What is GDPR

What is GDPR, CASL and CCPA?

And how to navigate these regulations

Email compliance and the legalities that come along with it are becoming a really big deal for companies. We recently hosted a podcast on CRM Radio (http://crmradio.today) with two leading experts, Steven Pearl of IntelliClick and Derek Lackey of Newport Thomson. Their insights into GDPR, CASL and CCPA can help executives navigate these tricky regulations. 

What is the spirit of these email compliance regulations?

Maybe you haven’t heard but there are a host of new regulations that dictate how you store and manage customer data. This has a great effect on day to day operations for anyone in marketing, customer service and Information technology roles. At the heart of these regulations there are a host of things you now have to consider:

  • How you collect customer data
  • How long you store data
  • How you delete data
  • How you use cookies on your website
  • How you use forms on your website
  • How you handle customer requests for data and its deletion
  • Etc

Adhering to these new regulations is very burdensome and failing to do so could result in significant fines. This is why it’s so important to develop an iron clad privacy policy, cookie policy and terms and conditions – then making them easily available. One of the things that makes these data protection acts even more complicated is that they are regionally focused, varying in requirements and now we have even seen individual states (in the USA) writing their own legislation; potentially making this a very hazardous minefield of regulations.

What does GDPR stand for?
It’s the General Data Protection Regulation, and it covers the European Union.
Learn More Here:

What does CASL stand for?
This is the Canadian Anti-Spam Legislation and it covers Canada.
Learn More:

What does CCPA stand for?
California Consumer Privacy Act, covers California.
Learn More:

Here are some of the main takeaways we gathered from our recent podcast with Derek Lackey:

First, make sure you are paying attention to these regulations as they are very different. While GDPR is Europe and CCPA is California, the laws apply to anyone who markets into the territory – and some companies can be responsible for big fines as a result of not being in compliance.

Second, GDPR is very detailed and broad on defining what constitutes “personal information” and how it can be used, stored, and accessed or deleted. As with GDPR, you need a detailed and documented process as to how you respond to an individual’s request for their information, and allow them to edit it and or have it removed completely from your system. Make sure you know how to track, document and respond to these requests across your entire organization. GDPR also requires express consent from individuals regarding their data and how its being used by you, the company. According to these regulations, consent to data is no longer “implied”, as it has been in the past. Even if the individual reaches out to you seeking to established a business relationship or Legitimate Interest in your products or services.

Third, the new California law (CCPA) s mostly addressing the resale or use of email addresses by other parties. You must disclose this if you do intend to share it or resell it to third parties. You will be required to get express permission from the individual.

Fourth, while there have been penalties, Derek also shared that many companies have seen open rates improve – why? Because they are now using a qualified list of opt-ins who want to hear from you. As you can imagine, these regulations are causing chaos in marketing departments. Some marketers are seeing their lead lists cut in half or more. It’s also dramatically increasing the stress on internal IT departments to create new processes and re-classify previously existing data. This can be time consuming and expensive to reorganize legacy systems and bring them into compliance.


Here is our short list of key recommendations we discussed:

  • Offer unsubscribe capability and honor it. You can’t sell to people who don’t want to hear from you anyway.
  • Make your privacy policy and terms very easy to find.
  • Institute a cookie policy and have individuals who visit your website accept it.
  • Connect your CRM to an email management tool to track opt-outs. More importantly the opt-ins, as to build and maintain your marketing lists.
  • Don’t default to implied “opt-in” on your web forms. The individual has to manually select the option to opt-in to future communications.
  • Be careful when buying email lists. Make sure your list vendor can certify and prove they have permission from the individuals on each list you buy.
  • Regine your GDPR process and ensure your employees are trained when they need to respond and provide an individual with their specific information or delete it upon their request. Keep in mind, any of these requests apply to all data across each of your systems: CRM, orders, accounting, customer service, marketing lists etc.
  • Try to segment your emails by developing shorter content for specific segments. A basic one for Customers and perhaps another one only for prospects. It takes a bit extra, but can increase your effectiveness and lower your liability.
  • And keep up to date on the changing legal environment surrounding these regulations. More and more are being created every day and some might contradict each other.

Derek had one last thought for all of us.  Preference centers will be the way to manage content and give the individual their choice of content and delivery. And most importantly, rather than wait for each new regulation to come out, get ahead of these trends by implementing good data practices to reduce your risk.

About GoldMine:

GoldMine has been around for more than 25 years. When you have been doing this as long as we have, you learn a thing or two. With millions of users all around the world our CRM system is the by-product of listening to our customers longer than anyone else.

Want More Information: Ask Us A Question or Take A Free Demo