What Marketers Need to Know About the EU’s GDPR

Avatar Act-On
Email Marketing

Editor’s Note: This article on what marketers need to know about GDPR appeared originally in Digital Marketing Magazine.

It is just over two months until the new EU-wide General Data Protection Regulations (GDPR) come into force. Starting May 25, 2018, organizations could face potential heavy penalties for misuse of consumer data in a bid to give EU citizens better control of their personal information.

According to a recent survey from the Direct Marketing Association, around a quarter (24%) of companies have yet to start a plan of attack, while only a little over half think that their organizations will be ready for the 2018 deadline. But what does the GDPR really mean for marketers and how can you take steps to address it now, so you don’t leave it too late?

What the GDPR means for marketers?

The purpose of the GDPR is to unify data privacy principles and practices across Europe, giving EU citizens more control over their data and increased capacity to dictate how organizations may use that data. If you have an EU data subject that you are marketing to, then regardless of where you are located in the world you will have to comply with the GDPR.

Previous EU directives addressing customer data were more like digital rules, and have been interpreted in many different ways by different EU member states – some countries, such as Germany, have much more restrictive interpretations of existing methods than others, like the UK. Conversely, the GDPR is a law, meaning that all countries will have to abide by it in the same way.

The GDPR is the most comprehensive law coming into effect for the last 20 years, and will affect every company in some way, shape or form. It will most certainly have a dramatic effect on digital marketers. To begin with, there will be a lot of confusion. Can you track someone using their data? Can you share this data with third parties? If a customer wants to leave, do they have the right of erasure, and will companies have to return certain data? At the moment, it’s a very grey area, especially as the definition of personal data has been expanded to include online identifiers such as cookies and IP addresses. However, it is also a chance for marketers to reassess the data value exchange between business and user, and I believe it will ultimately lead to better digital marketers.

What should companies do to prepare for the GDPR?

If you’re a marketer in any sector, it’s important that you are thinking about your current data acquisition and customer contact practices and how these need to be adjusted in order to meet compliance. Come May 25th, companies will need to show that they are working to comply with the regulations, and those found non-compliant could very well be hit with a substantial fine.


Join Act-On on April 16th at 7:00 a.m. PDT / 3:00 p.m. GMT to learn:

  • An overview of key provisions of GDPR.
  • The top 5 critical actions you need to take NOW to be compliant.
  • The crucial role your digital demand gen engine will play in meeting the regulations.

The first thing I would advise marketers to do today is research how the GDPR affects them and their company, and re-evaluate their outreach and onboarding strategies. The essential thing to establish is that a consent trail exists so that it’s clear which data your customers have agreed to share.

Act-On recently polled 200 marketing professionals across the United Kingdom and found more than a third didn’t understand the changes or the impact GDPR would have have on their businesses. We also found the knowledge gap is even greater outside marketing departments, with just 45 percent of UK marketers feel the rest of their business understands the new rules and their implications.

Reviewing who is responsible for obtaining consent

Once you’ve reconnected with your customer database to ensure their consent statements will be GDPR-compliant, the next step you as a marketer can take today is to review contracts. Companies’ contracts will need to be updated within the media supply chain to clarifying exactly who has the obligation to obtain consent, and also who has the obligation to provide transparent information about how customers’ data is used.

Each country will have a Data Protection Authority (DPA) that will coordinate GDPR compliance; in the UK, the Information Commissioner’s Office (ICO) is that body. They have a lot of great information that will provide you some insights on what is required and how to prepare for the new rules of the digital road.

As a result of all the confusion and dread around the GDPR, the directive will definitely take some time to get used to. However, marketers must remember that it could ultimately improve the customer experience, which in turn will make us better digital marketers in the long run.