One word…BORING. We are marketers that want to talk about marketing results and revenue impact. Who wants to talk about email policies and data governance? That’s a fast way to get the crowd yawning at the quarterly executive meeting.

The key is to change the discussion. Let’s fast forward to that same executive meeting in six months. Would you rather discuss reporting limitations, compliance risk and inefficiencies? Or… how your marketing results have improved dramatically and how your organization is set up to scale its brand?

The point is that to attain long term success, organizations need to create a solid foundation to build on from a business process and technology perspective—that starts with documented business practices such as an Email and Data Governance Policy (EDG Policy).

Big picture, once implemented, an EDG Policy helps brands create an engaging experience in a compliant fashion by bringing clarity to an organization’s business practices.

Let’s dive in.

What is an Email and Data Governance Policy?

A “policy” is not just about the documentation, it’s about bringing vision to business processes behind the policy.

Ever have a discussion with a colleague about the difference between marketing emails and sales communications? Or, how purchased lists fit into your email strategy? An EDG Policy formalizes all of those informal discussions into one document.

The actual documented policy is the result of a lot of hard work defining the business processes around data management and email procedures. It’s a guiding document that brings clarity to business processes defined through cross-functional collaboration between Sales, Marketing, Support and other organizations that use email.

No two policies are alike. An EDG Policy should not live in someone’s head. It should be written in a formalized document to answer questions that people within your organization have like:

  • How does our organization handle unsubscribes?
  • Can sales representatives email prospects they find on LinkedIn?
  • What data is required to help identify which compliance regulations apply?
  • How can we protect our brand by ensuring people are not overmailed?
  • Are trade show attendees from the UK emailable?
  • Where do support messages fit into the strategy?
  • And dozens more.

Lack of a documented policy can lead to poor communications, increased compliance risk and internal inefficiencies.

Example of an Email and Data Governance Policy that solidifies an organization’s business processes.

Six Reasons to Develop an Email and Data Governance Policy

Here are six reasons why an EDG Policy can help your organization.

#1. Improve the Experience for Better Engagement.

An EDG Policy sets the foundation to email the right people with the right content.

As a result of governing the data behind the mailings, you can create segments that customize the experience. For example, most policies include language around collecting country data on members. As a result, people in France do not have to hear about events in the United States.

In an ideal world, you’ll also leverage a Preference Center that will enable your audience to pick the experience that matters most. For example, some people may only want event-related communications while others may desire the full array of communications.

#2. Boost Performance by Eliminating Dead Wood Leads.

Do you really need to mail those white paper sponsorship leads from 2012 that have never progressed? EDG Policies can act as an agent of change for communicating with older leads.

Besides taking up space in your database and increasing compliance risk, those records are also driving down your email results. Setting polices around who is emailable from an inactivity perspective will get those dead wood leads out of your mailings to ensure you are emailing the most engaged audience.

Without those dead wood leads in your campaigns, you’ll see better results.

#3. Reduce Compliance Risk by Standardizing Mailing Procedures.

Lower compliance

As part of the process, you’ll want to map various compliance regulations to your internal processes and document those decisions. An EDG Policy helps you find the gaps in your data management and email process to get compliant.

Policies are not required by compliance regulations but the mere presence of one helps show due diligence to reduce risk. In fact, Canada says as much in its CASL FAQ. When assessing fines, Canada looks at “steps you take to show due diligence.” However, having a documented policy demonstrates that the organization was proactive in its efforts to adhere to compliance regulations.

The enforcement response will depend on various factors listed in the law, including the nature, seriousness and impact of the violation, the history of noncompliance and the measures taken to prevent the violation from taking place. In short, our approach will be proportionate and measured. Canadian Radio-television and Telecommunications Commission FAQ

Put yourself in the shoes of a compliance judge in charge of making fine decisions for Canada, Germany or another country with strict regulations. Who would you show more lenience towards after an alleged infraction?

  • Company A with No Policy. Our company lacks adequate controls and there are some inconsistencies in our processes that led to 5,000 recipients being emailed who hadn’t previously opted in. We are now in the process of developing and documenting those processes.
  • Company B with Policy. We have a fully documented, 30-page policy that walks through every data source and puts a plan in place to ensure our audience receives spam-free messaging. Our teams were fully trained on XYZ dates. In the past 90 days, we have sent 2 million emails with proper controls but experienced a one-off issue with the email in question.

#4. Formalize Business Processes to Create Internal Efficiencies.

If your organization has different team members doing the same thing different ways, you’ll benefit from an EDG Policy. The policy will help standardize practices so the team can work in a standardized way.

For example, we see many marketers experience inefficiencies and room for error in the way that their companies build mailing lists. There are often 5-15 pieces of suppression list criteria that inefficiently get recreated for every campaign. If a business owner makes a mistake on just one of those, that could lead to compliance implications.

An EDG Policy helps define some of those mailing lists at a global level to reduce the error potential and increase efficiency.

Example: Every email must include the Do Not Email List. The global Do Not Email List suppresses anyone who is not emailable including unsubscribes, bounced emails, competitors, sales generated records, and more.

#5. Improve Data Management from a Mailing Perspective.

If your organization is like most, data is entering your systems from many different sources (Sales inputted, List imports, Form submitted, etc). Understanding the impact of those data sources is essential to creating a compliant and optimal mailing strategy.

Ask the question of EVERY person entering your system? Is the person emailable? If so, which emails should he or she receive?

For example, we see a lot of organizations take different approaches when it comes to data imports. What if someone imports data with Country values of “CA” instead of “CAN”? By the naked eye, the data looks great. However, your systems might not recognize “CA” as part of Canada and group those records into another mailing bucket, putting them out of compliance.

An EDG Policy helps spell out these mailing-specific data processes by inventorying data entry points and placing people in the proper emailable/non-emailable buckets upon entering the system.

#6. Enable Sales with Compliant/On-Brand Communications.

Today’s Sales enablement solutions such as Yeware, ToutApp and SalesLoft provide tremendous flexibility to send communications to prospects.

In our experience, many companies treat these Sales-enabled communications differently than Marketing communications because each is managed by different departments. This sometime leads to a Wild Wild West approach where the audience is receiving off-brand messaging where emails can conflict with one another (Marketing sends an email about an online demo and Sales sends a message about a demo call). And oh yeah, what about compliance?

Formalizing a plan around what messaging can get sent, who can receive it and how they receive it are all part of developing an EDG Policy. A side benefit is Sales and Marketing will get on the same page on how to communicate with the audience.

Developing the Email and Data Governance Policy – The Timeframe

An EDG Policy is not something that you write down overnight and then say you have a policy. Of course, you could try that but I’d bet adoption would be low and your systems wouldn’t be ready.

How long will it take? That all depends on your organization. I like to compare this process to organizing your closets. If you haven’t organized your closet in three years, it will take a lot more time to organize than if your closet already has its clothes neatly organized and color coordinated. If your company hasn’t communicated about its internal processes, a comprehensive policy may take longer.

We recommend developing the policy over a quarter or more to give you enough time to work through the worldwide business decisions that your team will need to make. Have someone document all the required business decisions and begin setting up meetings with the various stakeholders.

If a worldwide policy seems like too big of a project to take on, start by documenting your own department’s policies to get an early win as a step towards a phase two policy. For example, if you oversee North America and don’t communicate often with your worldwide counterparts, try documenting your own policies first.

Email and Data Governance Policy – Additional Considerations

In planning your EDG Policy, here are a few other items to consider.

  • A EDG Policy is not a technical “how-to.” Rather, it is a high-level document that provides vision into business practices. The “how-to” should live in supporting documents.
  • Don’t worry about fixing everything. If there are gaps, the organization can document those and address in a revision.
  • Think of the EDG Policy as the starting point that drives other policies. For example, you may decide to create a detailed Data Management policy to complement the higher-level document.
  • Prepare to train. An EDG Policy is not a magic bullet once it is developed. Employees need training on how to follow the policy–an often-overlooked piece. Documenting that a Sales rep shouldn’t send emails to records that were harvested from a list is one thing–having the Sales rep follow that process requires lots of training.


Developing a worldwide EDG Policy is essential to setting the foundation for a better experience for your audience while reducing compliance risk. Even if you start with something basic, start writing things down to formalize your business processes.