top of page

GDPR & US Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets out guidelines for the collection, storage, and processing of personal data from individuals who live in the European Union.

The Information Commissioner’s Office is the regulator dealing with the Data Protection Act 2018 and the General Data Protection Regulation and the Privacy and Electronic Communications (EC Directive) Regulations 2003 across the UK.

Is Vendauctus’ marketing campaigns compliant with GDPR?

As above PECR allows email marketing providing the subject matter is relevant, not misleading and allows the recipient to opt-out of future emails. At Vendauctus as we highly target the prospects that we contact we will always ensure that we are compliant. To be compliant with GDPR also similar rules apply whereby it must be shown that the prospect receiving the communication could be reasonably assumed to have a legitimate business interest in the product or service offered. Again due to the highly targeted process that Vendauctus use in the prospect building phase of a campaign, the legitimate interest assessment is always considered and ensured that the criteris is met. If Vendauctus determines that your planned B2B marketing activity will fail to meet the Legitimate Interests Assessment within the GDPR or indeed it would breech some other part of the regulations or the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), then we will not be able to support those campaigns in any geographical regions that are subject to GDPR.

 

What is CAN-SPAM & CCPA

The CAN-SPAM act, is a law in the USA, that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations. The FTC enforces the CAN-SPAM Act.

CAN-SPAM applies to all commercial emails and the FTC can enforce penalties for each separate email in violation of the Act.

The main requirements of CAN_SPAM are:

  • Don’t use false or misleading header information. Your “From”, “To”, “Reply-To” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.

  • Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.

  • Identify the message as an ad. You must disclose clearly and conspicuously that your message is an advertisement.

  • Tell recipients where you’re located. Your message must include your valid physical postal address.

  • Tell recipients how to opt out of receiving future marketing email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting marketing email from you in the future. 

  • Honor opt-out requests promptly. 

 

The California Consumer Privacy Act (CCPA), introduced in 2020 and applies if your sending marketing emails to prospects within California. It gives residents of California the right to know exactly what personal data companies are collecting about them.

Under the CCPA, Californians are able to access and request deletion of any personal data that companies may have collected on them.

The CCPA applies if you meet the following criteria:

  • Your company has a gross annual revenue of more than $25 million.

  • Your company gets more than 50% of its annual revenue from Californian residents.

  • Your company buys, sells or receives personal information of more than 50,000 California residents.

 

Vendauctus employees all undergo training in GDPR, PECR, CAN-SPAM, CCPA and general compliance training.

bottom of page