GDPR (General Data Protection Regulation) is a regulation adopted by the European Union (EU) that came into effect on May 25, 2018. It replaces the EU’s 1995 data protection framework and strengthens the rights that EU citizens have over their personal data. GDPR applies to any business that processes the personal data of EU citizens, regardless of where the business is located. Key aspects of GDPR include the rights of individuals to access, correct, and delete their personal data, the need for businesses to obtain explicit consent for the collection and processing of personal data, and the requirement for businesses to report data breaches to authorities within 72 hours of becoming aware of them.
CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act) is a law in the United States that regulates commercial email messages, including the sending of bulk email messages. The law sets specific requirements for commercial emails, including requirements for the inclusion of a valid physical address and an opt-out mechanism, and prohibits the use of misleading subject lines and false headers. In order to comply with the law, email marketers must also obtain consent, or permission to email a recipient, and honor opt-out requests promptly.
CASL (Canada’s Anti-Spam Legislation) is a Canadian law that came into effect on July 1, 2014 and applies to all commercial electronic messages (CEM) sent to or accessed by a computer system located in Canada. CASL requires businesses and organizations to obtain consent to send a CEM, and to include certain information in the message such as an unsubscribe mechanism, a mailing address and the identity of the person or organization sending the message. CASL also contains provisions for enforcement by the Canadian government, and penalties for non-compliance.
In summary, these three laws set out regulations for protecting individual’s privacy, their rights to access, correct, and delete personal data and their right to control unsolicited commercial messages they receive by email. They help to ensure that customers’ data is handled responsibly and that the email marketing practices are trustworthy, respectful of individual’s rights, and compliant with legal requirements.