Compliance: The Missing Piece of Your Marketing Plan

You’ve identified your personas and their pain points, aligned your content and messaging around primary keywords, and created your first marketing campaign using all of your available marketing channels. You’re ready to rock, right? Wrong.

There’s one more critical piece to your marketing plan: compliance. 

Adherence to basic marketing and advertising standards of truth, as well as compliance with federal — and in some cases, international — standards ensure that your customers aren’t misled, their privacy is respected, and their data is protected. 

Compliance can be a confusing issue, and when I’m confused, I turn to an expert for help. For this blog, I asked Danielle Kucera, Principal Officer and Quality Director at 360 Advanced, to weigh in and make sure I’m giving you accurate information. 

Full disclosure: 360 Advanced is a former Big Sea client. 

Person with a checklist making sure they are following marketing compliance

What is marketing compliance? 

Marketing compliance means making sure that your company’s marketing abides by rules and regulations set by the government. These standards are meant to protect the consumer from being misled or lied to by businesses.

Why is it important to be compliant?

Everybody, to varying degrees. Mom-and-pop shops often skirt compliance regulations because “Hey — we’re too small for the law to notice.” 

That’s not a good idea. You may get away with it, but if you don’t, it could cost your business big time. Even a small, family-owned business can find itself in hot water if it doesn’t follow the rules of marketing compliance. Fines for false advertising and other non-compliant practices can be crippling, and even if you don’t suffer a financial penalty, your reputation can take a devastating hit. 

Don’t panic just yet. Marketing compliance isn’t a terrifying ogre meant to keep you from reaching out and engaging your prospects and customers. In fact, when you are following all of the best practices you need to, marketing compliance is a unique value proposition you can share with your customers. 

Kucera recommends a strategic, phased approach. “Compliance can seem overwhelming. The smart approach for a small business is to take it one step at a time. Research which regulations and standards apply to you. Are you already in compliance? If not, what changes will you need to make to get there? Can those changes have a net positive benefit beyond compliance? Compliance becomes more manageable when it is part of a strategy that positively impacts your entire business.” 

The basics of marketing compliance

Let’s start with a no-brainer: You can’t lie to your customers. Specifically, according to the FTC’s Truth in Advertising guidelines, you can’t make claims that are untrue or misleading. This applies to your ad copy, but also social media posts and even email subject lines. An email that has the subject line, “Here’s $5 toward your next coffee purchase” better have a $5 coupon inside — preferably without a bunch of hoops for the customer to jump through. 

Especially if it’s $5 for coffee. Don’t play with my emotions when it comes to coffee, people!

If your company is running a deal or contest, the details and terms of the promotion need to be clear and prominent. Even if it’s just a Facebook contest for your local small business. Facebook, by the way, has strict rules regarding contests on its network. 

Clearly defined terms around a promotion also protect the business, as SunnyCo Clothing discovered when its bathing suit giveaway on Instagram went viral — for all the wrong reasons.

Influencers and Endorsements 

“Open and honest, always” is more than the first Big Sea core value. It’s also the FTC’s directive to companies when employing influencers and endorsements. Here’s a short checklist that will keep your influencer marketing above board: 

  • Did they actually use your product? The answer better be “Yes,” or you could be accused of fraud. 
  • Did you offer them compensation (goods, service, or monetary) for the endorsement? If the answer is “Yes,” they need to state that clearly in the endorsement. 
  • Are their claims about your product true? Influencers can’t lie on your behalf. If your protein shake can’t actually cure eczema, don’t let someone else say it does. 

Blog articles, Instagram posts, or tweets, your influencers have to disclose their relationship to your brand. The FTC allows some flexibility around disclosures, but not much. It’s as simple as putting #sponsored or #promotion in the post. Don’t bury the disclosure at the end of a lengthy list of hashtags, either. It should be the first, not last, of your hashtags. 

Endorsements and influencers are not the same as reviews. Reviews from happy customers can and should be part of your marketing strategy. Earning them, collecting them, and sharing them with prospects gets the Big Sea Seal of Approval!

Specific Compliance Standards Explained

Beyond the FTC’s Truth in Advertising guidelines, there are certain federal and international regulations or standards that you may need to comply with.


The General Data Protection Regulation (GDPR) is a set of guidelines for the collection and processing of personal information of European Union citizens. This may sound like it doesn’t apply to you, but if your business operates in a state impacted by international tourism, it definitely does. And even if you don’t live in one of these major metropolitan areas, if Google Analytics reports any traffic from EU states, or you have any employees from the EU, you should make sure you are GDPR compliant. 

While the United States’ guidelines around personal information are less stringent at the moment, public sentiment is pushing in favor of a GDPR-style framework. Getting good with GDPR now can set you up for success with your local customers, too. 


If you’re a local chiropractor, dentist, or physical therapist do you need to worry about HIPAA in your marketing? Yes. If you allow new patients to schedule an appointment on a form, that form submission data needs to be protected. If you engage in email marketing, you need to make sure your email list data is secure. 


You probably know that your point-of-sale system in your brick-and-mortar location needs to be Payment Card Industry Data Security Standard (PCI DSS) compliant, but did you know your ecommerce needs to be compliant, too? It’s true. If you process credit card information, in-person or electronically, PCI applies to you.

Data Security 

Whether you’re a chic boutique on Main Street or a billion-dollar financial mega-enterprise, if you collect data from customers, you should protect it. That includes the big stuff like email and physical addresses and credit card information, as well as data that may seem less significant, like birthdays and phone numbers.  

A minimum of data protection for small businesses includes a firewall around your network, updated anti-virus and malware software, regular backups of your servers, and — perhaps most important — training for all employees on best practices around mobile devices, passwords, and security principles.

Advertising to Children? COPPA

If your product is marketed toward children or their parents, it’s important that you are familiar with and in accord with the Children’s Online Privacy Protection Act. The FTC has created a six-step guide for businesses to follow in order to comply with COPPA.

Accessibility Standards

Accessibility for individuals with different abilities applies to digital marketing as much as it does a brick-and-mortar location. Web content should meet WCAG 2.1 guidelines

Marketing compliance checklist by role

While the above standards, rules and regulations apply company-wide, there are specific marketing compliance responsibilities depending on your role in marketing or the type of marketing you do. Here are a few examples, according to Ziflow, of what a person in each role should keep in mind: 

Content creator 

  • Ensure all of the right stakeholders review and approve content, in the right sequence, including the legal counsel if needed
  • Save and store all files and final versions in an acceptable format and location
  • Check brand standards and regulatory requirements, such as disclaimers.

Project manager

  • Determine which stakeholders need access for each project
  • Track when stakeholders are involved with the content and what actions they are required to take
  • Set up review processes for internal and external stakeholders, including the Legal team as needed
  • Control project versioning to reduce error

Marketing leadership

  • Create guidelines for how clients, partners and stakeholders interact with your company
  • Stay abreast of regulatory requirements
  • Ensure content and design align with legal requirements across campaigns.

Marketing technologist

  • Secure all data related to customer interactions and campaign analytics
  • Generate compliance reporting to stakeholders
  • Monitor data governance practices and find gaps

Getting compliant is easier than you think

Compliance is easier than ever. For starters, get buy-in from your entire team. Everyone should know the standards your company adheres to. Share them, discuss them, and put together a cross-functional task force to enforce them. 

Marketing automation tools like HubSpot offer guidelines on how to use, and how not to use, customer data. Termly offers terms and conditions and privacy policy documents that can be viewed easily on your site and a pop-up so users agree to those terms. 

If your company is big enough, consider hiring a compliance officer to develop and maintain your compliance strategy. And if you have questions, go to an expert. Which is why I asked Danielle to help me with this blog in the first place. 

“Compliance can make or break a growing company,” says Kucera. “A data breach can literally sink the ship. Whether the need is federally driven or customer-driven, a savvy compliance plan can help you demonstrate not only that your business plays by the rules, but also that you’ve been willing to invest in protecting your customers’ data; the marketing value far outweighs the initial cost.” 

Make compliance the Excalibur of your marketing

Actions speak louder than words. Telling your customers you’ll treat them with integrity is one thing. Showing them your commitment to open and honest (always!) communication, respecting privacy boundaries, and protecting their information is quite another. When compliance and customer privacy are part of your company’s core values, it can be a powerful asset to your sales strategy.

Don’t believe me? Dropbox, the cloud-based file hosting SaaS company, created a Trust Guide so every new user knows exactly how their data will be secured and protected. This content isn’t buried in the footer, either; it’s in the primary navigation. It’s part of a content strategy aligned to a buyer’s journey. This page informs and persuades prospects who handle sensitive data and are considering Dropbox as a solution for their file hosting needs. 

You can do the same. All it takes is a marketing compliance game plan that includes knowledge, team buy-in, action items to achieve compliance, and an eye on the positive net benefits compliance will unlock for your business.

If you need a marketing agency on the forefront of compliance or have questions about your current marketing game plan, contact us.