Make sure you’re following GDPR and CAN-SPAM Act rules when crafting your customer emails to avoid fines.
Email campaigns are one of the best ways to keep customers. They allow you to connect with your customer or client base, tailor and target your marketing, and promote your business in a cost effective way. But did you know you could be breaking the law by doing so?
If you’re not following the rules (GDPR and the CAN-SPAM Act), your emails to customers could land you in a whole lot of trouble. Keep reading to find out why—and learn how to stay compliant so you don’t wind up with whopping fines.
As a business owner, I know you have a lot on your plate. From everyday communications with clients or customers and staff to day-to-day tasks, sometimes you don’t have enough time to even drink your coffee before it gets cold. So when the time comes to craft emails to your customers or clients, whether you do them yourself or have an employee or freelancer do it for you, make sure they’re GDPR and CAN-SPAM Act compliant so that you’re not left even busier dealing with violations and fines.
What do GDPR and CAN-SPAM Act compliant mean? What is the GDPR? What is the CAN-SPAM Act?
If you’ve never heard of these before, they might sound overwhelming at first. But don’t worry, there are just a few key things you need to remember when composing your customer emails. But first, let’s cover the basics.
What Is the GDPR?
The GDPR (General Data Protection Regulation) is a privacy regulation that was brought into force on May 25, 2018. It is a law that was introduced in the European Union, but its application extends outside of the EU. If your business is based in the US, you are still required to abide by the GDPR if you serve or track the data of EU residents.
The GDPR was created to protect people’s personal data and privacy. It was long suspected that the personal information collected by companies was being exploited, and people’s trust in businesses that collected their private data in the course of transactions was extremely low.
There are 3 main parts of the GDPR that will affect the way you run your business (even if your business is a one-person show):
- data permission;
- data access; and
- data focus.
Data permission is all about how you deal with email opt-ins. As you probably already know, email opt-ins are when people volunteer to get marketing/promotional emails from you. Since the coming into force of the GDPR, customers must freely express consent to receive any kinds of materials like this from you. Such consent must be given in a “specific, informed, and unambiguous way” and be reinforced by “clear affirmative action” (GDPR, Article 7).
That means that customers need to affirm that they want to be contacted. For example, if you have a web form on your website where a customer can fill in their personal information for a free trial of a service you offer, you can’t just assume that people want to receive emails from you because they filled out your form for a free trial. You are now, and since 2018, legally required to put a tick box on that web form that says something to the effect of, “By signing up for a free trial of [your service], you agree to receive emails from [your business name].
This Regulation also means that if your customer uses a “refer a friend” web form, you are not legally allowed to add that friend to your email marketing list or contact them in any way. You must gain consent from that person to send them any kind of promotional material.
The data access portion of the Regulation gives people the right to contact businesses and have inaccurate or old personal information removed or corrected. It also states that if you send emails, you’re legally required to include an unsubscribe link.
The data focus part of the GDPR simply states that you avoid collecting information from your customers that isn’t absolutely necessary. For example, if it’s not necessary for them to enter what their favorite food is in an email opt-in, don’t ask for that information.
What is the CAN-SPAM Act?
The CAN-SPAM Act is a piece of U.S. legislation that sets out rules for commercial email communications. It covers requirements for commercial email messages, gives people the right to opt out of any commercial email communication they receive, and states what kinds of penalties businesses may face if they violate the rules.
The Act applies to all emails, no matter if they’re in the form of a bulk email list or a single, individual email to one person. This also includes business-to-business (B2B) email, not just business-to-customer.
The Act aligns well with the GDPR, and even overlaps a little. Here are the main parts of the Act you should know when sending email messages:
- Don’t lie about who you are. Your From, To, Reply-To, and routing info must all be accurate and clearly identify who sent the message.
- Subject lines must not be deceptive. They must reflect the actual content of the email.
- If your email is an ad, it must clearly state so.
- Your email must include a valid physical postal address (it can be your street address, a PO box, or a private mailbox).
- Provide an unsubscribe link in your email and make it clear to recipients how to opt out.
- Deal with opt-out requests immediately.
- Make sure anyone you hire to handle your emails is following this law.
The Act asks you to consider the primary purpose of your email if you’re having trouble figuring out if your message needs to be compliant. For example, sometimes you might send an email to a client who is also an old friend. It could contain both personal, informal information as well as marketing or promotional materials. In that case, think about the main reason you’re sending the email: is it just to catch up, or is it to let them know about your upcoming sale? Once you’ve decided on that, you’ll know how to craft your message.
Consequences for breaking these rules
Breaking these rules can get you in a whole world of trouble. This can be especially brutal if you’re a solopreneur or a very small business—fines for violating the GDPR can end up in the millions (British Airways dealt with fines of 200 million euros for a data breach!), and fines for each email violating the CAN-SPAM Act can go up to $43,792 per email.
What you need to do
So, to make sure you’re sending emails legally while promoting your business, make sure you:
- get freely expressed, specific, and unambiguous consent to send people emails (think tick boxes and multiple buttons on opt-ins and sign ups!);
- are truthful, accurate, and transparent in every email, from the “to” line all the way down to the bottom of the email;
- include a clear unsubscribe link in every email;
- deal with opt-out requests immediately;
- only collect the information you really need; and
- have anyone who sends emails on your behalf on board with following these rules.
By the way, making sure you’re following these rules to keep your customers’ and clients’ data safe is only one way to protect your business and your money. For other ways to protect and grow your business, check out the free masterclass that’s running right now: How to Legally Protect & Grow Your Online Business.
The masterclass will help you avoid 3 big mistakes that could be putting your revenue at risk, make sure you’re running your online business safely and legally, build authority and trust, protect your content, and help you understand and choose the best structure for your business.
Don’t miss out! Sign up while it’s still free!
For other ways to protect your money and business, watch the free masterclass: How to Legally Protect & Grow Your Online Business So You Can Keep More of the Money You Make