Marketing: Email Compliance – Part 2

with Pamela Muldoon

In Part 2 of our riveting Email Compliance series (it’s true, we promise), Anne and Pamela talk about the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act of 2018 (CCPA). Learn how to store, collect, and handle data securely, while following these important laws and avoiding liability #LIKEABOSS


Quick Concepts from Today’s Episode:

  1. The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. 

  2. The GDPR sets out seven key principles:

  3. Data must be:“

  4. (a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);

  5. (b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);

  6. (c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

  7. (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

  8. (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);

  9. (f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”

  10. The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. This landmark law secures new privacy rights for California consumers, including:

  11. The right to know about the personal information a business collects about them and how it is used and shared;

  12. The right to delete personal information collected from them (with some exceptions);

  13. The right to opt-out of the sale of their personal information; and

  14. The right to non-discrimination for exercising their CCPA rights.

  15. CCPA applies to you if your business:

  16. Has a gross annual revenue of over $25 million;

  17. Buys, receives, or sells the personal information of 50,000 or more California residents, households, or devices; or

  18. Derives 50% or more of their annual revenue from selling California residents’ personal information.

Referenced in this Episode

Direct links to things we brought up +

GDPR information
CCPA information
Pamela Muldoon’s Website
BadAss Editing by Carl Bahner
Recorded on ipDTL


>> It’s time to take your business to the next level, the BOSS level! These are the premier business owner strategies and successes being utilized by the industry’s top talent today. Rock your business like a BOSS, a VO BOSS. Now let’s welcome your host Anne Ganguzza.

Anne: Hey everyone. Welcome to the VO BOSS podcast. I’m your host, Anne Ganguzza, along with my CAN-SPAM Pam [laughs] special guest host Pamela Muldoon. Hey Pamela, how are you?

Pamela: Oh my goodness, Anne.

[both laugh]

Anne: CAN-SPAM Pam.

Pamela: Yes.

Anne: I say this, BOSSes, because if you did not listen to our previous episode, we talked all about compliance and the CAN-SPAM – I can say that three times fast – the CAN-SPAM Act, which was set forth to ensure that all emails are sent within a certain set of guidelines and rules to avoid spamming and all sorts of stuff like that.

Pamela: And I’m a rule follower, Anne, so I’ll take that as a title compliment today.

Anne: CAN-SPAM Pam.

[both laugh]

Pamela: That doesn’t mean you can spam me. Just so you know. [laughs]

Anne: That’s right, that’s right, you cannot spam Pam, but it’s CAN-SPAM Act Pam [laughs] Muldoon.

Pamela: Thank goodness we’re going to use different letters and different [laughs] acronyms.

Anne: I’m glad that you actually brought that up. So compliance is a huge issue. I remember a couple of years ago a whole bunch of stuff coming out about GDPR. So I think that we should probably discuss GDPR as well, Pam, and maybe a compliance part two to the series, because I think it’s something as BOSSes and entrepreneurs, we need to be aware of these things. So GDPR came out I believe in 2018, right, Pam?

Pamela: 2018, yeah, it did. Yep. And I think what we’re going to talk about today has more to do with data privacy. What was great about the CAN-SPAM Act is it gave you a specific set of guidelines that are very actionable and very doable. When we start talking about these other compliance laws that have gone into effect around the world, it really is a response to data breaches and the privacy concerns that have become even part of our culture and just hot topics over the past years as well.

Anne: I think in 2018, when GDPR, which by the way stands for General Data Protection Regulation, came out for the EU, other places started looking at those and adopting those policies as well.