GDPR Implications For Digital Marketing [Website, Email Marketing, Social Media and Search Updates]

May 24 2018


Digital Marketing


Last Updated: May 19, 2021

Author Neeraj

We Work on Your Digital Presence and not just a Website. Get a Website and Online Business that grows monthly. See the difference!

View Plans

The Digital Marketing Context

You must have come across privacy change notifications on your social media accounts like Twitter and Facebook if you logged in recently, this is due to GDPR which is making these brands more cautious. Personal data and privacy discussions are a trending topic this year. If we were to look at data, “Google trends” at least says so. People have suddenly become interested since April 2018 which has not been the case in past.

google trends for GDPR

From the Cambridge Analytica and Facebook data scandal to growing concerns over ad tech fraud, WhatsApp, IOS 14.6, a definite solution and regulations are needed now more than ever. Fortunately, EU pioneered this from May 25th of 2018.

“GDPR” or “General Data Protection Regulation” was enforced across 28 countries in the European Union and it aimed to improve transparency and effectiveness of data protection activities.

This has been a major change in marketing regulations towards data privacy in the last two decades. Whilst it implies multiple “To-Dos” to be implemented at an organizational level to ensure GDPR compliance, digital marketing as a function is at the center stage of all campaign-related data collection including all the marketing communications. In this blog, we will explore more about the who, what, when, where and how of GDPR implications for digital marketing as a function.

Who was impacted by GDPR?

All 28 countries in the European Union, and every business dealing with data of the customers and prospects residing in the EU, despite the business being located outside of the EU.

What is being impacted in Digital Marketing?

Data Permissions:

Soft opt-ins are not enough, digital marketers need to ensure hard opt-ins which must specify the purpose of the data collection, why it needs to be stored and in what way it will be used in the future.

Data Access

Users must have access to their data in your systems, Essentially, they must know what data you have on them and they can also ask for it to be deleted.

Data Focus

Digital marketers must ask for what is needed, specifically. Do you know how annoying it is when you download an app for music and it asks your permission to know your location. (something very common on Android) which has ultimately led to another set of apps which advice on your privacy risks, for instance DTEK by Blackberry.

When was the Impact?

May 25th of 2018, organizations were given 2 years to comply with all the requirements so far.

What if we don’t implement GDPR compliance in Digital Marketing?

There are 2 tiers of administrative fines:

1) Up to €10 million, or 2% of annual global turnover, whichever is higher.
2) Up to €20 million, or 4% of annual global turnover, whichever is higher.

Source: IT Governance

Seriously, Honda was fined £13,000 for an email alone – Read More

Where will GDPR impact in Digital Marketing?


You must update your privacy policy to state why information is being collected and how it is being used. Landing pages on your website need to be GDPR ready /complaint. CRM and Emailer tools that you are using must have compliant features as well. If you are using front-end designs using a web themes or forms on the website without any emailer automation tool as such, it’s time to ask individual consent with explicit permission. we would recommend using a mailer automation tool such as HubSpot for easy automation with your landing page forms.


Any outreach campaigns for paid search in the EU should be dealt with caution, campaigns promoting the download of an asset in exchange for information should have explicit consent. Google, for example, asked advertisers to own this as well and they also refined the policy for users in EU for consent.

Social Media

On the usage side social media tools such as SocialPilot, the consent and data use will be covered by the terms and conditions and privacy notices of each of these software tools in specific, thus, digital marketing need not worry here directly. Due to existing legislation which is known as EU-US Privacy Shield, US companies (including social media application providers) can self-certify and commit to this framework agreement which underpins their protection of EU citizen data entrusted to them. In a nutshell, it means that both you and your social media audience agree to the terms of the tools you use.

Most of the leading social media platforms have already announced being GDPR compliant or they are planning to enable it soon.

Emailer Automation

This will be impacted the most in digital marketing as it deals with an individual in specific through email IDs, directly hitting the privacy cord of GDPR. Emailer outreach programs have been bothering people across the globe for a while now. A lot of brands utilize this for organic growth including demand generation campaigns which may not be the best way forward, it also because of the fact that once a company commits to invest in marketing automation tools such as  Aweber (say every 6 months or yearly), it doesn’t not involve a fee every time you run a campaign, Google AdWords for instance has a cost associated, every time you want run a campaign with.

How can Digital Marketing function be made GDPR complaint?

Digital Marketers must know the chapter 3 of GDPR in details which talks about the rights of the data subject (your Target person in specific) This should serve the the basic information to adopt best practices in digital marketing for making them GDPR compliant.

Rights of the data Subject:

1) Transparent information, communication and modalities for the exercise of the rights of the data subject
2) Information to be provided where personal data is collected from the data subject
3) Information to be provided where personal data have not been obtained from the data subject
4) Right of access by the data subject
5) Right to rectification
6) Right to erasure (‘right to be forgotten’)
7) Right to restriction of processing
8) Notification of obligation regarding rectification or erasure of personal data or restriction of processing
9) Right to data portability
10) Right to object
11) Automated individual decision-making, including profiling
12) Restrictions

Quick implementation Guidelines for GDPR compliance

What should be done on your Website?

1) Update your privacy policy. This page must be duly reviewed and signed off by your legal counsel. Make this page easily available across your website’s navigation, for instance. A defined place in the sitemap or footer is a great way to look at this.

2) You may want to use standard privacy policy complaint templates to learn, edit as appropriate with your legal team and publish, thereafter.

Here are some websites that provide free, paid and standard templates customized to your country and business requirements.

3) Update your subscription form for blogs and newsletters to specify the reason for customers to opt-in explicitly.

4) All forms on landing pages should be linked to the privacy page of your website.

5) You can also try the use of push notifications to send a message to your subscribers at any point in time.

What should be done with your Emailer automation tools?

1) Provide an explicit Unsubscribe option for all your contacts. Consider using an automation tools to manage this, effortlessly.

2) Maintain a personal profile of your users specifying which data you have about them with a provision for them to delete a part or the whole of the data. You can also do this by using a free tool like Jetpack.

3) Run a smart email campaign to get new and explicit consents from users if not done already (the past data may not be of much use) you may want to use a pop-up on your website if mailers don’t work.

What should be done with your CMS?

Most of the brands and plugins on WordPress have released new versions and updated their policy policies already. If not already, It is high time you visit your CMS consoles and update all plugins and notifications.

Educate internal stakeholders and most importantly anyone who reaches out to your business prospects first. The Sales department, for instance must be educated.

Reach out to all your marketing partners and agencies to make sure they too adopt GDPR compliance for any campaigns they are running on your behalf.


While GDPR aims to bring in more transparency and safeguard privacy rights of individuals and businesses in the EU, it also implies a direct hit to businesses and companies doing lead generation through emailers or direct cold calling users in the European Union. This is much needed as it brings in more maturity to digital marketing as a function within an organization and safeguards the interests of the consumers at the end of the day. Smart marketers, however, can look at utilizing push notifications and chatbots for serving the needs of your customers in real-time.

There are guidelines to make your organization GDPR compliant, businesses have cropped up promising to make your organization GDPR-ready and one must also consider having a full-time department or a Data Protection Officer to ensure this is implemented strictly across your digital marketing and other organizational functions. It is certainly not easy to be GDPR compliant in the long term. One can, however, start the journey towards becoming a GDPR compliant marketing function by following the steps as outlined above.

  1. Know more about GDPR and chapter inclusions
  2. UK’s Information Commissioner’s website for Guide to the General Data Protection Regulation (GDPR)
  3. Direct Marketing Guidance, Must read of all marketing experts (pdf)

Disclaimer: The content of the blog post above (including all responses to comments in the section below) is not to be considered as any form of legal advice and should be used for information purposes only.

Leave a comment

Your email address will not be published.

Subscribe to Website and Inbound Marketing Blog for free

You May Also Like…

Why Virtual Reality is the Next Big Leap in Marketing
6 Ways Location-Based Marketing Is Helping You Do Business Better
GDPR Implications For Digital Marketing [Website, Email Marketing, Social Media and Search Updates]