MENUMENU
  • Services
    • Services
      • Search Engine Optimization
      • Local SEO
      • Generative Engine Optimization
      • Digital PR
      • Content Marketing
      • Email Marketing Services
      • Lifecycle Marketing
      • Paid Media Advertising
      • Social Media Marketing
      • Creative Design Services
      • Conversion Rate Optimization
      • Website Design & Development
      • Amazon Marketing Services
      • Franchise Marketing
      • Franchise Development
      • National to Local Marketing
      • Reporting and Data Analytics
      • Digital Marketing Strategy
  • Who We Serve
    • Who We Serve
      • Franchise Marketing
      • B2B Marketing
      • Lead Generation
      • Ecommerce
      • We Build Custom Strategies
      • View Sample Industries
  • About Us
    • About Ignite Visibility
      • Our Story
      • Our Values
      • Our Team
      • Clients
      • Diversity & Inclusion
      • Our Blog
      • Marketing Resources
      • Franchise Marketing Resources
      • Careers
      • Hiring Notice
  • Case Studies
  • Awards
  • Contact
  • 619.752.1955
Home / Industry News / What Marketers Need to Know About GDPR Compliance

What Marketers Need to Know About GDPR Compliance

May 21, 2018 By John Lincoln

Do you know about GDPR compliance? Are you ready for it?

Those are two very important questions that you should be able to answer if you’re doing any digital marketing to a European audience. That’s because GDPR goes into effect on May 25, 2018.

Here’s what you need to know about it.

What Marketers Need to Know About GDPR Compliance

Note: the new regulation will affect your business even if it’s not located within the European Union (EU).

What Is GDPR?

GDPR stands for General Data Protection Regulation. It’s a replacement of the 1995 Data Protection Directive.

Its purpose is to protect the privacy of consumers who conduct business online. You can think of it as a bill of rights for e-shoppers.

Under GDPR, businesses can’t process customer data unless it’s for a lawful purpose or those businesses have received explicit instructions from the customer to do so.

And what constitutes a “lawful purpose” for processing customer data? That’s identified in the regulation:

  • The person has engaged in a legal contract with the company
  • The data processing is necessary to fulfill a legal obligation
  • The data processing is necessary to protect somebody else’s information
  • The data processing is necessary to carry out a task that’s in the public’s interest
  • The data processing is necessary to pursue “legitimate interests” by a controller or third party

So your first takeaway should be this: GDPR is designed to help customers, not businesses.

In fact, businesses are still scrambling at this 11th hour to make sure that they’re compliant when the regulation goes into effect later this week.

Why? Because GDPR requires companies to collect and process data keeps personally identifiable information (PII) secure. That’s a tall order for businesses that haven’t been dotting their cryptographic i’s and crossing their tokenization t’s.

They had better get that sorted out very quickly, though. Penalties for GDPR violations are stiff.

Companies can get fined up to 4% of global sales. That could cost billions of dollars for larger corporations.

For smaller companies, the fine can get as high as $23 million.

So if you’re not sure that your business is compliant, you might want to read on.

Is Your Business Affected?

Probably.

It’s a global economy. Even if you’re based in the United States or outside of the EU, you’re probably doing business with Europeans.

In that case, GDPR will affect your business.

GDPR Compliance and Marketing, Courtesy of Hubspot
GDPR Compliance and Marketing, Courtesy of Hubspot

Also, if your company supports businesses that are based in the EU, then it’s affected. For example, call centers that handle customer service inquiries for businesses located in Europe will need to follow GDPR rules.

Unfortunately, the cost of complying with the regulation isn’t cheap. According to one study, businesses are spending $8 billion worldwide to avoid running afoul of GDPR.

Your business will most likely need to make some kind of investment as well.

“Opt-In” Is Now Mandatory

Your new best friend is summed up in two words: “opt-in.”

You’ve probably heard those words before. They’re popular in discussions about email marketing.

If you want to stay compliant with GDPR, you should apply them to all your data processing tasks.

According to the regulation, permission to use a person’s data must be “freely given, specific, informed, and unambiguous.”

There aren’t too many other adjectives the regulators could have included to make it abundantly clear that you must have permission before you use people’s data.

Use Clear Opt-In's Like Lancome for GDPR Compliance
Use Clear Opt-In’s Like Lancome for GDPR Compliance

Don’t automatically add someone’s email to your distribution list. Don’t send text messages just because you have the person’s phone number.

Get permission for everything. You can do that with a simple checkbox that reads: “I give permission to receive text messages from the company” or words to that effect.

By the way, it’s probably a great idea to go the extra mile here. Once again, let email marketing best-practices be your guide.

You’ve probably seen a process where a visitor opts into an email list on a website. Then, that visitor receives an email asking for verification about the opt-in.

That’s called a double opt-in and it’s a great idea for you to put it into practice as much as possible.

Here’s an important point about securing permission: make sure you have an audit trail that demonstrates you got consent.

It’s not likely the powers-that-be that enforce GDPR compliance will assume that you’re innocent until proven guilty when it comes to getting permission for data use. They will want to see evidence that you got permission before using anyone’s information.

Make sure you can provide that evidence on a moment’s notice.

One final point here: opt-in also means opt out. Make it abundantly clear how people can choose to no longer receive your emails, text messages, or phone calls.

GDPR Compliance: Use Cookies Only With Consent

You can’t even use cookies without consent from European visitors. Take a look at Recital 30 of the GDPR:

Natural persons may be associated with online identifiers… such as internet protocol addresses, cookie identifiers or other identifiers… This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

If you’re not familiar with cookies, then your website probably isn’t using them. They’re digital footprints that some sites place in a user’s browser.

If your website is using cookies, you need to get permission from European customers before you add them to their browsers.

GDPR Compliance: You Must Get Permission to Use Cookies
GDPR Compliance: You Must Get Permission to Use Cookies

Why? Because as the Recital above states, cookies can be used to identify people. Therefore, they’re PII.

Usually, GDPR-compliant sites use a small popup that appears at the bottom of the screen to ask visitors for permission to use cookies. You’ll need to do that or stop using cookies completely.

Full Disclosures

It’s not only important that you get permission when processing people’s data, it’s also imperative that you fully disclose what you’re going to do with that information.

Are you going to share it with third parties? Are you going to use it for marketing research?

Tell them.

In fact, you should tell them in very plain language. Yes, that’s part of GDPR compliance.

Use clear, concise language to tell your customers how you plan on using their data. Answer all the important questions: who, when, where, why, what, and how.

This is where it’s better to give away too much info than not enough. You might lose some opt-ins, but that beats getting fined by European regulators.

Keep in mind, though, there’s a benefit to sharing that kind of detail. Your customers will appreciate the transparency, even if it’s mandated.

That builds good will.

Forget About ‘Em

Under GDPR, consumers have the right to be forgotten.

That’s not a typo. Customers can request that you remove their data from your database.

And you must comply.

So ask yourself this question: do you have a process in place to anonymize the records of specific customers? If not, then you’d better get one quickly if you plan on doing any business in Europe.

Alternately, you could also delete those records. That might be the easiest way to stay compliant. Going through all records and just eliminating PII is a bit more involved.

Whatever solution you come up with, it has to be permanent. In other words, you can’t delete a customer’s record and then have it show up again later from a backup.

GDPR Compliance: Be Accessible

For GDPR compliance, you’ll also need to give customers the ability to access and modify their PII.

That doesn’t necessarily mean that you provide a web-based user interface so that people can change their name or address (although that’s a great idea). But you should make it obvious who they can contact to have their info altered.

Trim the Fat

GDPR also mandates that you store only that customer data which is absolutely necessary.

If you’re storing additional data that’s a “nice to have,” you’ll need to do one of three things with it: encrypt it, remove it, or anonymize it.

Fess Up

Have you ever read a news report about a company that went through a data breach and didn’t announce it until months after the fact? Did that make you mad?

That kind of story makes a lot of people mad. That’s why GDPR requires you to alert the Information Commissioner’s Office (ICO) within 72 hours if you find evidence that customer data has been compromised.

Sure, it’s a public relations nightmare when that happens. But it’s better to suffer the PR backlash than deal with hefty fines.

What About Legitimate Interest?

As we’ve seen, you’re allowed to process a user’s data if there’s a “legitimate interest” involved.

What does that mean? It means talk to your attorney.

Seriously, it’s an ambiguous provision within GDPR. If you’re looking to stay compliant while exploiting that loophole, you need to make sure that your legal ducks are in a row. Otherwise, you could find yourself in quite a bit of trouble.

Even if you do manage to conduct a “legitimate interest” campaign, you still need to make sure that the people you target can opt out. If they ask you to forget about them, you also need to honor that request.

GDPR Compliance: You Might Need a DPO

Get ready to run an ad on Monster. You might have to hire a data protection officer (DPO).

That’s an individual who will make sure that your organization maintains GDPR compliance. You’re going to spend some money on that kind of talent, but it’s the cost of doing business these days.

The good news is that you might not need a DPO. According to GDPR, you only need a DPO if:

  • Your business is a public authority
  • Your business monitors individuals systematically and on a large scale as part of core operations
  • Your business processes special categories of personal data on a large scale

If you’re not sure about any of that, contact an attorney.

Even if you don’t need a DPO, it might be a good idea to have one on staff anyway. They can save you a fortune in fines if they uncover GDPR violations.

GDPR Compliance
GDPR Compliance

Keep Customers in the Loop

Once you’ve determined what kinds of actions you need to take to stay GDPR compliant, you should let your customers know what’s going on. Keep them informed.

Post a message on your website explaining all the changes that your company is making to ensure that customer information stays secure. Also, let them know about your new opt-in processes and how they can update their data or request that it be removed.

You’ll not only stay within the confines of GDPR when you do that, but you’ll also give your customers a little peace of mind.

Wrapping It Up

As of this writing, GDPR goes into effect in just four days. Are you ready?

If not, now’s the time to get an action plan in place. Follow the guidelines above, get legal advice about specifics, and let your customers know what’s going on.

That’s how you’ll stay out of trouble.

Related Posts

  • How Does GDPR Affect Email Marketing?

    Email marketing and GDPR are closely related. Why? Well, GDPR has put more regulations on…

  • Women Making Big Strides in Marketing - Ignite Marketers of the Week

    March 8th is International Women’s Day - a day dedicated to commemorate the cultural, political,…

  • How Internet Marketers Do Valentine’s Day

    Oh Valentine’s Day, it’s the time to celebrate with that special someone in your life.…

About John Lincoln

John Lincoln (MBA) is the CEO of Ignite Visibility, a top performance marketing agency backed by Mountaingate Capital. A digital marketing strategist and keynote speaker, Lincoln has managed over 1,000 marketing programs for brands like DoorDash, HBO, Tony Robbins, and Experian. Under his leadership, Ignite Visibility has been named a leading digital marketing agency in the U.S. and made the Inc. 5,000 list six times. Lincoln also spearheaded the development of CertaintyTech, a cutting-edge media mix modelling and forecasting platform. An award-winning marketer, Lincoln has authored three books, including Advolution (2022), and produced films such as SEO: The Movie. Recognized as a Top Business Leader, he has been featured in Forbes and The New York Times and spoken at global events like Web Summit and SMX. Lincoln's mission is to empower businesses through innovative digital strategies while reinvesting in clients, employees, and the community.

About Ignite

Ignite Visibility is a premier full-service digital marketing agency. We were founded in San Diego, CA but are now a 100% remote-first company with Igniters and clients around the globe.

Ignite Visibility is one of the highest awarded digital marketing agencies in the industry, works with some of the biggest brands in the world and is a 6x Inc. 5000 company.

noun-trading

Our Services

Ignite Visibility offers Award-Winning Services including comprehensive full-funnel digital marketing strategies. Learn more about our most popular service offerings below:

  • SEO Search Engine Optimization
  • PPC Pay Per Click
  • Email Marketing
  • Social Media
  • Creative
  • View All Services

Contact Us. Let’s Chat!

  • This field is hidden when viewing the form

Marketing Guides

SEO In 2020: How To Prepare For Major Disruption

"SEO: The Movie" - Have You Seen Our Film? Watch Now

"Social Media Marketing: The Movie" - Have You Seen Our Film? Watch Now

Amazon Seller Central vs Vendor Central

Listen To The Podcast Featuring The Best Minds In Marketing

John Lincoln Interviews Global Director of Digital Marketing & Strategy at Qualcomm, Jessica Jensen

Check Out 227 Free Online Marketing Classes

The 2020 Guide To Dominating SEO With Advanced Schema

Learn More About Our Digital Marketing Agency

Learn More About Our SEO Services

Learn More About Our Paid Media Services

SELECT CATEGORY

Become A Contributor

Interested in writing for Ignite Visibility?

APPLY NOW

noun-chat

Let's Chat

Ready to grow your online visibility and sales?

Request Your Free Proposal

Work With Us

NEWSLETTER // SIGN UP NOW










noun-strategy

Free Marketing Resources

  • Digital Marketing Resources
  • Marketing Strategy Videos
  • Weekly Marketing News Recaps
noun-strategy

Most Popular Blogs

  • How Long Does SEO Take?
  • Multi-Location SEO: Top Strategies
  • Google AI Overviews: Everything You Need to Know
  • Technical SEO 101
  • 18 Google Ad Extensions You Should Use
  • Complete Guide to Google Responsive Display Ads
  • Capitalizing on Local Service Ads
  • How SEO and PPC Work Together
  • Community Management Best Practices
  • B2B Social Media Marketing Guide
  • VIEW ALL BLOGS
noun-letter

Join Our Newsletter

CONNECT WITH US

  • facebook
  • twitter
  • instagram
  • youtube
  • linkedin

Services

  • Search Engine Optimization
  • Generative Engine Optimization
  • Pay Per Click Management
  • Social Media Marketing
  • Email Marketing
  • Conversion Rate Optimization
  • Website Design & Development
  • Creative Design
  • Content Marketing
  • Digital PR
  • Franchise Marketing
  • Digital Marketing Agency Services

About

  • Our Team
  • Our Values
  • Clients
  • Industry
  • Reviews
  • Careers
  • Marketing Resources
  • Privacy Policy & Service Terms
  • Advertising Disclosures
  • Sitemap

Contact

4370 La Jolla Village Drive
Suite 320
San Diego, California 92122

619.752.1955

Join The Newsletter

Sign up for our newsletter to get the latest from Ignite Visibility.











google parther logo

©2025 Ignite Visibility. All Rights Reserved. Privacy Policy and Terms of Service