Now that all of the panicked-email blasts have slowed down, it’s time to dig in to GDPR. GDPR stands for General Data Protection Regulation, and it’s a new regulation (though it’s been 7 years in the making) that just came into effect on May 25, 2018.  It’s going to affect every field and company that uses data, from marketing and advertising to medicine and banking by changing the way we use and share data. 

GDPR was created in order to replace the 1995 Data Protection Directive and bring it up to date for the digital age.  The new regulations are supposed to reflect the widespread use of the Internet which has grown tremendously since the mid 90’s.  It was instituted by the European Commission and essentially was designed to give citizens of the European Union more control over their personal data while also making sure businesses can reap the optimum benefits of the digital economy.  Click here for some more essential info on GDPR.

How will GDPR affect businesses?

Every company, big or small, that collects data will be required to comply with GDPR.  They are going to have to inform consumers any time they want to collect data and obtain their explicit consent to do so, and if their data policy changes in any way they will have to start over and obtain consent again. 

This isn’t much of a hardship for big companies like Facebook, Apple, and Google who have tremendous resources and have already updated their websites in order to make sure they’re in compliance with the new regulations.  Facebook restructure their site and created a wide variety of new tools so that their customers have more control over what data is collected and how it is used.  Apple and Google also created and updated “privacy dashboards” though they didn’t market their changes nearly as publicly as Facebook.

The challenge is going to be for smaller businesses who might not have the money or the tools to collect all the data they currently hold on their consumers.  Costs for businesses are definitely going to increase, and not all business owners have the training and education needed to understand the depths of data collection.

So what does this mean for digital marketers?

The first thing that’s important to point out is that GDPR WILL affect your business if you process data from EU citizens, even if your business is based outside the EU.  So don’t think that your American based business is exempt from this regulation, because it’s not. 

The next thing is that as a digital marketer, you are going to have to be transparent any time you wish to collect data on someone.  You will have to communicate very clearly that you want to collect data, and explain explicitly how that data is going to be used.  You then have to gain consent while also informing consumers about their right to refuse or withdraw their consent.  This means that you might have to get a lot more creative when trying to convert a website visitor into a lead.

In addition, you can ONLY collect data that is necessary to the intended purpose of the collection.  If you collect any extra data it will be considered in breach of the GDPR.  For example, it’s probably reasonable to collect information like a consumer’s name, email address, and home address, but if you try to go farther and collect information about their medical background or place of employment that data will most likely be considered unnecessary and put you at odds with GDPR.

Once you’ve obtained consent and collected the necessary data, you’ll need to be mindful of how that data is stored and used.  If you plan to share the data with another company, you have to obtain consent for that.  You also have to make sure you’re taking appropriate security measures in order to prevent a breach of data.  Encryption is a great way to do that.  You’ll also have to limit the amount of people who have access to the data.  Only parties necessary to the collection should be able to retrieve it.  If there IS a breach of data, GDPR requires that you report it within 72 hours.

You’ll also need to create extensive records that show the names of who consented, the dates and times when they consented, as well as how they consented.  In addition, you have to have a way to completely wipe out this data if a consumer chooses to withdraw their consent.

The Takeaway

One way to get started is to ask your marketing platforms for help.  They might already have tools to help you create better consent forms or ways to erase customer data immediately and completely.  There’s no need to reinvent the wheel if you don’t have to.

GDPR definitely presents some very real challenges to business owners, and especially to digital marketers, but overall we feel that it will lead to positive change in the digital business world.  Marketers are going to be held to a higher standard that forces them to put their customers first, and this is not a bad thing.  GDPR is going to require fresh thinking and more creative marketing strategies, and ultimately it should help build better relationships between businesses and their consumers that are built on trust and transparency. shares some insights on how to change GDPR challenges into opportunities.