Marketing Laws - What Business Owners Should Know

Marketing Laws

What Business Owners Should Know
about Data Privacy

GDPR implementation, Facebook questioned over Data Privacy and Data Breaches, and the growth of AI are just a few recent headline topics that may have business owners wondering, “What should I know about how my business handles marketing contact data?”

If you’re a busy CEO or Entrepreneur, you may not have time to keep up on all the data privacy headlines. But it is very important you know some key information about your own business.

1)  Know what countries your target audience is coming from. 

Different countries and regions have different laws about how you handle someone’s contact data.

The European Union and Great Britain: The GDPR (General Data Protection Regulation) goes into effect May 25, 2018.

Canada: CASL (Canadian Anti-Spam Law) is already in effect.

America: CANSPAM: (Controlling the Assault of Non-Solicited Pornography and Marketing Act) has been in affect the longest and is what most US companies have built opt-in, opt-out and privacy policies to comply with.

Despite being newer, GDPR and CASL are in many ways more encompassing laws, dealing more with the opt-in process. Written much later than CANSPAM, they speak to a range of electronic communications. As a result, retargeting ads, social media ads, search ads, and text campaigns can all come into consideration.

If you are capturing information about contacts who visit your site from outside the US, you do need to revisit your privacy policies, data captures, and opt-outs to ensure you meet the requirements of the countries your contacts come from.

2) Know what data you capture about your contacts

You may capture any or all of the following about contacts: when they opted-in, what they opted-in to receive, their country, whether they opted-out, when they opted-out, and what they opted-out of.  Figure out what data you’re tracking so that you can match up the requirements to laws that fit who you collect data about.

3) Update your database to segment your contacts. 

Most companies have contacts in their databases from Canada or the EU from before these laws went into effect. It’s important to make sure you go back and get the necessary opt-ins, or segment these contacts out of any marketing that is not allowed.

4) Put a good privacy policy into place, or update your existing privacy policy. 

If your privacy wasn’t written or updated recently, and you’re actively marketing in multiple channels, you may very well be due for an update. Make sure it explains what information you collect and how you use it. If you share that information with any third parties, even for your own retargeting, make sure it includes what you share.


Database setup and legal compliance is not glamorous to talk about. Still, as recent headlines about Facebook fully demonstrate, responsibility for properly handling contact data rolls up to the top.  Be sure you can speak to where you get your database information from and how your marketing and sales team handles it.

Disclaimer: This post is educational and should not be taken as a substitute for legal advice. Work with your legal team to make sure you’re in compliance.

Resources: For more on this topic visit the following websites and articles and consult a legal advisor for any questions.