guida gdpr can-spam

Guide to GDPR, CAN-SPAM and CSA and Their Differences

GDPR, CAN-SPAM, and CSA—you’ve probably encountered one or more of these acronyms during your work. They are all regulations concerning the collection and use of personal data in email marketing.

Let’s see in detail what each acronym consists of and when you are required to adhere to one or the other.


This regulation applies to all emails directed to or sent from countries that are part of the European Union.

The law requires you to obtain the informed consent of the user before starting to send email. The user must also be able to revoke this consent with ease.

We have written a post to explain the opportunity that the GDPR represents for your business.

The email marketing tools to implement the GDPR in your strategy are the opt-in form for registration and the unsubscribe link in the newsletter.

Find out how easy it is to manage these items with Emailchef.


This regulation is the oldest of the three and concerns all commercial emails addressed to users in the United States.

You can consider CAN-SPAM a slightly softer version of the GDPR, because there is no obligation to obtain the user’s explicit consent to send email. This is achieved, for example, by entering the relevant box selected on the registration form.

In fact, CAN-SPAM puts the emphasis on opt-out rather than opt-in. The user must be able to oppose the sending of further messages and this choice must be easily accessible such as through an unsubscribe link within the emails.

Canada also has its own regulation, known as CASL.


Although this acronym does not stand for the name of a regulation (it stands for Certified Senders Alliance) the effects are similar. The provisions are not mandatory, but they do represent a positive standard with which it is convenient to comply. The peculiarity is that it applies only to Germany.

Commercial emails directed to users in Germany must include the following information:

  • All data required by CAN-SPAM and the GDPR, such as company name, address, postal code, city, country, and unsubscribe link;
    Name and surname of the legal representative of the company;
  • A fully functional contact phone number;
  • A valid email address, which can also be the address from which the message is sent;
    A link to the company website;
  • A VAT number or registration number.

Emailchef Takes Away the Doubts

When you create a newsletter with the Emailchef editor, entering the information required to protect personal data under the laws is child’s play.

Here’s how. In the drop-down menu of the Blocks section select “Footer”. If you drag and drop the object named “CSA” (it’s marked with the colors of Germany) in the work area, you will have a block pre-filled with all the information this standard requires.

The blocks with the name “CAN-SPAM act”, available in English, French, Spanish and Italian, contain the information requested by both CAN-SPAM and GDPR.

Whoever your recipients are, you have only two options: German market or the rest of the world. Within the blocks, the entries in square brackets should not be replaced manually. This operation will be carried out automatically by Emailchef, which will add the information associated with the verified email address you are sending from. It’s really simple.

gdpr can-spam blocks

Did you find this article interesting?
Share it with your contacts!