If you send email, especially email marketing or other bulk email, then there are the two things that your business contracts must contain, even in the U.S., to be not just GDPR compliant, but GDPR-proofed.
It's hard to believe as we are closing in on 2023 that there are still email marketers and other bulk email senders who don't immediately remove people who unsubscribe from their list, but it's true. So this article is for those people who need to understand that you really really need to remove the email addresses of people who want to opt-out from your mailing lists as soon as humanly possible. Yes, even though CAN-SPAM gives you 10 days to do it!
With the UK adopting their own UK GDPR following Brexit, it's important to understand that you can't just block from your website people coming in from the EU or the UK. As we have mentioned in other articles on GDPR compliance, GDPR specifically prohibits the automated profiling of individuals, including of their online identifiers or locations, which means that it is a violation of GDPR to note, in an automated fashion, from what region in the world they are surfing over to your website.
Despite that GDPR is coming up on its fifth anniversary, people are still asking questions like "What is a 'data controller' or a 'data processor' under GDPR?" And "How is a GDPR data processor different from a GDPR data controller?" And even "Can a company be both a data processor and a data controller at the same time under the EU General Data Protection Regulation?" And the ever important question: "Do we have to comply with GDPR if we are in the U.S.?" Here are the answers.
By now everybody knows that business email addresses that go directly to one individual, such as
jo********@ex*****.com
, are considered personal data (personally identifiable information, or PII) for the purposes of GDPR and, increasingly, email privacy laws in other countries. But what about generic business email addresses, such as
in**@ex*****.com
,
sa***@ex*****.com
, or
co*****@ex*****.com
(also known as 'role account' email addresses)? The conventional wisdom is that those are not considered personal data, and so are fair game to add to your mailing list without prior consent. But not always, there's a catch!
Political campaign email would get a free pass to your inbox, and not be allowed to be run through spam filters, if new legislation introduced by Republicans in both the U.S. House and Senate is passed. Named the Political BIAS Emails Act of 2022 (BIAS is short for "Bias In Algorithm Sorting"), a/k/a HR 8160 and SB 4409, the new law would require that email receiving systems such as Gmail, Outlook, Yahoo, and all the others, deliver political campaign email directly to your inbox, and they would be expressly forbidden to run it through their spam filters at all. We also include the full text of the proposed law at the end of this article.
We talk about CAN-SPAM often, and you may even hear about it from time to time when email spam makes the news, or when looking at your own email marketing policies, or, even, when dealing with spam complaints. But what exactly is CAN-SPAM and which parts of it are most applicable to you? Here are the 10 things that you NEED to know about CAN-SPAM.
We recently had a customer muse to us "I think there's got to be a phone number at the ISP that we could call, so we can ask them to explain the reason we are being sent to the junk folder." As most of you who read this probably know, well, there isn't such a phone number. But why not?
For those of you who have read the intro of our Email Deliverability Handbook, you know […]
Our data suggests that a complaint rate of more than even 1 in 10,000 (.01%) can cause problems. This may happen as a consequence of direct actions by the ISP or as a reflection of something else. You may see issues mainly because you will be reported by recipients in a sustained trend.