Articles, Data Privacy and Security, Email Marketing

Your Guide To Understanding Email Compliance and Security in Australia

GDPR, CCPA, Spam Acts; what does it all mean and how does it affect you? It’s important for all businesses to be informed about the changing laws around email compliance and security so they can avoid breaking them. 

Any form of e-marketing, including email, SMS, and MMS or instant messaging, have laws in place that protect consumers from spam or unsolicited communications. So what do these laws look like around the world?

Current regulations for email marketing

The data and privacy laws around direct email marketing have been a hot topic recently, so it’s time to reacquaint yourself with the regulations that apply to you and how to implement them.

Here’s a breakdown of the current regulations in place around the world:

All this talk of laws and regulations can sound overwhelming right? If you’re using a reliable email marketing tool (like Vision6) then you’re probably already complying with these laws. However, it’s still important to be across all best practices so that you don’t leave yourself vulnerable to large fines.

How to comply:

Get permissions

Whether you’re sending emails, SMS, or MMS, the people in your lists need to consent to receive your marketing communications. There are two ways that this consent, or ‘permissions’, work: express or inferred.

  • According to the Australian Communications and Media Authority, express permission is when a person expressly knows and accepts that they will receive marketing emails or messages from you. They can do this in a number of ways: filling in a form, ticking a box on a website, over the phone, or face to face. It’s important that you keep a record of when and how a person gives express permission.
  • Inferred permission is a little less straightforward. You can infer permission if the recipient has knowingly and directly given you their email address. It is reasonable to believe they would expect to receive marketing messages. This could be if someone has subscribed to a service, has an account or is a member, and the marketing is relevant to your relationship with them. This doesn’t cover sending marketing messages after someone has purchased something from you.

It should be a no-brainer, but don’t purchase marketing lists. Not only will you be breaking the anti-spam permission regulations and risk receiving fines, but you’ll likely harm your email deliverability and IP reputation in the process.

Vision6 gives you simple ways to build your lists with full compliance by adding a tickbox to enable GDPR-consent on all our forms. We also keep contact details all together so you can easily access information and see what subscribers have consented to.

Our website newsletter subscribe form is an example of how you can include tick boxes to collect express permissions. 

Don’t mislead

Just like clickbait headlines, misleading subject lines and headers make your communications look dubious and are much more likely to lead to unsubscribes than conversions. You must make sure your marketing communications are not purposely lying to or deceiving your recipients. 

There’s no harm in getting creative with your subject lines though. A well-crafted and attention-grabbing subject can be a make or break for your campaign. In fact, 35% of recipients open an email based on the subject line alone.

Moz’s subject line for example uses an emoji to catch the eye and perfectly introduces their new case study in a concise and engaging way.


Need some help crafting the perfect subject line? Take a look at our guide for writing awesome email subject lines that generate clicks.

Identify yourself

To help avoid misleading recipients, you should always identify yourself as the sender in your communications. Do this by using your business name in the “from” field and including your contact information like company name, website address, business address, or PO box in the email footer. In Vision6 every email send will automatically contain your company name and address by default.

It’s also important to identify your promotional emails as an advertisement. You don’t need to explicitly say “this is an ad”, but you should make it clear that your email is promotional and not a personal email from a friend. You can do this by using your company name in the “from” field and mentioning your promotion or offer in the subject line. 

Our email templates let you simply include address and contact information in the footer, so you don’t have to think about it. 

Include an opt-out

As well as making sure you get permissions to send email marketing messages, you also need to include clear and easy ways for people to opt-out. All emails need to contain an ‘unsubscribe’ function, and all SMS and MMS messages need to include a way for recipients to opt-out.

Thankfully, we include an automated unsubscribe facility by default in all of your email messages and let you select an opt-out option for your SMS messages when creating them. 

It’s important that unsubscribe requests are followed through and your lists are updated to reflect this. All of your unsubscribe requests in Vision6 are handled automatically and your lists are kept up to date.

Want to find out more? Here’s our guide for managing unsubscribed.

Provide access, portability or erasure

In the changing data privacy and security landscape, it’s up to email marketers to safely store and manage subscriber data. To be compliant, you must be able to give people access to their data, move their data to another company, and allow their data to be completely removed from your system.

By using Vision6, you can rest easy with reliable data privacy and security. All of your subscriber data will be securely stored in an ISO 27001 data centre, you can share data with subscribers, and you can easily delete subscribers if they request for their information to be removed.

Keep in mind…

The steps above are the essentials for staying compliant, but there are a few other things to keep in mind:

  • Your business is responsible for being compliant even if you’re not sending the email campaigns yourself. 
  • The laws are a little looser for transactional emails. Most anti-spam laws are targeted at marketing messages and promotional campaigns, so transactional emails like order confirmations and password reset emails are less impacted. However, we recommend implementing our email marketing compliance tips across the board. That way you can ensure all your messages are optimised for deliverability.

Want to learn more about email compliance and security and stay up to date? Take a look at our Compliance Hub.

WATCH: Data Privacy Landscape 2020: What Marketers Need to Know to Stay Compliant

Article Categories