This document provides handy links on mass email laws.
Knowing the rules when it comes to sending mass emails can be confusing. The two laws you may have heard the most about are CAN-SPAM and GDPR.
The CAN-SPAM Act, also known as the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, applies to any commercial or promotional messages. They apply to messages whether they are bulk emails or not, and whether they are to consumers or B2B (business-to-business). Here are some FTC guidelines to use when creating emails, segments and campaigns:
- CAN-SPAM Act: A Compliance Guide for Business is an easy overview of CAN-SPAM and steps to take to follow the law. A helpful Q&A is at the bottom of the page. This is a great place to start exploring CAN-SPAM.
- CAN-SPAM Rule 16 CFR Part 316 has the text of the official rule
- Candid answers to CAN-SPAM questions is a Q&A with an FTC attorney on specific situations that may be applicable to you.
GDPR, which stands for the General Data Protection Regulation, is an EU privacy and security law, but it applies to any organization anywhere, as long as it targets or collects data related to people in the EU. GDPR gives data subjects rights, such as the right to access, erase, or port data about themselves. GDRP.eu has many resources, including:
- What is GDPR? outlines the history, scope and details surrounding GDPR. This is a great place to start exploring GDPR.
- GDPR FAQs may answer some of your questions regarding the law.
- GDPR text of the law is also available.
There are many additional helpful articles, guides and checklists available online, but the links above are directly from the governments enforcing the laws, so it is advisable to start with these.