA are all about protecting users’ private information. And there’s good reason for this. Think about it: we used to have locks on filing cabinets, vaults in banks – tons of measures to help keep personal information safe, secure, and out of the wrong hands.
Now, all that information is out the vaults and online, and users can’t really see what measures companies are taking to make sure that it’s safe.
This can include really valuable information like Social Security numbers, health and medical records, financial data, and even basic (but still sensitive) information like full names, addresses, and birthdates.
The GDPR and CCPA helps give people some say in what personal information companies keep, and they protect against that information getting mishandled or ending up in the wrong hands.
As far as companies are concerned, they don’t stimulate that you can’t collect private information, but they do clarify that you must do so in adherence to their law. This means you must explicitly inform website visitors:
When it comes to email marketing, in particular, the most important thing to remember here is permission. You must ask permission from your subscribers for opt-in offers and other similar strategies – and you may even have to do it twice.
That means avoiding round-about strategies that used to be common email practices. For example, you can’t get people on your mailing lists by automatically checking opt-in boxes even for one-time offers
Similarly, you can’t ignore opt-out requests and continue sending unwanted spam to customers. If you do, you can be held liable under CAN-SPAM for $250 every time that you send another e-mail to a person who already made an “opt-out” request.
Avoid these tricks and make sure that you ask explicitly for permission if you want to avoid GDPR and CCPA consequences, which include:
Today, more than ever, people want to feel that companies are handling their data and their privacy with safety and transparency – and the laws are supporting them more than ever.
Use good judgment when crafting content and handling email subscriber information. When you set up your next email campaign, remember that it doesn’t hurt to check the boxes and make sure everything is legit.