GDPR and how it affects your marketing


The EU were concerned that companies were exploiting the data that they had on consumers. The new GDPR regulation aims to protect the online privacy of individuals with better transparency, the right to have data removed, and better security on the holding of that data.

When does GDPR compliancy become mandatory?

Friday 25th May, 2018

How does it impact marketing?

There are 3 areas where marketers muct show compliance and good practice:
  • Data Permission
  • Data Access
  • Data Focus
How GDPR affects Marketing
How GDPR affects Marketing in bite-size segments

How important is it?

  • 1st fine: Euros 10 Million or 2% of the company's global turnover
  • 2nd fine: Euros 20 Million or 4% of the company's global turnover

Data Permission

This governs how you manage email Opt-ins. Consumers will need to express consent in a “freely given, specific, informed, and unambiguous” way. Pre-checked boxes on your forms and landing pages will not be enough and you will now need to mention that you wish to retain their data for future marketing, whatever form that takes.

As an example:

Getting your email forms GDPR compliant

Data Access

Individuals should now have an easy and transparent way to access, edit or remove their consent for you to use their data, from your system/s. You are likely already doing this but you must have a clear link to an UNSUBSCRIBE and/or EDIT MY DETAILS on all correspondence.

Data Focus

Unless you can prove that your business requires ALL of the data that you are asking for you will need to stick with the basics, as above. If your business really does need their hat size, as you sell hats, then that is fine. Mention why you are asking for certain data though.

Your Next Steps

  • Check, and then double check, that you have no way of you, or your staff, sending anything to anybody who has previously opted out
  • Check all of your sales contact, and marketing contact, templates and emails to make sure they are compliant to Data Permissions
  • Check your website for forms and other areas where details may be asked for and collectedUpdate your cookie policy and your Terms or Privacy Policy to show that you take GDPR seriously
  • If you have two or more systems and a person opts out of one of them, then have a process in place that updates the other systems!


Even asking your database for consent is a form of marketing and would be against GDPR policy. Consumers know about GDPR and, if they have had a bad day, they may well process a complaint. Therefore, should you spot a mistake or a consumer contacts you directly, such as replying to your email, then act immediately, apologise, correct the error and inform them of your actions.
Buying lists of data will be forbidden under GDPR so do not even go down that route. It just won’t be worth it. Make sure that the staff, that may face this issue, are fully aware of their new responsibilities. This typically includes the Email Marketing Managers, the Marketing Automation staff and PR executives.


If you follow the rules – don’t be. On a positive note, this is an opportunity to better define our data, and promote brand trust, transparency, and integrity.

If you need somebody to undertake a GDPR compliance audit for you, including sorting out all of your forms and landing pages, etc, then feel free to give me a call to discuss how I can help you.

Follow me for instant notification of new articles and news
Follow me on Linkedin Follow me on Facebook Follow me on Twitter Follow me on YouTube