Skip to main content


GDPR: Marketing Responsibly & Respectfully

Your business is doing great. Your marketing team is on top of new ways to sell ideas, products, and services. But now it’s time to tackle something new. This year, the world’s professionals (ranging from HR reps to IT support and everything in-between) must tackle the changes that GDPR is making in the world of customer data and marketing.

As of May 25, 2018, the General Data Protection Regulation (GDPR) was instated by the European Union (EU) to reconcile and streamline the online protection of personal data.

If you or your company processes personal data of any EU citizens, this list will help you and your team ensure compliance with new GDPR regulations and kick-start your new marketing campaigns. 

While adapting to these regulations may be a lengthy journey, it’s also an excellent opportunity to increase brand awareness and strengthen consumer loyalty by enhancing your consumers’ privacy while simultaneously delivering a quality experience. 


Connect with your IT team regarding the new infrastructure and protocol. This is a shared responsibility, and you don’t have to shoulder all the new regulations alone. By maintaining constant communication, you can guarantee that everyone is adhering to the same set of compliance standards.  This will also allow you to ensure that your team is correctly monitoring data and its point of origin and scanning for potential breaches. Once these security measures are in place, it allows you to focus on your market and your message!


Personal Data Stock PhotoJust like staying on the same page as your team, this is a joint effort. Managing your privacy policy is one of the most pivotal changes you and your team will make to comply with GDPR regulations. These updates can be made by utilizing legal aid. One thing that differentiates the GDPR from many other regulations is that the EU stipulates that the format of your policies must be “concise, transparent, intelligible and easily accessible, using clear and plain language.” 

What information should be included in your privacy policy? Details such as:

  • If you’re going to share customers’ info with third parties
  • Customers’ right to lodge a complaint
  • How exactly you will use the data collected
  • Retention period of data collected


Updated to the cloud recently? Don’t just recycle your old servers, have them securely wiped. Do a thorough audit of all your email subscription and mailing address databases. How did you obtain them? When was the last time you offered your consumers a reconfirmation to opt-in?

GDPR’s new law requires that just as there needs to be a coherent way to opt-in to subscription lists, there needs to be an easily accessible way to opt out. Many newsletters now require a double authentication process for subscribers to sign up. This is just one way to showcase to consumers that their privacy is respected. 

Here’s how you can do the same:

  • Create specified campaigns where consumers are actively engaged
  • Create landing and contact pages with opt-in submission forms
  • Include drop-down bars that require active participation
  • Necessitate a consent to contact via email

Now that you are aware of some of the new GDPR requirements, including privacy policy language and contact opt-out, you’ll need to consider a new brand marketing strategy. It’s important for GDPR regulations to be demonstrated in every aspect of how you interact with your customers.


While each company has their own message and unique method to inbound marketing, the basic steps are pretty simple:

  • Attract
  • Convert
  • Close

The “Attract” stage is typically when your marketing team begin collecting customer data in order to market to them. In order to comply with GDPR standards, this step now necessitates that you protect any data you collect. This means making sure that your customers also understand their rights when it comes to the data that you’ve collected. According to GDPR, consumers have a right to:

  • Access their personal information
  • Withdraw their information at any time
  • Modify inaccurate data
  • Move personal data from one provider to another
  • Demand erasure of personal data

Through careful and constant communication with your customers through targeted campaigns, calls to action, engaging social media, and printed materials you can still retain customers’ attention and trust. 


Not only are your consumers trusting you with their private data (E.g., first and last name; any information held by a healthcare provider; email address, location data; computer cookie data; a home address; phone number; an IP address; credit cards; social security number; etc), but they ultimately are entrusting it to your third-party partners. 

This means that it’s important to make sure that your business partners and associates are also handling customer data in a GDPR compliant way. It’s essential that they remember the value in putting the consumer’s privacy above any momentary inconvenience that may occur during this transition period.

Three things for your company to remember:

  • Data permission: You must maintain contact with your consumers after the conclusion of a transaction where you’ve collected data on them.
  • Data access: The right to be forgotten, also known as erasure, demands that you will need to enable consumers efficient access to revoke or remove their data at any point.
  • Data focus: You must guarantee that the information collected by your team is legitimate and corresponds with a transaction a customer has had with you.  Moreover, your contact with customers must remain professional and non-intrusive.


No one can predict a security breach. The best protocol is to hope for the best, but to prepare for the worse. In the event of a breach, GDPR states that you will have 72 hours to notify your customers that their information may have been compromised. 72 hours is not a long time, so you need to have a contingency plan ready long before any data has been compromised. Just like facilities conduct routine fire drills and plan the proper exit routes, you and your team should be prepared for a security breach. Prepare press release drafts and other statements you may need to release in the event that something happens. Most importantly, always document your processes and procedures before and after a breach to demonstrate your compliance in the event of an audit.