Email Compliance

  • Updated on Mar 2, 2023
  • Published on Apr 25, 2022
  • 4 minute(s) read
Prev Next

Who is this article for?

Any nonprofit, charity, or organization distributing emails, newsletters, and/or obtaining personal information from emails sent from their organization.

This Article Covers

  • Email Compliance Checklist
  • GDPR Email Subscriptions and Opt-ins
  • Example verbiage and visuals for compliant forms

Summary

Regulations state how nonprofits can use email in their marketing and other activities, such as fundraising. Therefore, it’s essential to know the following laws for email compliance. For the full guide, click here.

Email Compliance Checklist

  • Has everyone on your email list agreed to receive email communications from you? Did they opt-in explicitly or through transacting directly with the organization?
    • Does your opt-in page show what kind of messages the user will be receiving once they subscribe?
  • Is it clear that your organization is sending the email? Check if the β€œto” field has your organization’s name.
  • Does your subject line accurately state what the email is about?
  • If your email is an ad, do you have statements in the message stating that it is? For example, soliciting a donation might be considered an ad.
  • Does your email footer contain the following information?
    • Organization name
    • Valid physical address
    • Phone number, email, or web address
    • Unsubscribe option
    • Short text on why the user is receiving the email
  • Does your email show how the reader can unsubscribe from your emails?
    • Is it easy to read and understand how to unsubscribe?
    • Does clicking the link lead to the opt-out page on your website?
  • Do you have a link to your Privacy Policy? Read here for more about a Privacy Policy.
    • Is your Privacy Policy updated on your website?
  • If you’re outsourcing your email marketing campaigns, ensure the third-party company is compliant to (ask them about it):
    • CAN-SPAM Act
    • GDPR
    • CCPA

GDPR Email Subscriptions and Opt-ins

To be compliant with GDPR ensure your organization is clear about the exchange of personal data for opting into any email, newsletter, or subscription. GDPR defines the conditions for consent in Article 7.

  • Consent is given voluntarily

    • When assessing whether consent is given voluntarily, it must be taken into account whether the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
    • For example, if a user wants to download an ebook/whitepaper, or participate in an event, it must be clear that by doing so, they will be automatically subscribed to your newsletter.
    • If personal data will be collected in exchange for an item/service you’ll be providing this should be made clear during the opt-in stage.

  • Consenting must be clearly recognizable

    • Positive opt-in - Dedicate a separate space in your form where users can voluntarily and actively click on a checkbox
    • Pre-ticked sign-up checkboxes are not allowed
    • Double opt-in - Once a user submits their information, they receive an email that contains a link that they can click to further confirm their subscription to your newsletter.
    • It is best practice is to provide a link to your privacy policy not only in the opt-in form but in the emails you’ll be sending as well.

  • You must ensure that opting out of your email subscription is easy

    • Add a visible unsubscribe link to all of your emails
    • Add a link that lets users change their email preferences

Examples of GDPR compliant newsletters

Examples of GDPR email disclaimers

Full GDPR Compliance Guide

Compliant Form Examples

These examples are based on the UK and EU GDPR for compliance, as they are generally stricter than the US. However, it is always best practice to check your country or region's regulations in detail to ensure compliance. You can view our EU GDPR, UK GDPR, and Switzerland FADP articles for additional information and details.

Screen Shot 2023-03-02 at 10.56.47 AM.png

Text Example 1:
By submitting your email, you agree to be included in our newsletter. Don't worry, you can unsubscribe at any time. For more details, you can review our Privacy Policy.
[Add checkbox] I agree
Make sure the words "privacy policy" links to your policy on your website.

Text Example 2:
To receive [item/service], please subscribe to our newsletter. Don't worry, you can unsubscribe at any time. For more details, you can review our Privacy Policy.
[Add checkbox] I want to subscribe
Make sure the words "privacy policy" links to your policy on your website.

Non Compliant Examples

Screen Shot 2023-03-02 at 10.57.28 AM.png

Why it's not compliant:
In the above example, the checkbox is for two separate items. You must have separate checkboxes for separate actions that you would need consent from.

Screen Shot 2023-03-02 at 11.01.33 AM.png

Why it's not compliant:
There is no specific section of the form that the user agrees to or has to take action on by clicking or checking for sharing their information. There are also no details or explanation that they will be subscribed to a mailing list or not after joining the contest.

The Full Guide

Email Compliance Guide (Google Doc)
The guide includes more detailed information and source data.

Related articles