How GDPR Affects Marketers

Major Regulatory Overhaul on the Internet


By now you have probably heard of “GDPR”, or have at least received about a dozen emails asking you to confirm privacy policies from one brand or another. You may have clicked on a website and been asked to accept the site’s cookie privacy policy before continuing on. Those actions are both part of a regulation that the European Union (EU) recently passed which took effect on May 25, 2018. It is called the General Data Protection Regulation, or GDPR for short. While this is now standard regulation for the EU, similar policies can also be seen rippling into the United States and around the world.

GDPR is a new regulation that was specifically designed to modernize the laws that protect personal information in the EU. Ultimately, the regulation says that brands which collect personal data are required to obtain consent from the consumer that is “freely given, specific, informed and unambiguous” in order to be compliant. An example of this can be seen on a website opt-in form. Prior to GDPR, most opt-in forms were pre-filled with the consumer’s email address and name, allowing the brand to send additional information to the consumer without actual consent. It was often hard to find information about the company’s data collection policies on their website. Now, the consumer has to willingly check a box to consent to hear from that brand in the future. This also means the user agrees to the brand’s privacy policy, which should outline how the collected data will be used. Although this is only required for EU consumers, for now, some companies have requested opt-ins from all their customers, regardless of location.

Businesses often collect personal data like a user’s name, home address, email address, birthday, location, and more. This information is used to offer more personalized messages in order to sell more products or services.

Data collection is valuable because personal information teaches marketers more about their consumers. Facebook generates billions of dollars in revenue every year simply by collecting data from their subscribers. The social media giant makes money by targeting users with third-party ads.

One of the most talked about sections of GDPR is the ability for regulators to fine businesses for not abiding by the new regulations. If an organization doesn’t process an individual’s information in the correct way, it can be fined.

Another part of GDPR includes the consumer having access to their own personal information. Now individuals have the power to request the personal information companies have collected about them. This information must be provided within 30 days of a customer’s request. Customers also have the right to request deletion of this information. Companies must also report any type of data breach within 72 hours after discovering the breach. Under GDPR, this “destruction, loss, alteration, unauthorized disclosure of, or access to” people’s data has to be reported.

One of the most talked about components of GDPR is the ability for regulators to fine businesses for not abiding by the new regulations. If an organization doesn’t process an individual’s information in the correct way, they can be fined. If an organization doesn’t have a particular employee designated as the data protection officer, they can be fined. If the company encounters a security breach and does not report it, they can be fined. Fines can be as high as 4% of a company’s total global revenue and are at the discretion of the Member States. Even if a company does report a security breach within the required 72-hours, depending on the severity of the data breach, cooperation offered by the offending company, and any previous infringements that may have occurred, it is up to the discretion of the Member States as to the fine imposed.

In the United States, any business that collects data from citizens in the EU must follow GDPR regulations or risk being fined. Companies that don’t have consumers in the EU will have a choice as to whether or not to get on board with these data collection protocols.  It’s rumored that the U.S. is not far behind in implementing some type of similar data regulation. In fact, in August of 2018, California signed into law the California Consumer Privacy Act, the first of its kind in the United States. This is likely a preview of what’s coming for the whole country.

More Updates

Is Amazon Right for Your Business?

How To Decide If Amazon is the Right Sales Channel for You

Ad Buying Strategy: Intent vs. Audience

Picking the Right Tool for the Right Job

The Importance of Being Hyper Creative

The Immeasurable Conversion Factor

Keep It Consistent

Why and What People Expect

Reaching the Right Eyeballs

How to Maximize Your Media Spend

You Ought to be Advertising on OTT

The Advertising Power Behind Over-The-Top Media

The Real Real on Virtual Reality Marketing

Turn on, Tune in, and Drop out of reality

Get Connected With A LinkedIn Media Plan

How to elevate your omnichannel strategy with LinkedIn

The Purpose of Purpose-Driven Marketing

Why? Because! Consumers Care About The Cause!

Does My Business Need Both SEM & SEO?

The Realities Of Finite Resources

Hey Google, Alexa, Siri, Can You Hear Me?

How Voice Search Can be a Key Component of Your SEO Strategy

The Importance of Brand Voice

Developing the Foundation of Your Brand’s Personality

‘Tis The Season for Marketing!

Digital Marketing During the Holidays

Making Email a Priority

Why Email Marketing? To Build Better Relationships With Consumers Through Communication, Education, and Building a Brand Community.

Design Week Recap

Drawing Inspiration at Phoenix Design Week

You Win, Defero Wins

2018 Awards Season was an absolute whirlwind and Defero came out on top!

The Power of Integrating Influencers

Incorporating influencers to amplify a full-surround brand strategy