If you engage in email marketing, you need to be aware of legal requirements that dictate how you can send them, how you handle unsubscribe requests and how you disclose your collection of personal information.
In the UK, the Data Protection Act 1998 requires that a set of data collection principles must be followed when you collect the personal information of users.
The GDPR from the EU has global implications when personal information is collected from EU residents.
Remember to always update your agreements to reflect any additional types of information that you begin to collect.
Once you know what kind of information your users want to be sent, there are a number of anti-spam laws around the world that you need to comply with. These laws aim to stop unsolicited email marketing being sent to unsuspecting consumers.
To determine whether a particular country's law applies to you depends on whether you are based in that country, your ESP is based in that country, or your recipients are. If any of those criteria are met, you will need to comply with the laws in that country.
In the United States the main law is CAN-SPAM.
CAN-SPAM requires that you:
Under the CASL, marketing emails must only be sent with consent, you must identify yourself, and include an unsubscribe mechanism.
Implied consent expires after 36 months if your contact was obtained on or before 1 July 2014, and after 24 months if your contact was obtained after 1 July 2014.
An exception is made where implied permission is given by users by way of certain types of involvement with your company, such as:
This 2018 legislation out of the EU applies if you send commercial marketing communications to residents of the EU.
To comply with the GDPR you'll need to: