How do we build compliant marketing consent practices?

Map each channel (email, SMS, calls, cookies) to the law that governs it by region. Use specific opt-ins where required (e.g., SMS/auto-dialed calls), provide easy opt-outs, and log consent metadata (who/what/when/source) with fast suppression. Align templates to clear & conspicuous standards and review language quarterly.

How-to checklist (8 steps)

1. Inventory channels and regions (US, UK, EU).

2. Define legal bases: CAN-SPAM for email content; TCPA for SMS/calls; PECR/ePrivacy + GDPR consent rules for UK/EU.

3. Build opt-in flows per channel; separate SMS consent; collect prior express written consent where required.

4. Capture consent metadata (timestamp, mechanism, IP, scope, proof).

5. Implement global suppression (STOP/UNSUB across all tools).

6. Add just-in-time notices near collection; link to privacy policy.

7. Test: seed accounts to verify opt-out speed (≤10 business days for email in US).

8. Audit quarterly; fix gaps and update language.

Definitions

• Prior express written consent (US TCPA): Signed agreement (electronic OK) authorizing marketing texts/calls to a number.

• Soft opt-in (UK PECR): Limited exception for emailing/texting existing customers about similar products, with easy opt-out.