The Ultimate Legal Guide to Email Outreach

Countries and current laws

  • United States: CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing Act)
  • Canada: CASL (Canada’s Anti-Spam Law)
  • Australia: Spam Act 2003
  • EU: GDPR (General Data Protection Regulation) in May 2018

EU: The General Data Protection Regulation (GDPR)

  • Extended jurisdiction of the GDPR — it applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.
  • The conditions for consent have been strengthened — request for consent must be given in an comprehensible and easily accessible form, with the purpose for data processing attached to that consent.
  • Data subject rights:
  • Right to access — recipients can obtain information whether their personal data is being processed, where and for what purposes. They can also ask for a copy of their personal data free of charge.
  • Data portability — recipients will receive their personal data in a ‘commonly used and machine readable format’.
  • Right to be forgotten — recipients can have their personal data erased and stop further data processing.

Do you need permission to email someone?

  • Canada
  • Australia
  • United Kingdom
  • France
  • Germany
  • Spain
  • Italy
  • Sweden
  • Netherlands
  • United States

What is consent?

  • Consent is lead’s freely given agreement to the processing of personal data for a specific purpose.
  • The lead’s consent has to be obtained just before you send them email for marketing purposes.
  • It has to be clear and informative so they can understand what they are agreeing to.
  • It has to be given for each purpose. You have to ask the same person for specific consent for each different campaign or product you are contacting them for.
  • Silence or inactivity should not be regarded as consent.

Consent Form

  • The identity of your company
  • Purposes for which the data will be processed by your company
  • Any further information that is necessary to make sure your leads understand how their data will be processed (e.g., the third parties with whom the data may be shared)
  • The existence of their rights:
  • Right to access to and correct personal data
  • Right to object to processing
  • Right to be forgotten
  • Right to withdraw consent

How to obtain consent?

System for storing consent

  • What they have consented to
  • What they were told
  • When and how they consented
  • The purposes for processing data
  • The categories of personal data collected
  • The recipients to whom the data have been or will be known
  • Other information about third parties involved
  • The source of data collection
  • The anticipated period for which the data will be stored
  • The existence of the right to request correction or erasure of the data
  • The right to make a complaint

Personal VS non personal data — generic email addresses

What if they don’t want to receive your emails anymore?

What type of information you need to include in each email.

  • Sender’s identification
  • US: CAN SPAM Act
  • Canada: CASL
  • Australia: Spam Act 2003
  • EU: GDPR
  • Option to unsubscribe
  • US: CAN SPAM Act
  • Canada: CASL
  • Australia: Spam Act 2003
  • EU: GDPR
  • Mailing address
  • US: CAN SPAM Act
  • Canada: CASL
  • Recipient’s rights
  • EU: GDPR
  • Canada: CASL

How can you collect email addresses?

Collecting emails on your website

Collecting emails using tools and web scraping

Buying email lists

What are the consequences?

  • US: CAN-SPAM Act — up to USD 40,654 per email
  • Canada: CASL — up to CAD 1 million for individuals and 10 million for businesses
  • Australia: Spam Act 2003 — up to AUD 1.8 million
  • EU: GDPR — up to 4% of annual global turnover or €20 Million (whichever is greater)

How to comply with all these laws?

  • Don’t mislead your recipients. Be honest about your proposal. Don’t use tricky subject lines.
  • Make sure you have obtained consent for sending commercial emails. If you are cold emailing, ask for consent in your first outreach email.
  • Store collected consent and all necessary information.
  • Respect your recipients rights: right to access to and correct personal data; right to object to processing; right to be forgotten; right to withdraw consent.
  • Include an unsubscribe link in your emails. Make it easy for you recipients to unsubscribe.
  • Make sure your recipients can identify you when they receive your emails. Provide mailing address in emails.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store