Blog / Compliance & Legal
10 Articles
Compliance & Legal
PCI DSS 4.0 added DMARC as a requirement in March 2025 for any organisation handling cardholder data, with monthly fines from $5,000 to $100,000 for non-compliance. NIS2 and DORA in the EU recognise email authentication as a required cybersecurity control. GDPR enforcement remains active. This category maps the legal frameworks (CAN-SPAM, CASL, GDPR, LGPD) onto operational practice — what consent looks like, what a one-click unsubscribe must do under RFC 8058, and how regulated industries (healthcare, financial services) configure email infrastructure to meet HIPAA and FINRA requirements.
- CAN-SPAM vs GDPR vs CASL: Email Compliance Comparison
- DMARC p=quarantine vs p=reject: Migration Paths That Work in 2026
- Email Deliverability for Financial Services: Banks, Investment Firms, and FinTech
- Email Deliverability for Healthcare: HIPAA Compliance and Technical Guide
- Email Infrastructure for Regulated Industries: HIPAA, FINRA, and GDPR
- Email Unsubscribe Compliance: RFC 8058, Legal Requirement...
- GDPR Email Marketing Compliance: Legal Basis, Consent & Data
- Washington State CEMA: What Email Marketers Need to Know Before the Lawsuit Arrives
- Washington State CEMA Email Law: Compliance Guide and Litigation Risk
- Washington State CEMA: The Strictest US Email Law and Litigation Risks