Email compliance in 2025: a global overview beyond GDPR and CAN-SPAM

Most email compliance discussions focus on GDPR and CAN-SPAM. But if you send email globally, there are many more regulations to consider.

Key regulations by region

• Canada (CASL): Express consent required, implied consent expires after 2 years
• Australia (Spam Act 2003): Consent + identification + unsubscribe required
• Brazil (LGPD): Similar to GDPR with local nuances on legitimate interest
• Japan (Act on Specific Commercial Transactions): Prior consent required since 2008
• India (DPDP Act 2023): New regulation — consent-based, with data localization requirements

Practical approach

Comply with GDPR as your baseline — it is the strictest general framework. Then check specific requirements for your largest recipient countries. The key differences are usually around implied consent duration and data retention.

Brew's compliance features include consent tracking, data retention policies, and automatic preference centers that help with multi-regulation compliance.