Skip to content

GDPR requirements all marketing professionals should be aware of

Data shows that 84% of SMEs are still unaware of the new General Data Protection Regulation (GDPR). The GDPR will apply from 25 May 2018, so get ready!

It aims to improve customers’ trust by giving them more say over what companies can do with users’ data. A 2016 study by Chartered Institute of Marketing found that 57% of consumers don’t trust brands to use their data responsibly. The GDPR should connect the customer’s needs with how the companies collect their data.

As a marketing professional, you are likely to be one of the first  affected in regard to the use of consumers’ personal data. If you still do not fully understand how your business can be compliant with the GDPR, here is some insight.

How Does GDPR affect marketing?

There are 3 main areas you need to worry about: Data permission, Data access and Data focus.

Data permission

The GDPR explicitly bans pre-ticked opt-in boxes. Under the GDPR you will need to obtain specific, opt-in consent from your customer to use their data. Due to this requirement for explicit consent you will only be allowed to contact someone who wants to hear from you.

The choice of the customer need to be deliberate!

In the case of refer a friend programs the breach occurs only if the data is stored and used after the notification email.

GDPR compliant:

  • Your customer should opt-in to marketing emails by ticking the sign-up box.
  • You are not allowed to store neither use any data related to refer a friend programs.

GDPR breach:

  • When your customers fill out a web form, a pre-ticked box that automatically opts them in to receive marketing emails.
  • You stored and used their friends email.          
  • You are buying email listing.

Data access

The right to be forgotten gives your customers the right to remove their personal data.

GDPR compliant:
You should insert an unsubscribe link within your email marketing template.

GDPR breach:
Your customer is not able to get access to their data and remove consent from their use.

Data Focus

The processing of the personal data you collect should be necessary. If you are not sure of the Why, stick to the basics – full name, email address and company name for a B2B marketers.

GDPR compliant:
You can explain why you are collecting each bit of data you collect.

GDPR Breach:
You have a “too much is better than too little” approach.

Need an incentive?

The big Stick

From 25th of May 2018 onwards, businesses that are in breach of the new regulations will be fined up to 20 million euros or 4% of global annual turnover (whichever is the greatest). This fine might be issued only in cases of serious offenses such as failure to erase the data at any time under a user’s request.

Do not try to obtain consent from your customer base by sending emails to all of them even those who previously opted out. This good intention will lead to a breach of GDPR.

The Carrot

GDPR can lower your marketing costs and make it more efficient as you will be advertising to people who want to hear from you. Customers will be more loyal to you because they trust you.

You should also use your compliance as a competitive strength. According to the GDPR, large companies will be responsible for the way their third parties process information. Large businesses risk a higher penalty and will have budgets to ensure their suppliers are GDPR compliant. Thus, if you don’t comply you run the risk of  losing market share.

Next Step?

Now that you’re ready to tackle any breach with the GDPR, what you should you do?

Clean your mailing list

Remove your duplicate, aged data and anyone you do not have the opt-in from. Some companies have decided to just delete their entire email marketing database and continue with their facebook or twitter pages.

Train your sales team

If you choose to delete your email database you should train your marketer to prospect on social media rather than emailing. A higher bar has been set for marketers with GDPR, time is come for innovative thinking.

Open your data to your customer

Be sure your customers can reach their data and ask for opt-out.

Understand the purpose of your action

You should fully understand why you are collecting your data.
Ask yourself can I do without it?


Now you are aware of the GDPR, a quick checklist about the key points to remember as a marketing business:

  1. Take action now, May the 25th is around the corner.
  2. Do not contact a customer who did not expressly opt-in.
  3. Enable your customer to be forgotten.
  4. Have a answer to the WHY.

GDPR compliance will totally improve the data quality and should not be seen as a bad outcome at all. This new regulation can force you to cut costs, improve marketing efficiency and your relationship with your customer and contractors. Don’t let this golden opportunity slip through your fingers.

Written by Mathilde Foucher, Content Writer at Linkilaw – The legal Platform for Startups.