GDPR – what smart marketers need to know

thumbnail of Andrea


If you are in the business of demand generation – collecting leads and using data to target prospects and customers for your business – then you’ve most likely heard of GDPR. For those of you that may not be as familiar, we’re talking about the General Data Protection Regulation (GDPR) legislation of the European Union. This legislation goes into effect May 25, 2018. This applies to protections for the personal data of European residents regardless of whether you process that data inside the EU or not. U.S. companies that process such data will have to comply with the GDPR requirements. If not, the fine can be up to 4 percent of annual revenue.


So, what does this mean?

While you may not target Europeans now, many suspect similar regulations coming soon for U.S. residents and businesses. Think about Canada’s anti-spam legislation (CASL) that prohibits the sending of commercial electronic messages in or out of Canada without explicit consent. While it may not directly impact our data, there are best practices to be CASL-compliant. It is best to take steps now for GDPR (and hey, it really is best practice) to ensure you are keeping your customer and prospect data private and secure. When we talk about “data,” it is the personally identifiable information (PII) – name, email address, phone number (and obvious secure information such as account numbers, SSN, etc. – if your business collects and stores that information).


What is the gist of what I need to know?

Of course, it is always smart to consult legal advice and experts who are well-versed in GDPR. However, from a marketer’s perspective, there is low-hanging fruit that can be implemented now within your campaign architecture and tactics as best practice to help you prepare. While this is not everything, it is a start.


 1. Data collection forms

At the point of data collection (forms), it is no longer compliant to have a generic opt-in for marketing purposes. Provide detail on what the information (email address) will be used for, what will be communicated and how (in what channels). Reconsider a global opt-in to a tiered opt-in for different topics and different channels (i.e., I opt-in for offers related or unrelated to my product or service, via text, U.S. mail, email, phone, etc.).


2. Opt out or opt down

Have an easy and known way for all users to completely opt out or better yet (for us in marketing) to opt down. When someone elects to opt out or opt down, the regulation states that this should be done “immediately” – so in real time. Are your systems set up to reflect this – all the way downstream and back to other systems you may use?


3. Documenting consent

CRM is great and most of us have processes and date stamps in place for lead collection. Make sure your data/lead capture contains hidden data fields that indicate the required information under this regulation. Moving forward we need to ensure evidence of accountability:

i. Who? – Contains the identity of the individual and tagged with a unique identifier (UID) (email is not considered a true UID as many people have more than one)

ii. When did they consent? – Date stamp the submission on the UID record

iii. What did they consent to? – What was the offer, what was the opt-in clause?

iv. How and where was it collected? – Landing page, URL, etc.


4. Capture cookie consent

A cookie is a text file that is stored on a user’s computer and later retrieved by a web server (so I’m told – this is for the techies out there). There are different categories of cookies for different purposes – performance, functionality, social, targeted advertising, strictly necessary, etc.

When users now visit a website or landing page with cookies, under GDPR, there must be a notice to inform users. There can be a pop-up upon entry to the site (or link in footer) with a notification of what the site uses cookies for (e.g., delivering more relevant targeted advertising, or whatever purpose).  There should also be affirmative action – a button or link that says something like, “Yes, allow cookies,” or, “No, disable cookies on this site.”


As what we do in the realm of marketing communications becomes more and more data-driven and digitally integrated, being compliant and using best practices as we capture, store and use the data for delivering targeted and relevant communications is just plain smart.


To continue the conversation or if you have any questions, feel free to contact us!

thumbnail of Andrea

Andrea Morrow

With over 20 years of experience, Andrea is known for developing marketing communication plans that work hard for clients and exceed goals. Her strategic direction will find solutions that tell a brand story and gain business results across platforms to ensure a seamless brand experience for all audiences. Andrea thrives by staying on top of details, analyzing results and pushing for growth both with her clients and her internal teams. Known for her positive attitude and thinking on her toes, Andrea has lent her expertise to student groups and business groups such as the FMWF Chamber. Andrea’s high-energy style is put to good use at home with her husband and their three kids. Luckily, she finds time to enjoy lake life during the summer.

Read all articles

Sign up for email updates!

By signing up, you agree to receive emails from Flint Group. Unsubscribe at any time by clicking on the unsubscribe link at the bottom of our emails. Questions?