Tuesday, 22 May 2018 10:14

Understanding What GDPR Means For Marketers

As a marketer, you should be familiar with the General Data Privacy Regulation (GDPR) that will be fully enforced on May 25th. Having been ratified in April 2016 by the European Union with a two-year grace period for implementation, the timeline for compliance is rapidly coming to a close. It is important to understand how these changes can impact your marketing approach.

What Is The GDPR?

According to research done by HubSpot, a mere 36 percent of marketers have heard of GDPR, meaning many organizations are at risk of non-compliance, which comes with a significant price tag and other penalties.

The GDPR is an EU regulation that increases the protection of personal data that is gathered on EU citizens. Organizations based outside of the EU are not exempt from these regulations. Any organization that collects, handles or processes data of EU citizens will need to be compliant with the GDPR or face fines up to 4 percent of their global annual revenue (or more than $25.5 million).

Data-Driven Marketing Is Changing

Data-driven marketing has been a buzzword that has floated around the industry for some years now. Marketers love data because it helps them get the right content in front of the right consumer at the right time. Consumers have a love/hate relationship with it because when done right, they do appreciate the targeted, highly-specific content. However, more often than not, it is done wrong and it can feel invasive. Privacy has become a major concern and this is where the GDPR comes in.

Marketers who have already adopted, or even pioneered, white-hat techniques for using data to put the consumers first will continue to be able to curate and distribute targeted content in a positive way, but they will have to work harder than ever before.

The GDPR And Marketing Best Practices

Many of the requirements for GDPR compliance are already recognized as marketing and data collection best practices. Let's go through some of the more common tactics and what is expected of marketers.

  • Communication – Controllers must clearly communicate that data is being collected, what information is being gathered, and what it will be used for.

  • Consent – Subjects must consent to have their data collected, stored and/or transferred. The subject must be informed of their right to withdraw said consent at any time.

  • Depth – Data collected must be limited to that required for the intended and declared purpose.

  • Updating Capabilities – Subjects must have the opportunity to update collected data at any point. Furthermore, a subject may request that data be deleted at any point and that request must be honored.

  • Storage – Data may only be stored for as long as necessary to perform the intended and declared purpose. A retention policy must be clearly dictated for any information that is retained beyond the termination of the relationship between subject and controller.

  • Security – All data storage must comply with the GDPR security provisions. Compliance must be documented.

Marketers Held To A Higher Standard

All in all, the GDPR is raising the bar for marketers. Black-hat tactics that afforded some marketers short-term success will no longer be effective. Value is being brought to the forefront of communications and marketers, brands, and consumers, alike, will reap the benefit of GDPR compliance.

This content is not legal advice for compliance, nor the interpretation of compliance, with data privacy laws like GDPR. If you're seeking guidance for how the law applies to your specific circumstances, consult an attorney.


We can expect to see innovation, creativity, and strategy taking off faster and going further than ever before. If you're looking to work with an agency at forefront of cutting edge marketing efforts, contact the trailblazers at FiG Advertising + Marketing today to schedule a consultation.