GDPR and CAN-SPAM – A Comparison for US Emailers
Published in Adotas on 6/14/18
If you’re an email marketer in the United States, you’re already familiar with CAN-SPAM – at least I hope you are! Since its inception in 2003, the CAN-SPAM Act has provided a framework enabling companies to email their clients and prospects while remaining compliant with regulatory rules. The law is fairly straightforward and after almost 15 years, marketers have shown it is entirely feasible to build a highly productive email marketing program, while being compliant.
In May, 2018, the General Data Protection Regulation (GDPR) came into being and provided a whole new set of rules with regard to the collection and usage of consumer data – creating major impacts for companies marketing into the European Union (EU). Many digital marketing channels have been dramatically impacted by the new regulation, as noted in plenty of articles, white papers, and other published content. While the impacts on programmatic advertising, location-based marketing, and numerous other areas have been covered extensively, I haven’t seen that much discussion about email marketing.
For email marketers already running successful programs under the auspices of CAN-SPAM, how is GDPR different from what they are already doing? (*Note – I’m going to keep the comparison at a high level. For more specifics on the similarities and differences between CAN-SPAM and GDPR, you should look at each piece of legislation and compare the details.)
Consent
This is one of the major differences between CAN-SPAM and GDPR. CAN-SPAM allows the sending of unsolicited email to recipients, as long as an appropriate opt-out mechanism is included in the message and unsubscribe requests are honored in future campaigns. GDPR builds on the already existing requirement in the EU that email recipients must have provided consent (or opted-in) prior to receiving email. A similar opt-out process is also required.
Read the entire article at Adotas.