Digital marketer’s guide to GDPR

1. Determine how GDPR applies to you. Since you’re here reading this, chances are, you’re under the umbrella. Any company (U.S.-based companies included) that has a worldwide web presence and collects, stores or processes consumer data or who uses vendors to do so is affected, at least to some degree, under the new regulations. If your website (that collects visitor data,) or email (that collects email addresses and other data,) could potentially target someone who is currently in the EU, you should have GDPR-compliant policies in place.

To clarify: GDPR only applies to consumers who are present in the EU when their data is collected. Furthermore, it does not apply to EU residents who are currently outside of the EU.

 2. Know that generic marketing doesn’t count. Your email or website content would have to target someone across the EU for it to apply under GDPR. Examples of this would be that your website is in the language of the country and there are references to EU users and consumers, or your website accepts the currency of that country and has a domain suffix (like a U.S. website that can be reached with a .co.uk from the UK.)

An example of something that would not count would be a Dutch user who Googles and finds an English-language webpage written for U.S. e-commerce consumers or B2B customers would not be covered under GDPR.

 3. Know what type of data you collect and, therefore, the consent you need to gain. This is the most important part of GDPR. According to Article 7, Conditions of consent, “the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.” An example of this would be a bar on the homepage of your website where users can consent to or deny consent for you to collect their cookie-based data.

If consent is not individually and explicitly gained before sending marketing emails or collecting cookie-based data, for example, companies can be fined up to $20 million Euro — that’s $24,689,600.00 USD — or, in other cases, 4% of their total revenues.

 4. Take better advantage of first-party campaigns. Data that isn’t cookie-based, AKA first-party data, is already a small but mighty tool — and under GDPR, it’s even more powerful. Since this data is pulled using your current customer databases, made up of those who have already consented for you to use their data (for instance, someone who has signed up for your email newsletter,) most of it is already compliant. However, if you ever pull first-party information from other sources, make sure that source has GDPR regulations in place.

Third-party targeting will still play a vital role in digital advertising, but it will be even more important for marketers to work with data partners that have trustworthy practices. Marketers and advertisers, especially those that are looking to target EU audiences, need to start asking questions about how their data is collected and whether or not they explicitly inform users that they are opting in. (See #3 for more.)

 5. Get up to date on your other data providers and ad-employing platforms’ take. The more you know. If you’re currently running advertisements on Facebook or Instagram, here’s a great resource for their take. Also, it’s a good idea to stay up-to-date about how other popular tech platforms, such as Slack, are handling this transition.