GDPR & Marketing Post

GDPR & Marketing: 3 Key Things Marketers Need to Focus On

In The Digital Marketing Blog by SeanLeave a Comment

With GDPR (The EU’s General Data Protection Regulation) fast approaching (the new law starts on the 25th May 2018), most marketers will be well ahead in their preparation for ensuring that they don’t fall foul of the new laws.

But for those who’ve left it slightly late, or who just want to make sure they’re on the right track, we’ve asked fellow marketers and business experts what 3 key things should businesses be focusing on getting sorted by the 25th May.

Here’s what they had to say:

1.     Update Your Privacy Policy & Notify Your Customers

Lets face it, most people skip over privacy policies and struggle to understand them even if they don’t. With GDPR coming into play, that’s all set to change. Users now need to be able to easily understand how and why their data is being collected.

Updating your privacy policy and notifying your customers that you’ve done so is one of the key things businesses need to do before the 25th May.

Just take a look at this example of what Google have done.

We spoke to KJ Dearie, Product Specialist and privacy consultant for Termly who explained that

“One of the first steps that marketers and business owners should take in their mission to prepare for the GDPR is to update their legal policies. The GDPR demands that websites adequately inform users of how and why they collect and store consumers’ personally identifiable information (PII). This information needs to be comprehensively outlined in an easily-accessible privacy policy”.

Not only do marketers need to have comprehensive legal policies in place that explain their data processing practices, but their consumers need to be properly notified of those policies.

Users need to be directed to a privacy policy – whether through a clickwrap modal, a pop-up, an email, or a form section – and asked to acknowledge that they are aware of and in agreement with that policy. This acknowledgement should come through a freely-given action such as checking an unticked box which grants permission to have their data collected and used”.

Zak Pines, CMO at Bedrock Data echoes the thoughts of KJ Dearie and explains that businesses will also need to inform their customers of what’s changed and why.

Find out his 3 tips for ensuring you’re GDPR ready below:

“By this point, your business should have updated its privacy policy, end user agreement, and even created a new data processing agreement. After you’ve edited these resources, ensuring that they’re easy to read and understand, the next step is to tell your customers about your new policies — also in plain English.

Tip #1: Email your customers base to inform them that your organization has done the above. Let them know you take data privacy and security seriously, while emphasizing that you’ve given them greater visibility into how you process data which they can review anytime. The takeaway should be that they own their personal data. And should they have questions about how GDPR affects them, that they can easily contact you.

Tip #2: Publish your new policies on your site. Usually these resources can live in your legal section. But don’t stop there. Trumpet your updates elsewhere, as a blog post, tweet, or contributed article. Triple-check your CRM’s automated email lists are accurate and that you do, in fact, have permission to contact everyone captured in these systems.

Tip #3: Audit your CMS to ensure all forms that prospects, leads, partners, and customers fill out include the option for them to confirm that they wish to be contacted. These forms must proactively seek permission to send emails and product updates by offering a visible opt-in on the UI. So nix the pre-checked box. Make the ability to unsubscribe more prominent. And if customers have opted out of being contacted, don’t ever contact them again unless they contact you”.

2.     Ensure You Have Permission to Email Those on Your Mailing List

Quite simply, GDPR will significantly impact any businesses undertaking email marketing campaigns. Essentially, you’ll need to make sure that you have explicit permission and consent to email those on your email list. It must be easy for people to opt-out and you can’t have any pre-ticked opt-in buttons or boxes on your site.

We spoke to Sam Carr, Marketing Manager at PPC Protect who explained

“If your business runs a mailing list, then the first thing to check is that you have the users permission to store their data and send them emails. As part of GDPR, businesses are expected to prove they have consent from users, so storing these somewhere safe is essential just in case you are ever asked to show them”.

Similarly, Ryan Jones, Digital Marketing Executive at Imaginaire said

“GDPR is going to affect digital marketing in a large number of ways, but it will have the biggest and most dramatic effect within the email marketing space. Many companies automatically add everyone who contacts them through their website to their mailing list ready to market to them. You simply won’t be able to do this after the 25th of May! People need to ensure that their data is going to be used responsibly whilst in your hands.

Make sure all contact forms have an un-ticked option to add to your mailing list.

Ensure that any data collected is used responsibly and within the 6 classifications of consent”.

We asked Samantha Avneri, Marketing Director at Regpack what 3 things she’d put in place when it came to email marketing. She said:

“GDPR is a huge undertaking, so I’d recommend REALLY doing your research an all the implications, both for marketing and the security side. 

This was my “to do” list on the marketing end, to ensure we are prepared when it came to email marketing:

  • Ensure all places and forms on the website include an unchecked box to opt-in to marketing emails, including link to privacy policy. 
  • Ensure our unsubscribe functionality is present on ALL email communications. 
  • Determine if the email mailing list we have currently was obtained with positive consent, as GDPR regulations state. Can we “prove” we got consent from this person? If not, create campaign to obtain consent from current mailing list..”

We also asked Marcus Miller, Head of SEO & Digital Marketing at Bowler Hat the same question and he explained that…

“The key consideration here for marketers is that consent must be given and not assumed. 

  • You can no longer have a user download a guide and then send them email marketing. They must consent to that marketing. 
  • Consent must be opt-in rather than opt-out so no tickboxes with the tick already in the box!
  • The data subject must be able to withdraw consent at any time. 

All in all, this is an exercise to ensure you are not holding data that you don’t need and that any user data used for marketing has clearly opted in. Smart marketers will channel this to ensure their message is even more useful and that marketing communications delight the recipients”. 

Here at SiteVisibility, we believe that the result of the new laws will be a good thing and can help to ensure your marketing is a lot tighter and that your audience is an engaged one. We spoke to Henry Walton, Account Director at Prime Pixels who agreed and explained:

“We believe that GDPR will revolutionize the relationship between digital marketers and their users.  Data collection will be selective, monitored and create more meaningful connections. This will ensure that digital marketers have a better understanding of their users’ wants and needs. It will finally be a matter of quality rather than quantity.

We ask people to re-opt in to our lists. This is a good way to cut the wheat from the chaff. We are left with data that is useful rather than just large in quantity.

Take newsletter opt ins – A newsletter that hasn’t really been signed up to by the user is basically worthless. We’re making sure the user has to take action to sign up. This means the chances of them reading it when it lands in their inbox increase”.

3.     Ensure Your Cookie Policy is Compliant

Cookies are only mentioned once in the EU GDPR, in Recital 30, but there are big repercussions for anyone who uses them to track users browser activity.

It states:

(30): “Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers or other identifiers […]. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.”

Essentially, you’ll need to review your cookie policy in order to comply. Users can’t automatically be agreeing to a site’s cookie policy just by using it anymore and instead they must have the option to opt-in or out.

Henry Walton says that you’ll need to “Be transparent about how you’re using data and why. Does it make it easier to offer a better service or website experience?”

Whilst we also spoke to Pankaj Sabharwal, Digital Marketing Manager at Grazitti who explained that:

“Visitors must be given an option whether to agree to these cookies or not, consent to cookies should be a transparent affirmative action & an easy Opt-Out should be available at all times”.

If you’d like to find out more about cookie consent under the GDPR you can do so here.


So, with GDPR just around the corner, are you ready? Have you implemented everything you need to?

If not, the points above will make a good starting point. Let’s recap on what they were:

  1. Make sure that your privacy policy is updated, understandable and that you notify your customers
  2. Ensure you have permission to email those on your mailing list
  3. Make sure that your privacy policy is compliant

What are your predictions for how GDPR will impact marketers? Is there anything else that needs to be taken into consideration? Id love to hear from you. Feel free to leave a comment below or send me a mail with your thoughts.

Leave a Comment