CASL
When it passed in 2014, CASL – – took the fight against spam much further than CAN-SPAM.
Some people initially assume that, if it’s a Canadian law, it doesn’t matter to the rest of the world. However, it does because the law can apply to any company sending emails to someone living in Canada, not just Canadian companies.
CASL quickly set a new standard and advanced far beyond CAN-SPAM. That law set requirements that gave consumers a trustworthy way to opt out of an email list. But CASL set requirements regarding the opt-in process.
With CASL, you must acquire consent from the subscriber before adding them to your email list. You cannot presume it with a pre-checked box. And, CASL applies to other types of communications from companies, such as text messaging, social media, and instant messaging.
CASL’s biggest achievement was to solidify the consumer’s ability to choose to be added to an email list.
Learn more about and see examples of how to get express consent.
GDPR
The (GDPR), which was passed in 2018, is a European law that applies to every member nation of the EU. Like CASL, the GDPR affects companies from around the world if they have email subscribers who live in EU nations.
GDPR took data privacy far beyond CASL and CAN-SPAM. It has become the standard to which other data privacy laws are compared.
These are the seven key principles of GDPR:
- Lawfulness, fairness, and transparency: Have a legitimate reason for collecting personal data and be clear and honest about how it’s used.
- Purpose limitation: Set boundaries around how and why you’ll use personal data.
- Data minimization: Only collect the Yemen Business Email List personal data you actually need.
- Accuracy: Make sure the data is clean and up-to-date.
- Storage limitation: Justify the length of time you store personal data.
- Integrity and confidentiality: Secure the data and protect it from internal or external threats.
- Accountability: Keep records that prove you are following GDPR guidelines instead of just saying you are in compliance.
GDPR also addresses the larger question of what comprises
“personal data.” Is it just information like name, email, phone number, and numerical identification? Or is it also photos, health records, social posts, and purchase history?
With regard to email privacy and spam, GDPR elaborated on the concept of consent. This law prohibits even asking for consent for an email address unless it’s necessary for the service being provided. In other words, you may need their email address to send transactional emails like receipts and shipping notices, but you cannot just add that address to your marketing email list without their permission.
Companies must also make it clear what a user is consenting to when they sign up, and they must name any third parties – specifically – who will be given access to the user’s data. This is usually done in the privacy policy on your website.
Recordkeeping is important for GDPR compliance. You must keep documentation of consent history for each subscriber, and have a way to provide all the PII upon request. That’s because consumers can make Data Subject Access Requests (DSARs), which require companies to produce all of the data collected on an individual and provide it to the subject.
See eight tasks to make sure you’re in
UK GDPR
Hold on there – what about Brexit? When GDPR passed, the UK was part of the EU, but they have since separated. When that happened, GDPR no longer applied to the UK.
But, the UK government liked how that law was protecting UAE Cell Number their people’s personal data, so they quickly passed their own version of the same law.
The basically kept all the same rules and requirements of the EU version.
Again, this is an indication of where the world is headed with regard to spam and data privacy laws.
