New guide: Thriving in tough times
A leaders guide to successful business growth

GDPR for Marketing

In today’s connected world, personal data is being collected at an incredible rate.

The websites you use, the calls you make, the places you visit and even the photos you take are all recorded, measured and leave a digital footprint - a footprint that is fast becoming a prized resource.

In May 2017, The Economist called personal data "the world’s most valuable resource" ahead of oil because it can be turned into many "services" which can generate new sources of revenue for companies.

Because personal data is so valuable, it’s vulnerable to theft or misuse and this has led to consumers demanding to know how companies use and store their personal data. Put simply, consumers are not convinced that companies are doing enough to protect them.

In fact, a report published by the Chartered Institute of Marketing found that 57% of consumers don’t trust brands to use their data responsibly.

Another concern is that Symantec’s State of European Privacy Report found that 90% of businesses believe it’s too difficult to delete customer data and that 60% do not have the systems in place to help them do so.

Clearly, there’s a significant disconnect between consumers, their personal data and how the companies that collect personal data and then use it.

When it comes to GDPR and how it affects marketing, 41% of marketers admit that they don’t fully understand the law. In addition, they aren’t fully aware of the best practices with regards to how personal data should be collected and used in communication.

This is one of the main reasons why the European Union will implement GDPR.

What is GDPR?

The General Data Protection Regulation (GDPR) is a new digital privacy regulation being introduced on the 25th May, 2018. It standardizes a wide range of different privacy legislations across the EU into one central set of regulations that will protect users in all member states.

Going forward, this means companies will be required to build in privacy settings into their digital products and websites and have these settings switched on by default.

Companies will also need to regularly conduct privacy impact assessments, document the ways they obtain and use personal data and improve the communication of data breaches.

GDPR is legally binding and cannot be opted out of or ignored. In fact, failing to comply could lead to fines of up to €20 million or 4% of your global turnover!.

Why introduce GDPR now?

GDPR is "the most far-reaching change to data protection in a generation" and is a dramatic shift in the way the EU wants personal data to be managed.

The EU’s new approach to online privacy puts individuals first because they believe that individuals should be protected and empowered, rather than exploited or ignored.

This approach to data protection is the EU’s way of keeping companies big and small more accountable for their actions. EU regulators believe that companies have been exploiting personal data for their own gain and have not been transparent about how they were using the data. GDPR has been designed to end all of that and put the power back in the hands of the consumer.

Consistency in data privacy regulations is good news for all marketers. However, this new change comes with quite a few challenges – especially for marketing teams that communicate to customers based in the EU.

How does GDPR impact marketing and CRM?

GDPR might seem extreme, especially for smaller businesses or solo-practitioners. Realistically, there are only 3 key areas that marketers need to worry about – data permission, data access and data focus.

Let’s take a look at each of these individually.

1. Data Permission

Data permission is about how you manage email opt-ins. These are people who request to receive promotional material from you. You can’t assume that they want to receive email marketing campaigns from you and in the future unless they clearly express consent.

In practice, this means that leads, customers, partners, etc. need to explicitly confirm that they want to be contacted. You need to make sure you have actively sought (and not assumed) permission from your prospects and customers, and that you have their consent to contact them. Therefore, a pre-ticked box that automatically opts them in to newsletters won’t cut it anymore. Opt-ins need to be a deliberate choice.

2. Data Access

The introduction of the GDPR offers individuals a method to gain more control over how their data is collected and used including the ability to access or remove it. This is in line with an individual’s right to be forgotten.

The right to be forgotten has become one of the most talked about rulings in EU Justice Court history. It gives people the right to have outdated or inaccurate personal data removed. This has already impacted a company like Google, who was forced to remove pages from their search engine results in order to comply.

As a marketer, it will be your responsibility to make sure that your users can easily access their data and remove consent for its use. This can be as straightforward as including an unsubscribe link within your email marketing templates and linking to a user profile that allows users to manage their email subscription preferences.

3. Data Focus

As marketers, we can all be guilty of collecting a little more data from a person than we actually need.

With this in mind, GDPR requires you to legally justify the processing of the personal data you collect.

This means that you need to focus on the personal data you absolutely need and stop asking for the "nice to haves". If you really need to know a visitor’s shoe size and inside leg measurement, and can prove why you need it, then you can continue asking for it. Otherwise, avoid collecting any unnecessary data and stick with the basics.

5 practical tips on GDPR for marketing

In January 2017, Osterman Research Inc, published a paper and found that 73% of businesses are not ready to meet the compliance obligations of the GDPR. While a recent study by Symantec found that 23% of businesses feel they will only be partly compliant by the May 2018 deadline.

The good news is that there are several things that you can start doing right now to make sure your business is GDPR compliant ahead of May 2018.

Here are five practical tips that you can get started with immediately:

1. Start auditing your mailing list now

If you don’t have a record of a person’s opt-in, then remove that email address from your list. For new email subscribers, make sure that that the potential subscriber confirms that he or she wants to join your email list by sending an automated email to confirm the subscription.

2. Review the way you’re currently collecting personal data

Personal data comes in a variety of ways for marketers - buying email lists, exchanging of business cards, as well as contact forms on your website. As you review your personal data, ask yourself why you are collecting the information and what you’re using it for.

3. Educate your sales team about social selling techniques

Connecting with prospects in social media and sharing relevant content with them in the different social media channels is a much better way of selling than just cold calling or using email tactics.

4. The time for using Google docs or Excel spreadsheets to store customer data is over

Try to centralize your customer data into a CRM system. Make sure your users can access their data, review its proposed usage, and make any changes as necessary.

5. Understand the data you're collecting in more detail

Is it all necessary, or are there elements that you can do without? When it comes to sign up forms, only ask for what you need, and what you will use. For B2B marketers, full name, email address and company name is usually more than enough.


The months leading up to May 2018 will be challenging for businesses across Europe and beyond. GDPR changes the way companies operating in EU countries handle personal data, with fines of up to £20 million if they fail to comply. That’s why it’s important for you to seek advice from a lawyer as to what is or is not a legal requirement for your business.

It’s important to remember that GDPR isn’t designed to stop businesses from communicating with their customers. GDPR will lead to an increase in data quality, which is why the best and most resourceful marketers see this as an opportunity to delve deeper into the needs of their prospects and customers, rather than using the traditional “one-size-fits-all" approach to marketing.

That being said, the rules for GDPR compliance are quite simple – don’t assume that prospects and customers want to hear from you, don’t cold contact them and don’t send them irrelevant information that they didn’t request.

If you can do all that, then you’re taking a huge step towards being GDPR compliant.

If you would like to learn about GDPR and how it will impact your customer relationships, then check out this guide.


Disclaimer: The content in this article is not to be considered legal advice and should be used for information purposes only.

Want more original content in your inbox?

Sign up to our newsletter to learn the secrets we have learned helping growing companies turn relationships into revenue.