Is Your Email Marketing Legal and Compliant? Here’s How to Find Out!

Adriana is an expert marketer and copywriter with 15+ years in the field, most of which were spent marketing tech companies. She is the Owner and Founder of Idunn. In October 2019, she also launched Copywritech, a digital marketing agency that provides copywriting, SEO content writing, and strategy services to companies in the tech industry. 11 minute read

Email is great. We love it! I’m sure you do too!

Legal Compliance

Just like any other marketing tactic, email gets its ROI if properly executed. Yes, we have countless statistics that say email marketing can bring 1000%+ ROI, but this doesn’t mean that return magically happens.

I’m sure you know this. It’s true for everything you do.

However, before you think about catchy subject lines and witty email copy, you have one hurdle that’s not present in all other marketing tactics: compliance.

If your email marketing is not legal or compliant, the ROI might still be there but you’ll spend it faster than you can say “sent” on fines. Data collection (like the kind you do to grow your list) is heavily regulated and it’s expected that more laws and regulations will be introduced in most countries. Let’s see what they are.

syncapps signup
Psst, did you know that the SyncApps platform is 100% data-privacy-compliant? All your data collection and management done via SyncApps adheres to all the laws listed below and more. Try it for free if you want to make sure your email marketing is legal!

Laws that Affect Your Email Marketing

The laws below do not affect the entire world. However, it’s important to note that, even if they are applicable to a single country or region, they may affect how you collect data.

For example, GDPR (more details on it below) is applicable to the EU countries only. But if your website is accessible within the EU, you need to abide by it, irrespective of where your business is incorporated. If someone from the EU who subscribes to your email list detects something that is not GDPR-compliant and files a complaint, you will be liable for a fine.

Our recommendation: read through this list of laws and make sure to stay up to date with them. If you feel like some of them are too strict, make your website inaccessible for users from those countries.

1. The EU General Data Protection Regulation (GDPR)

GDPR is the most extensive and strict data privacy in the world. It was introduced by the European Union in 2018 and it is applicable to any business that collects personal information from EU residents.

To get a better idea of how strict GDPR is, you need to know that most large companies in the EU (or outside of it, but who collect data from EU residents) have a GDPR department. The only task of that department is to ensure that their data collection and data management practices are GDPR-compliant.

The fines are directly proportional to a business’s turnover. Some of the biggest fines ever paid are:

  • Amazon: 746 million euros ($847 million) — the appeal is still underway.
  • WhatsApp: 225 million euros ($255 million)
  • Google: 50 million euros ($56.6 million). Google was the first giant to get a GDPR-related fine, back in January 2019, only months after the law was introduced.

OK, now that we’ve established that GDPR is no joke, let’s see what it has to say about email marketing specifically:

  • All your users have to provide valid consent for receiving marketing messages.
  • The consent can never be implied or assumed. It has to be given through a clear, affirmative action. In other words, never pre-check the consent checkboxes in your web forms.
  • You have to keep a clear record of each verified consent you received from each user.
  • You can only contact or email consumers in regard to services or products they expressed their consent to be emailed about. This means that, if someone subscribes to your newsletter, you can’t add them to a partner company’s list as well. Of course, you can never, under any circumstances, sell their personal data.
  • The option to revoke consent must be just as easy and accessible as the one for giving consent.

2. Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM)

CAN-SPAM is the oldest of these laws and regulations. It was introduced back in 2003 as a means to limit the flow of spam and unsolicited pornography in users’ inboxes.

CAN-SPAM applies to US businesses, but, just like GDPR, also to non-US businesses that send emails to US residents.

The requirements are a bit laxer than those of GDPR and ultimately boil down to common sense:

  • Be truthful and honest in your email communication. Never use deceptive email addresses, domains, or names. In other words, don’t pretend to be an African prince if you’re not.
  • You can send emails to users who haven’t given explicit consent, but you must mark those emails as ads.
  • Sending adult content or any other type of explicit graphics? Specify that your email has adult content in the subject line.
  • All the emails you send must include a physical street address.
  • Offer your consumers a clear way to unsubscribe from your list. If someone unsubscribes, you must fulfill their request within 10 days.

3. Canada Anti-Spam Legislation (CASL)

As the name suggests, CASL is a Canadian set of laws and regulations designed to protect data privacy. Just like GDPR and CAN-SPAM, it doesn’t only apply to Canadian businesses, but also to foreign ones that collect personal data from Canadian residents.

Here’s what you need to do for your email marketing to be CASL-compliant:

  • Get express or implied consent from every user before sending them a promotional email (this is the laxest provision we’ve seen so far — implied consent comes with very few strings attached).
  • Your consent forms need to be easy to understand and always include your business identification and contact information.
  • All your consent forms must specify that consumers can revoke their consent whenever they want to.
  • You have to keep all the consent records you’ve gathered from Canadian residents.
  • All your emails must include your company’s name and contact information.
  • Every email you send has to have an unsubscribe option/link.

These are the three major data privacy regulation sets that you need to consider in your email marketing.

Now let’s see how you can do that without burdening your campaigns with too much legalese and making them about as fun to read as a Privacy Policy page.

5 Ways to Make Sure that Your Email Marketing Is Legal and Compliant

The first one should be quite obvious, but I know that it’s often easy to get lost in the fine print and forget about the big, obvious picture. So here it is again:

1. Always Get Consent for Sending Emails

All email marketing platforms worth their salt make this pretty clear: you can’t send emails unless you’ve got consent from each email address owner. However, you also have the option to upload a pre-existing email list to an email marketing platform.

You need that option because you may have changed your email marketing provider or because you may have gathered those emails in another platform, like a CRM.

syncapps signup
By the way, in case that sounds like you and you’ve got a lot of email addresses in your CRM, did you know you don’t have to export them by hand? That’s SO 2012! Worse yet, it can expose you to legal fines. Through SyncApps, you can automatically migrate your contacts between CRMs and email automation platforms. It’s 100% compliant and zero-hassle.

Try it for free with popular combinations like Mailchimp for Salesforce, Constant Contact for Salesforce, Mailchimp for Dynamics 365, and dozens of others.

The trouble with this option is that a lot of people abuse it. You can still find lists to buy online. That’s the best way to put your business on the radar for a hefty fine. So, say it with me: under no circumstances will I buy an email list. It’s illegal and useless anyway because everybody hates spam and unsolicited emails.

Excellent! Now that we’ve got this mantra covered, let’s move on to how you can get consent the right way.

2. Add an Unchecked Subscription Box to Your Forms

A common practice to get more subscribers is to add an already checked box to a form for something completely different. For instance:

  • If a customer places an order in your online shop, you add two boxes: one that they have to check to agree with terms and conditions and another to subscribe to the newsletter. Leave both of these unchecked!
  • A user sends you a message through your contact form and you automatically add them to your newsletter list. Never do that! Add an unchecked box next to the contact form if you want to get more subscribers this way.
  • A user subscribes to one of your lists but you take this opportunity to subscribe them to every list you’ve got. Again, a big legal problem. If you want to add them to another list, send them an email and ask if they want it too.
  • A user fills in a form to attend your webinar. This does not imply consent to add them to your mailing list!

Here’s how SEMrush does it right:

register for a webinar

See how both these boxes are unticked? This is the way to go for email marketing compliance!

3. Use an Opt-In Form and/or a Lead Magnet

An efficient way to gain more email subscribers that’s also compliant is a pop-up (or another type of form) window. This form should be specifically created for your mailing list and it should not misrepresent the reason for consent in any way.

Want to sweeten the pot and STILL be compliant? Add one of these things after “Subscribe to our newsletter and…”:

  • Get a 15% discount on your first order
  • Get a free eBook
  • Join our VIP buyers who enjoy access to exclusive materials

A cool example from Tommy Hilfiger:

email popup best practices
Image via OptinMonster

You can create a pop-up that triggers in key moments or depends on some criteria. For instance:

  • When the user is ready to leave your website (the last Hail Mary to keep in touch with them. In this case, be sure to add an incentive for the newsletter subscription).
  • When a user has spent a certain amount of time on your website. This signals that they are interested in what you do/sell and they may want to come back. But they won’t be looking for the subscription box on their own, so make it easy to find.
  • If a user clicks a specific link, you can trigger a personalized pop-up. For example, if they show interest in your phone accessory collection, your pop-up’s CTA could read: “Get a 10% discount on all the phone cases in our new collection”.

4. Want to Be Extra-Safe? Add a Double Opt-In

Believe it or not, some people accidentally subscribe to your newsletter, even if you leave the box unticked. If you don’t want to irate your users, the best way to avoid accidental subscriptions is to ask them to confirm via email.

Here’s an example of what this would look like:

subscription confirmation email
Image via SendPulse

Sounds like too much of a hassle for you and your subscribers? Perhaps, but aside from making your email marketing compliant, it comes with an additional benefit: you’ll know that every one of your subscribers really wants to be on your list.

This means fewer skewed metrics and more relevant reports.

5. Make the Option to Unsubscribe Visibile and Add it to All Your Emails

All the big email marketing platforms add this automatically. In case you’re using a lesser-known platform, make sure to double-check this.

Remember that this option is required in all the laws mentioned above, so it’s definitely a must-have. If you’re worried about how it would look, don’t be. It’s usually pretty inconspicuous:

opt outs and unsusbcribed contacts
Image via Constant Contact

Our friends at Constant Contact also have a few handy templates to help you learn more about why your users want to unsubscribe. This will help you tailor your campaigns better. A window like the one below can be set to appear when a user clicks on “unsubscribe”:


Conclusion: Email Marketing Compliance Is Within Reach

The laws sound threatening, and the fines even more so. But remember that this is their job — to deter you from doing the wrong thing.

If you can get past the legalese, you’ll see that email marketing compliance is, in essence, common sense. If in doubt, ask yourself: would you like your data to be treated the way you treat that of your users’?

Want to know more about how SyncApps uses and stores your data or how we can help you ensure that your email marketing is compliant with GDPR, CAN-SPAM, CASL, and others? Our support department is here for you 24/7 — reach out!