The GDPR – 5 things Advertisers need to know

The GDPR – 5 things Advertisers need to know


We have now crossed the six-month mark of the European Union’s (EU) General Data Protection Regulation (GDPR) coming into force, and it seems doubts are still prevalent across the digital marketing industry.

Who adhered to the GDPR baselines and who’s in charge of making sure there’s no breach? Much of this uncertainty comes from a misconception of what the GDPR is mandating.

Given the GDPR’s ambiguities, it seems that tailoring appropriate measures in order to be compliant is a tough job for everyone.

One thing I am certain about is I loved the launch of the GDPR as it was an excuse to clear my emails and remove all of those annoying unwanted messages!

Here are the 5 things advertisers need to know about the GDPR.

1: The right to be forgotten, hasta luego!

Loyalty and trust matter.

Make it easy for your customers to leave and they’ll find a way to come back when they are ready. In order to do that, automate the internal processes, choose the right platform and data management tools, this will make customer experiences more efficient and they’ll love you for that.

2: The data owner has the key

GDPR is not about businesses, it’s all about the data originator.

The person who provides businesses with their data – i.e. an email address, date of birth, purchase preferences – actually owns the data, has control and should be able to decide whether it should be shared or not. Focus on that and build a business strategy that takes into consideration what your customers want.

3: Email marketing, you stranger

In order to preserve businesses’ mailing lists, millions and millions of consent emails were sent with varying copy and formats in order to remain compliant with the GDPR. Many, including myself, saw an amazing opportunity to unsubscribe to as many non-relevant newsletters and emails as possible showing that perhaps not everyone was a customer after all.

The truth is that even if you’ve unsubscribed to most of the newsletters pre and post GDPR, businesses may still be able to get in contact with you for legitimate interest. This is still a grey area as there’s no clear interpretation on what is allowed and what isn’t until specific reasons for keeping personal data are tested in court.

4: It’s not all about privacy and consent

Among the digital industry there’s a common view that the GDPR is purely about customer’s privacy and consent – whilst this is one of the obligations, it’s not the only focus.

It also means that having a privacy policy and cookie consent on your site doesn’t automatically mean you are GDPR compliant.

The GDPR is more complex than that and requires businesses to adhere to a comprehensive set of obligations such as data minimisation, integrity and confidentiality, data protection and breach notifications.

A clear example is the malicious cyber-attack that effected British Airways customers last September, more than 380,000 transactions were affected and caused concern to BA customers. BA ‘s priority was contacting those customers to make sure their contact details and credit card details were kept safe and customers could follow their instructions on how to manage the breach of data.

The question is: Are you, as a small or big business, fully equipped to deal with a breach of data? If the answer is no, make sure you seek legal advice ensuring you have a process in place to deal with a data breach.

5: Harmony, the successful blend

No matter how hard you’ve worked to make sure you are GDPR compliant, are you sure all your departments are talking to each other? Can you extract data from all old and new systems and platforms, including third party and pull every single piece of information into a readable format?

If you’ve answered no to any of the questions above, you might want to look into this. Consider building a comprehensive data integration and strategy which acknowledges every single department in your business.  Getting data to work for your business means it’s also working for your customers.

If you’ve read up until now, well done! You’ve managed to read another GDPR article.

We’ve learned a number of things in the past months, some enlightening, some frustrating. Perhaps you found this article helpful and it made you smile, perhaps not. One thing is certain, the extent of the GDPR is not yet fully understood. We should however see regulation as an opportunity, rather than a threat and start thinking about what’s really important and is at the core of any business; our customers. At the end of the day that’s what really matters.

If you want to find out more about regulation in the affiliate market, download our free guide to better affiliate marketing.