top of page

Compliance 101 – What Every Business Owner Needs To Know

Written by: Eric Yaillen, Executive Contributor

Executive Contributors at Brainz Magazine are handpicked and invited to contribute because of their knowledge and valuable insight within their area of expertise.


As a coach, you know how important it is to build trust with your clients. You want your clients to feel comfortable sharing their personal and professional challenges with you, so you can help them achieve their goals and live their best lives.

white puzzle with words

But did you know that if you're not complying with the latest data privacy laws, you could be putting your clients' trust – and your entire coaching business at risk? That's right. In today's digital age, data privacy is more important than ever before. Whether it's older laws like the Can-Spam Act or newer regulations like GDPR, CCPA, CPRA and others, there are strict guidelines that businesses and organizations must follow.

But don't worry – compliance doesn't have to be complicated. In this article, I'm going to break down the essential basics of what you need to know about Can-Spam, GDPR and CCPA, and give you some tips on how to stay compliant. Let's dive in! But before we do, it should be noted that not all of these laws apply to all businesses. Ideally, you should consult an attorney to ensure your protection, or at the very least subscribe to a service that provides the necessary policy statements.


One thing for certain. You should not copy/paste legal policies from other websites as each business potentially has unique practices, circumstances or clients that may require specific policy language. Copying policies can lead to incomplete policies that don't accurately reflect the practices of your business, leaving you open to potential legal issues and violations of data privacy regulations. Moreover, data privacy regulations are constantly evolving, and there are regularly new laws evolving that you need to consider. For example, the Virginia Consumer Data Protection Act (VCDPA) recently took effect on January 1, 2023, and applies to businesses that collect or process personal data of Virginia residents. Other new laws include the California Privacy Rights Act (CPRA), which builds on the CCPA and expands the rights of California residents over their personal data, and the EU's ePrivacy Regulation, which is expected to replace the current ePrivacy Directive and has a focus on online communication and data protection. Given these ongoing developments, it's crucial for businesses to stay updated on the latest regulations and implement policies that reflect their specific practices. As regulations change, businesses need to regularly review and update their policies to ensure compliance and avoid potential legal issues.

Furthermore, you should also update policies when changes such as

collecting new types of data or new

online marketing tools are made to your business as these changes may impact data privacy regulation compliance.


The CAN-SPAM Act is a U.S. federal law that regulates commercial email messages. Passed by Congress in 2003, it sets out requirements for commercial email messages, gives recipients the right to opt out of receiving emails, and provides penalties for violations of the law.

Each separate email in violation of the FTC’s Can-Spam law is subject to penalties of up to $43,280 per email that violates the act. In addition to the financial ramifications, can lead to a loss of customers and revenue, as well as damage to the company's reputation and brand. In some cases,it can result in criminal charges and may include fines and even imprisonment.

GDPR and CCPA (and CalOPPA)

GDPR, or GeneralData Protection Regulation, is a 2018 European Union data privacy law designed to give individuals more control over their personal data, and to hold businesses accountable for protecting that data. Breaches of this regulation carry fines ranging from 2-4% of total revenue up to €20 million. The 2004 California Online Privacy Act (CalOPPA) and the 2020 California Consumer Privacy Act (CCPA), is a similar 2020 law requiring businesses to be transparent about how they're using customer data as well as give California residents more control over their personal information. Violations of the CalOPPA and CCPA are subject to civil penalties of $2,500 for each violation or $7,500 for each intentional violation after notice and a 30-day opportunity to cure have been provided. Principles that these two laws have in common include giving individuals the right to know what personal data is being collected about them, and why; providing access to their personal data, and to request that it be deleted or corrected. Businesses must be transparent about how they're using personal data, and must obtain explicit consent from individuals before collecting or using their data. Other States have also enacted privacy laws including Maine, New York and Nevada.The most recent addition to the list being Virginia’s CDPA that went into effect on January 1, 2023. If your privacy statement does not include references to Virginia’s laws, you might be out of compliance.

Why Compliance Matters for Coaches

As a coach, you might be thinking, "Why do I need to worry about this stuff? I'm just a small business owner - these laws don't apply to me."

Well, you likely send emails or news letter to hundreds if not thousands of people at a time, and you likely collect some personal data - everything from names and contact information to their professional and personal challenges. But here's the thing: while CAN-SPAM applies to any business that sends bulk emails, GDPR, CalOPPA and CCPA apply to any business that collects personal data from EU or California residents, respectively. If you're not complying with these regulations, you could be placing both you and your clients' at risk, and if that data is ever perceived to be or actually misused or compromised in any way, it could lead to a loss of trust with your clients, negative publicity for your coaching business, and even legal action.

Tips for Staying Compliant

Now that you see why compliance is so important let's talk about some tips for staying compliant.

CAN-SPAM Compliance

To be in compliance with CAN-SPAM regulations, your commercial email messages must:

  1. Include accurate information identifying the sender in the "From," "To," "Reply-To.”

  2. Use an accurate subject line that accurately reflects the content of your message.

  3. Clearly and conspicuously identify that your email is an advertisement.

  4. Provide a valid physical postal address for the sender(P.O. Boxes do not apply to GDPR).

  5. Get consent from a positive opt-in.

  6. Provide an easy-to-use opt-out mechanism that allows a recipient to stop receiving future messages.

  7. Honor all opt-out requests within 10 business days and do not send further messages.

  8. If you use third-party marketers to send emails on your behalf, it is your responsibility to ensure that they comply with CAN-SPAM requirements.

GDPR, CalOPPA and CCPA Compliance

  1. Understand what personal data you're collecting, and why. Take a look at your intake forms, coaching agreements, and any other documents where you collect personal data, and make a list of what you're collecting. GDPR and CCPA require businesses to only collect the data that's necessary for their business purposes, so if you're collecting more than you need, you could be putting yourself at risk.

  2. Obtain explicit consent from your clients before collecting or using their personal data. This means that you must clearly explain what data you're collecting, why you're collecting it, and how you're going to use it along with providing the means for clients to opt-out of having their data collected or used.

  3. Be transparent about your data privacy practices. This means having a clear and concise privacy policy that outlines your data privacy practices. Your privacy policy should include information about what you're collecting, why you're collecting it, how you're going to use it, and how you're going to protect it. It should also provide your clients with information about their rights under GDPR and CCPA, including their right to access, correct, or delete their personal data.

  4. Protect your clients' personal data. GDPR and CCPA require businesses to take appropriate measures to protect their clients' personal data from unauthorized access, disclosure, and misuse. This means taking steps like encrypting sensitive data, using secure servers, and implementing access controls. As a coach, you also need to be aware of the potential risks of using third-party tools and services. If you're using a third-party tool or service to collect or process personal data, make sure that the provider is GDPR and CCPA-compliant.

  5. Train your team on data privacy best practices. Ensure that everyone on your team understands the importance of GDPR and CCPA compliance and knows how to handle personal data appropriately including knowing how to handle client requests for access, correction, or deletion of their personal data.

Easy Ways to Become Compliant

There are a variety of relatively inexpensive third-party websites that make it easy to set up all your compliance agreements and over the years I have used all three. These websites can be incredibly helpful for entrepreneurs who want to ensure that their website is compliant with legal requirements and protect their business from potential legal issues, and they can dynamically update when rules and regulations change, saving you lots of time and effort. The best among them is FTCGuardian which can be a valuable resource for entrepreneurs who want to protect their business from potential legal issues related to online marketing and data privacy.

FTC Guardian provides all your Basic Documents for unlimited websites plus Supplemental Compliance Documents, Intellectual PropertyProtection Documents, Customer Agreements, and Channel Marketing Agreements. They also offer webinars and twice-per-month virtual meetings to discuss Rules of the Road & Strategies. Two other sites that provide legal policies and documents for website owners and entrepreneurs are Termsfeed and Termly. These services, however, must be licensed separately for every different website domain. Both Termly and Termsfeed offer a wide range of legal documents, including terms and conditions, privacy policies, cookie policies, and more. These documents are customizable and can be tailored to meet the specific needs of a website or business.

Termsfeed also provides a free generator tool that can create one of your legal documents automatically based on your answers to a few questions.

FTC Guardian, Termsfeed and Termly all provide affordable options for entrepreneurs and website owners who don't have the resources to hire a lawyer to draft these documents. However, it's important to note that these documents are not a substitute for legal advice. If you have any specific legal concerns or questions, it's always best to consult with an attorney.


Whether it be the CAN-SPAM Act or the various privacy regulations, compliance is critical for coaches. Failure to comply with these regulations could lead to a loss of trust with your clients, negative publicity for your coaching business, and even legal action. By understanding what personal data you're collecting, obtaining explicit consent from your clients, being transparent about your data privacy practices, protecting your client's personal data, and training your team on data privacy best practices, you can ensure that you're protecting your business, your brand and yourself. Remember, compliance doesn't have to be complicated. With a little bit of effort and attention to detail, you can protect your client's personal data and build trust with your coaching clients. As an entrepreneur, one of the best practices when it comes to online marketing and data privacy is simply to be transparent with your customers. This means clearly outlining what data is being collected, why it's being collected, and how it's being used. It also means providing customers with the ability to opt out of having their data collected or used. In terms, of email best practices, it's important to ensure that your emails comply with anti-spam laws and regulations such as the CAN-SPAM Act. This includes providing a clear and easy way for recipients to unsubscribe from your emails, including your physical address in the email, and avoiding deceptive subject lines or content. Overall, entrepreneurs should prioritize compliance with data privacy regulations and best practices in online marketing to protect their business and build trust with their customers. In conclusion, businesses should avoid copying legal policies from other websites and instead implement policies tailored to their unique practices. With the constant evolution of data privacy regulations, businesses need to stay updated and regularly review and update their policies to ensure compliance with the latest laws. By doing so, businesses can avoid legal issues and protect the privacy of their customers. Websites like FTCGuardian, Termsfeed, and Termly can be helpful resources in achieving this goal.

However, it's important to remember that these tools are not a substitute for legal advice, and entrepreneurs should always consult with an attorney if they have any specific legal concerns or questions.

Follow me on Facebook, Instagram, LinkedIn, and visit my website for more info!


Eric Yaillen, Executive Contributor Brainz Magazine

Known as a Marketing Technology Wizard, Eric helps his clients save countless hours and expense by streamlining their processes and eliminating unnecessary systems for managing customer information and marketing programs. As the creator of The MegaFluence Method, he applies his extensive knowledge and decades of experience coaching businesses on becoming market leaders in their niche. Email him at or go to for a free 30-minute introductory business analysis.



  • linkedin-brainz
  • facebook-brainz
  • instagram-04


bottom of page