GDPR. The Sky is Falling! Or is it?

May 31, 2018 Mariah White

GDPR. What you need to know.


The end of marketing is here. No more emails. No ads. Forget about retargeting. No more following up after tradeshows. Now that GDPR is in effect, it’s all done.

Is this what you think when you hear the ‘GDPR’ acronym?

Yes, GDPR is a big change to our day-to-day marketing activities. No, it doesn’t ruin your ability to continue driving business. In fact, I whole-heartedly believe GDPR will force marketers to better drive business.  


First, let’s discuss what GDPR is.

I’m sure you’ve at least heard a least a tiny bit about GDPR. The General Data Protection Regulation (GDPR) is replacing the Data Protection Directive and is striving to standardize data privacy laws across European countries. This legislation aims to give more control to European citizens over their personal data. GDPR went into effect on May 25th, 2018.

If you do business with Europeans that involves the processing of their personal data, this legislation applies to you. Even if you don’t think you process European personal data, go double check the country of origin on records in your database.

Here’s why you, presumably as a marketer, should care:

  • The potential fines are huge.  Lawsuits are already being filed. The maximum fine for a single breach is 20 million euros, or 4% of annual worldwide turnover (AKA gross revenue), whichever is greater.
  • This affects the activity you’re able to track, the data you can or can’t collect and who you can communicate with.
  • The processes needed to comply with GDPR not only affect marketing departments and teams, but entire organizations.
  • Data privacy regulations are never going away.
  • Data privacy is never just for privacy teams.


So now that we have a basic understanding of what GDPR is about, let’s dive into what actions you can take to properly market in this new world.

  1. Get Consent

First and foremost, start obtaining permission to talk to people. Yes, GDPR has a ‘legitimate interest’ clause, but obtaining permission shows people that you care and that your organization is taking this seriously (i.e. increases rapport). It’s also much easier to show that you put permission-based processes in place and that someone agreed to receive communications from you, rather than filtering through grey area legal jargon. You can easily do this by placing checkboxes on forms and having people click through a confirmation email.


  1. Provide the Privacy Policy

Put it on forms, landing pages, emails, your grave stone. Put it everywhere. Okay, maybe not your grave stone. This is a way to be transparent and to make for easy navigation, because nobody likes searching for a privacy policy when they’re frustrated by a company’s data standards.


  1. Understand Your Data Flow

While this may not be “marketing’s” job, it’s still important to understand, and as a key player in your organization, to know which data is being used and moved into other organizational systems. Review which systems are in place, such as marketing automation platforms, apps, CRMs, ERPs and website tracking tools and know the kind of data being stored, and how data is getting into and out of each system.


  1. Enable Simple Email Opt-Out

This shouldn’t be new for email marketers, but I'll say it – make sure you provide an unsubscribe link in all marketing emails. It should be as easy to opt-out as it is to opt-in.


  1. Understand Data Requests

As mentioned before, GDPR aims to give more control over a user’s personal data that is being stored and tracked by an organization. This includes accessing, transferring and deleting.

Knowing that this regulation empowers end users on these fronts is the first step. Putting processes in place is another step – this can typically be done by automation, GDPR-specific pages, or using specific verbiage in the privacy policy.


  1. Internally Transfer Data Securely

We’ve looked at obtaining consent, talked about cookies, but we’re shifting gears to internal data security. Stop saving tradeshow booth visitor lists on your desktop. Don’t send the entire customer list via email. It’s not secure and puts the organization at risk if a hack attack ever happened.


  1. Discuss GDPR With Data Processors

If you work with third-party vendors, they need to be GDPR compliant, too. Your organization, the data controller, is still responsible for ensuring the relevant vendor organizations, data processors, are in line with the current regulation. This includes marketing automation platforms, consulting agencies, email service providers, event platforms, and the list goes on.


  1. Confirm with a Legal Resource

I said this earlier but it’s important, confirm these processes with a trusted legal resource. Many legal teams may have different takes on this new regulation and it is in the organization’s best interest to take due diligence on this. Make sure you’re all on the same page with where data is being stored and how it is being transferred.

Additionally, depending on the size of the company and the amount of data being processed, a company may need to hire a Data Protection Officer (DPO), that the marketing team can work with.


  1. Don’t Freak Out. Market Better.

Use this as your opportunity to create exciting, intriguing and relevant content for people, because now you know that people want to receive it. You’re now working with a database full of engaged and valid records.

And finally! Is this a lot to take in? Yes. Is it all going to be okay? Absolutely.

Is your Marketo platform GDPR compliant? Talk to our team of experts about how to get it there. 

About the Author

Mariah White

Mariah focuses her expertise on the infrastructure of Marketo for clients. She specializes in Country Opt-In Compliance, Infrastructure and Migrations. Her passion for driving results and helping clients succeed in Marketo is evident to everyone who gets the opportunity to work with her. She is a Marketo Certified Solutions Architect. Mariah teaches yoga, loves to travel, and can often be found running Montana trails with her perma-puppy, Suvi.

Follow on Linkedin More Content by Mariah White
Previous Article
Top 4 Things To Consider About Your Data [Infographic]
Top 4 Things To Consider About Your Data [Infographic]

Become a data hero by understanding these 4 concepts

Next Article
Calling All Marketers [Engineers]
Calling All Marketers [Engineers]

Marketing has become an engineering profession