CCPA, GDPR, and Email Data Privacy Best Practices

Written By Kayla Shawley

Think about your email marketing process for a minute — the forms you have on your website, the way you build your emails...got a clear picture?

Good. It's time for a pop quiz. 

Do you:

A. Send your email marketing blasts to everyone whose contact information you've ever received? 

B. Require email subscribers to re-confirm they want to be on your list? 

C. Buy email lists from third parties?

D. Have a way for people to unsubscribe from your emails? 

E. Just B and D.

F. I don't want to say because I feel judged. 

While we hope you answered B, D, or E, there's no judgment here if you didn't. Email marketing regulations can feel broad and confusing. If you haven't given it much thought, or aren't sure you're doing it correctly, now's a great time to start.

What Email Privacy Regulations Do Marketers Need to Know About? 

Two big policies have passed in recent years: CCPA and GDPR. While these aren't the only email data processing and privacy laws on the books, you'll hear these acronyms tossed around a lot.

What Does CCPA Stand For? 

CCPA is short for the California Consumer Privacy Act. It gives consumers within the state a variety of rights related to the use of personal data. Under CCPA, people can also opt-out of the sale of their personal information. (The California Attorney General's website has some great information on how CCPA works!)

While CCPA regulations technically only apply to California residents, CCPA compliance is generally a good idea no matter where you and your subscribers reside. If you decline someone's opt-out request because they live in Michigan...it's not a great look. 

What Does GDPR Stand For? 

It's a bit of a mouthful. GDPR stands for the General Data Protection Regulation and provides similar rights to the CCPA for European Union residents. Businesses in the U.S. have to pay attention to the GDPR if they collect any personal data about people who live in the E.U. This is a big part of why you see cookie-related banners and fine print on so many websites.

GDPR also makes informed consent an important part of marketing, and this is true for emails. To add a European Union resident to your email list, for example, you need their consent to do so. (And, of course, you have to unsubscribe them right away if requested). 

How Do Email Marketers Comply With Data Privacy Laws? 

You don't have to completely reinvent the wheel to be GDPR and CCPA compliant. Major email service providers (ESPs) have many of the tools you need built right into their platforms. 

1. Be transparent about consumer data collection

If you have a form on your website asking for a name, email, and phone number, be clear about why you're asking. 

2. Utilize double opt-in

Double opt-in works like this: 

  • Someone gives you their email address.

  • The first email you send is a confirmation requiring them to click a button and verify they want to be on your email list. 

If the recipient doesn't click the verification button, you shouldn't add them to your marketing list. 

3. Don't buy or sell email addresses

This one is important for multiple reasons. While it's just not cool to go around selling your email subscribers' information, buying emails can give your domain a bad reputation (and may violate another law, the U.S. CAN-SPAM act). This makes it harder to reach your "real" subscribers' inboxes.

4. Provide a way to unsubscribe

The easiest, and most common way, to do this is by putting a small "unsubscribe" link in your email footer. Once someone clicks on this link, your ESP should remove them from future mailings. 

5. Get some expert help

If it all feels overwhelming, it's understandable. Planning your email campaigns can be hard enough without thinking about European laws on top of it all. 

Let us help! We live and breathe email marketing. Our team can help you set up high-converting campaigns that keep your subscribers happy, your domain healthy, and your revenue flowing. 


This article is not legal advice. Please consult your lawyer if you have any questions about the implications of GDPR, CCPA, and other privacy legislation as it relates to your business.



Kayla Shawley
Previous

Using Email Marketing to Grow Your Coaching Business
Next

3 Automated Email Workflows That Make Life Easier