CSA: GDPR Requirements in International Context

  • Trustworthy and personalized customer communication becoming increasingly important
  • Achieve email marketing goals with high quality standards
  • CSA Summit 2018: Experts discuss current requirements for email marketing

With the EU General Data Protection Regulation (GDPR) coming into effect on 25 May, it is now more important than ever to fulfill high quality standards in email marketing. Exactly what are the new legal and technical stipulations that senders need to fulfill? This was the subject of discussion for around 140 international experts at the CSA Summit 2018 in Frankfurt.

“The basis of every email is the explicit, specific, and voluntary consent of the recipient to receive this message,” was how attorney Dr. Jens Eckhardt* formulated one of the important principles of the GDPR in a panel discussion at the Summit. The resulting new requirements sparked much fuel for discussion among the participants, who altogether represented 19 different nations. Ultimately, it is of fundamental importance for the digital industry to have legal certainty for email marketing and to avoid the risks of heavy penalties.

Strict criteria and quality standards

One of the first steps towards achieving this is gapless documentation. “Companies should be able to prove on the basis of documentation that they process personal data in the manner defined in the GDPR,” Eckhardt continued. Senders with the CSA certification are on the safe side, given that this already fulfills all requirements of the GDPR. Additionally, CSA Director Julia Janssen-Holldiek explained that, “We have obligated ourselves to very strict criteria and quality standards for the certification. This is now paying off for senders, because they can approach the 25th May very well prepared.”

Tips for trustworthy personalized customer communication

And yet, for successful email marketing, it is not enough simply to fulfill the legal requirements. Trustworthy personalized customer communication and relevant content are also important. In this context, Thede Loder, Senior Director at Agari Data Inc., presented the advantages of Branded Indicators for Message Identification (BIMI). Through this, the logo of the sending company appears in the inbox of the recipient. In this way, there is no longer any doubt as to who the sender is, which makes phishing attack by cyber criminals considerably more difficult.

Best-practice examples were presented by Carmen Piciorus, technical expert at La Post, and Steve Jones, Senior Software Engineer in the postmaster team at LinkedIn. Both spoke about the topics of email authentication with SPF, DKIM, and DMARC, about IP and Domain reputation, and about the need to adapt campaigns, from China to Europe, to local and regional conditions and legal frameworks.

Taking advantage of opportunities of mobile email

Christian Hanke, Creative Director and Partner in the agency Edenspiekermann, gave valuable advice for improving email marketing on mobile devices: “More and more people read emails on their smartphones, and as a result in a very personal context,” he pointed out. “The right tone, content that really interests the recipient, and clear presentation on all devices offers great opportunities that many brands are only partially taking advantage of so far.”

The CSA Summit 2018 took place from 18 to 20 April in The Aircraft, a venue with a focus on aviation, near Frankfurt.


* Jens Eckhardt and other experts also offer advice in eco’s dotmagazine on the GDPR and cloud compliance. Read more in Cloud and Data Protection – A Challenge to Users.

CSA Summit 2018: E-Mail-Marketing hebt ab