The Impact of the GDPR on Digital Marketing and How to Prepare for It

The GDPR will be enforced on May 25th, 2018 and it will have significant impact on digital marketing. Find out how you can best prepare for the GDPR deadline.

The Global Data Protection Regulation (GDPR) will be enforced starting on May 25th, 2018. It will affect all organisations that collect data from any EU citizen regardless of their business location. So, are you prepared? If not, you are not alone. According to the UK Direct Marketing Association, only 54% of global companies believe they will be compliant before the deadline.

What is the GDPR?

The GDPR is a new European Union Regulation that was developed to protect EU citizens from privacy infringements and data breaches in our increasingly data-driven world. In short, the GDPR gives consumers full control over their personal data. The new law will have a major impact on digital marketing, especially in regards to how we handle personal data for commercial purposes and what organisations have to do to ensure compliance. The changes in the GDPR will present numerous challenges for companies, and one of the biggest for marketers will be consent management.

Why is the GDPR actually a good thing?

While the initial reaction might be to resist these new regulations, the GDPR will benefit both consumers and businesses. Consumers will get full control over their personal data, the "right to be forgotten”, the right to data portability, and the right to know when your data has been hacked (within 72 hours). On the other side, businesses will enjoy one simplified regulatory environment for the entire EU market. This could result in cost savings by eliminating the need to consult the individual laws for each EU member country. Furthermore, companies will be able to take advantage of a more efficient and effective exchange of data. In general, the data protection regulation will promote transparency, strengthen user rights and build trust.

How will the GDPR affect digital marketing?

In digital marketing, we rely on the personal data collected from different devices to build buyer personas, create tailor-made customer journeys and provide a personalised customer experience. However, collecting and managing data will be more challenging once the GDPR goes into effect:

  1. User Data Control: users will have full control over their data; the right to access, consult, rectify or have it deleted.
  2. Data localisation and infrastructure: data will have to be stored in Europe.
  3. Compliance: anti-spam governance (opt-ins, opt-outs, etc.) will have to be introduced and pages containing personal data will need to be password-protected and data encrypted. A solution would be to introduce a global profile management page, and cross-channel that works for email, cookies and everything that is related to your organisation’s data.
  4. Consent management: users will be able to give and withdraw consent and the records must remain auditable at all times.

Additionally, all four points above must be self-evident and subject to audit. However, the biggest challenge for organisations will be the obligation to obtain unambiguous and verifiable consent from customers for processing their personal data. Without this consent, firms will be prohibited from storing any user data, and therefore, they will not be able to run marketing campaigns based on the data they collect.

Why should you care?

While marketers are looking for more guidance and clarity regarding the interpretation of the GDPR laws, this confusion cannot be used as an excuse to ignore the GDPR for two big reasons: First, firms that don’t comply with the new law will face steep fines of up to €20 million or 4% of total annual revenue, whichever is higher. Second, the new regulation will also be a huge opportunity for forward-thinking companies to secure a competitive advantage in digital marketing, especially in regards to moment data and macro data. Therefore, companies ignoring the GDPR risk losing out to more proactive competitors. Consequently, firms should prepare their organisations to comply with GDPR regulations well ahead of May 2018, and begin fine-tuning their customer journey to take advantage of the new influx of data.

How can this be done? Let’s take a look at the Netcentric approach:

Netcentric approach: Privacy by Design

The Netcentric Approach focuses on “privacy by design” as opposed to “privacy by default” where you adapt your tool after each regulation. In our approach, the tool is inherently designed for data protection. As illustrated by the graphic above, we achieve this by creating awareness about the regulation, assessing the data landscape, analysing the strategy and then proposing an action plan. Once the plan is approved by the legal department, we can implement the solution under GDPR compliance. However, because this is an evolving process, we must constantly review and analyse our assets and data collection points to improve our marketing operations.

Here are the key points on consent management:

Getting consent

Consent must be freely given, specific, informed and unambiguous. This means we cannot have pre-approved checkboxes or lengthy disclaimers that no one reads or easily understands. With the GDPR, you must now clearly state your purpose for collecting any and all personal data.

Keeping records of consent

It will be mandatory to record consents once the disclaimer is accepted, record the channel where it was collected, and this must include a full version recording system of the disclaimers and consents.

Getting consent for existing contacts

In order to continue marketing campaigns with your current database, start asking new contacts for consent right now with the goal to get as many approvals as possible prior to May 2018. This will ensure your marketing efforts won’t be interrupted after the deadline passes.


Remember, while stricter regulations may sound threatening, the GDPR offers a great chance to develop a new competitive advantage in your industry. By improving the data you gather from new contacts, you will attract more valuable prospects and can guide them through more personalised customer journeys.

However, it won’t happen on it’s own. With the GDPR less than 9 months away, firms must make the collection and management of EU citizens’ personal data a top priority today. A smart way to get started and avoid hefty fines is to tackle one of the GDPR’s biggest challenges for marketers, consent management. A proactive “privacy-by-design” approach to the GDPR is the most effective way to mitigate the risk of non-compliance and create a centralised system for managing customer data and consent across all marketing channels and devices.

If you would like to explore a proactive “privacy by design” approach to the GDPR: