This article is to help you conduct your own audit, by drawing your attention to the areas where you need to be most careful.
Important note
With increasing pressure on data and marketing compliance, your emails are scrutinized more than ever. Achieving high levels of compliance will help building a successful digital marketing program.
Compliance basics
Legal compliance |
---|
Your marketing program complies with local data protection, privacy, marketing and advertising laws. |
Your marketing team is given the training, monitoring and support necessary to understand and comply with local laws. |
Digital marketing self-assessment
Our self-assessment process helps you understand how to make your digital marketing program more successful so your emails can be delivered more effectively.
For those recommendations, you may need to involve your technology, marketing, legal and website teams.
Use of personal data |
---|
You have an internal data retention policy or a customer lifecycle process which defines when customer data should be deleted. |
You explain your data lifecycle or data retention policy to your customers, either when collecting data or via an easily-accessible section of your Privacy Policy. |
You have processes in place to delete data when it is no longer needed. |
Your email marketing lists | |
---|---|
You can differentiate between active and inactive recipients | |
Use your definition to create a split based on your contact base | Full mailing list |
Active contacts | |
Inactive contacts | |
Unknown |
Your emails and marketing campaigns |
---|
All your marketing emails contain an easy-to-use unsubscribe link. |
All your email content is in line with the expectations of the recipients. |
All your emails identify your brand which your recipients can recognize:
|
Sign-up, registration forms and opt-in processes |
---|
Marketing consent is optional and has all of the following:
|
For customer “soft-opt-in”, where an email address is collected as part of the sales process:
|
All the information collected is necessary.
|
Opt out
|
Privacy Policy / Privacy Notice |
---|
Your Privacy Policy is easily accessible during your sign-up and account creation processes.
|
Your Privacy Policy is easy to read.
|
Your Privacy Policy explains how you use marketing data.
|
Your Privacy Policy explains data subject rights.
|
CSA allowlist
As an Emarsys customer you can take advantage of our CSA certification. This certification is evidence of the highest standard in responsible digital marketing.
CSA-certified senders like Emarsys must agree to comply with strict legal and technical quality standards for email. In return, their IP ranges are added to allowlists and receive priority inbox placement from the ISPs that respect these allowlists.
What is CSA certification?
To learn more about what the CSA is, watch this short video.
CSA additional requirements
CSA / Platinum Sender - additional requirements |
---|
In addition to what is described in Your emails and marketing campaigns, above, your emails templates must use one-click List-unsubscribe. |
In addition to what is described in Sign-up, registration forms and opt-in processes, above, your sign-up forms must contain:
|
In addition to what is described in Privacy Policy, above, this document must contain:
|
Sending via a CSA allowlist member IP range is expected by ISPs in Germany, Austria and Switzerland.
Resources and references
- Our guide to best practice for opt-in: Best Practices for opt-in
- Our guide to best practices for the Privacy Policy: Best Practices for your Privacy Policy
- CSA admission requirements and recommendations: https://certified-senders.org/wp-content/uploads/2017/07/CSA_Admission_Criteria.pdf
- Pre-GDPR, the differences in legal requirements for email marketing in Germany, Austria and Switzerland: https://certified-senders.org/wp-content/uploads/2017/07/The-legal-situation-for-email-marketing-in-Germany-Austria-and-Switzerland.pdf
- UWG: https://www.gesetze-im-internet.de/englisch_uwg/englisch_uwg.html#p0100