GDPR email marketing rules

Here are the most important GDPR email marketing rules to follow.

There are a lot of rules out there… especially when it comes to email marketing.

And with the recent General Data Protection Regulation that went into effect May 2018, a lot of questions are surfacing about just exactly what changes email marketers need to make.

When it comes to GDPR email marketing rules, we’ve got you covered.

In fact, we’re here to help you understand not just what the GDPR means for your email marketing program, but also how it differs from the other rulings about this topic: Canada’s CASL regulation and the United States’ CAN-SPAM Act.


The United States passed its first law — and the first law of its kind ever — about email marketing in 2003. Abbreviated the CAN-SPAM Act, it stands for Controlling the Assault of Non-Solicited Pornography And Marketing and was enacted to prevent the out-of-hand promotional tactics ne’er-do-wells were using email for at the time.

The CAN-SPAM Act is the most lenient of the email marketing rules when all is considered.

You don’t have to monitor and keep a history of subscription data. You don’t have to ask to retarget website visitors with emails. And you don’t have to get a clear “yes” from subscribers.

In fact, one of the most surprising things most email marketers don’t know about the CAN-SPAM Act is that it has no provisions against sending cold emails. This is one of the biggest differences between this law and its European and Canadian counterparts.

But as everyone knows, just because you can do something… doesn’t mean you should. And any wise email marketer would tell you sending cold emails isn’t smart. It’s bad for deliverability, it’s bad for your reputation, and it’s bad for your email marketing program overall.


December 2010 marked the time when the United States’ northern neighbor passed its first law addressing negative email marketing tactics. It’s quite simply called Canada’s Anti-Spam Law and is referred to by most in the industry as CASL.

When CASL was enacted, it was a big deal. Canada waited seven years to address this issue, but when it did, the country caused waves.

Unlike CAN-SPAM, this regulation prohibits the sending of any cold email. That’s right, provisions in the law make it absolutely unacceptable to email someone without gaining their prior consent.

For email marketers then and now, this means removing Canadian email addresses from any lists that were gained without clear consent. It also means capturing and storing subscriber consent information in case of a complaint surfacing, which did happen many times after the law was passed. Plaintiffs sued companies, courts passed judgements, and the accused had to pay up… big time.

This CASL email marketing guide wll give you the scoop on this law.


The General Data Protection Regulation, or GDPR, is the newest — and strictest — of email marketing laws. The implementation rules are detailed, intense, and much more extreme than either CAN-SPAM or CASL. And much like CASL, judges will prosecute for not following GDPR email marketing rules… just ask this company facing a lawsuit for breaking this law.

GDPR covers not just email marketing — or even just marketing — but the operations of a company as a whole.

What it means for those following GDPR email marketing rules is being extra careful and intentional about their data. We’re talking gathering it, processing it, retargeting with it, and storing it. It’s all in this GDPR Checklist. But the bottom line is: you can’t be willy-nilly about your subscriber data anymore!

GDPR email marketing rules take online privacy very seriously… so you should, too.

conclusion: follow GDPR email marketing rules

Email marketers are lucky.

There are tools in your hands to unleash creativity, make eyeballs pop, and engage your community.

But there are also walls — much needed, for-your-own-good walls. CAN-SPAM, CASL and GDPR are all in place to make sure you toe the line… but don’t go over it.

Each regulation is different, and important in its own way. Email marketers would do well to understand what each one requires and the differences between them.

Need help making sense of these laws and seeing if your email marketing program lives up to their standards? We’ve got deliverability experts on our team who’ve been around the block a few times and know this stuff like the back of their hands. We’re here to help… just reach out.

Download the GDPR Checklist!

More to explore...

Introducing Coupon Manager

The WhatCounts team has been hard at work on a new feature, Coupon Manager, which streamlines using coupons in campaigns. Instead of using a generic

Read More »

Ready to See WhatCounts in Action?

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.