GDPR Compliance


If the authorities deem a marketing company or department to be in breach of GDPR rules, then they have the power to lay down heavy fines. Such rulings are designed to deter marketing organizations from holding unnecessary data, outdated data, and data that has been requested to be removed by the individuals it is stored on. For digital marketers especially, where the collection of client and public data often occurs, ensuring privacy regulations are properly adhered to can make all the difference with such rulings.


In other words, marketers have to show that they have applied with the spirit of the GDPR rules as well as the letter of the law. If you are open and transparent with your activities regarding client confidentiality, for example, then it less likely that a severe ruling will be handed down. On the other hand, marketing professionals who are more guarded in their approach can face the stiffest penalties if they suffer a data breach or their data removal systems are found to have been inadequate.


How should marketing teams manage the data they need to store to do their jobs effectively whilst balancing the rights of organizations and individuals to data privacy? Read on to find out.


Privacy Considerations

First of all, it should be mentioned that many consumers think that businesses are not doing enough to look after their privacy. Although the law has been updated in recent years to counter these concerns, many people still think that their data is not looked after properly. Therefore, marketing professionals can do their brand a great deal of damage if they are not seen to be up-to-date with all the latest privacy rules. Indeed, tarnished reputations may never fully recover following a significant data breach, for example, or when database information is inappropriately shared by marketers.


Greater Transparency

As previously mentioned, having an open approach with your data security measures and compliance procedures is a good thing from the point of view of potential privacy rulings from regulators. It is also essential for any marketers who want to build trust with the client base. In other words, you need to be upfront about what information you will record on clients, which datasets will be kept, and how long they will be retained for. You should also be open about your privacy policy and have clear information about what people can do if they want to request their personal information to be removed.


Cookies and GDPR Compliance

As well as publishing your privacy policy on your website and making it easily accessible, GDPR rules make it clear that cookie information must be simple to read. This means informing digital visitors that cookies are being collected as well as giving them the choice of opting out. Pop up banners are a common way of drawing attention to cookie data and policies without negating the design and layout of a website. Remember that non-compliance in this field can cost companies a lot of money.


Digital Marketing

There is nothing new with using the digital realm to market successfully to current clients or registered users who have shown in an interest in your products and services in the past. That said, if you want to send your latest offers to the email addresses you have in your database, then you will have to gain informed consent for this. Equally, you must now provide a simple means for those people you are reaching out to unsubscribe from your digital marketing activities. Remember that this is not simply about avoiding rulings from digital regulators but making it clear to clients that you take their digital rights seriously. Without such measures in place, you will create the wrong impression which could lead to people being put off procuring your company’s goods and services altogether.


Data Destruction, Not Data Deletion

Bear in mind that deleting information and records does not always get rid of it completely. When you delete a client’s email address or other personal details from your database, it may be deleted from a server but their information could still be held on other records or computer terminals. Moreover, deleted data remains accessible if the hard drive can be obtained. Therefore, professionally destroying data with degaussing techniques, erasing all of the data on a drive with software, or physically breaking it up will be necessary to comply fully with the rules and avoid potential data breaches.


In Summary

Data is necessary for digital marketing. What is held, however, should be appropriate for the sort of marketing activities taking place. It should be held with informed consent and it should be destroyed when it is either no longer needed or when that consent is removed. If marketing professionals put measures in place to handle these considerations effectively, then the worst penalty rulings available to the data authorities should never be handed down.


Author Bio: This article was written by Peter Desmond, Marketing Manager for Wisetek, who are global leaders in IT Asset Disposition, Data Destruction & IT Reuse. Wisetek helps businesses ensure they meet their legislative requirements regarding destroying customer data when it is no longer relevant.

gdpr complianceIn May 2018, the General Data Protection Regulation (GDPR) went into effect. The new rules apply to the way companies protect and handle information collected from citizens living in European Union (EU) countries.


However, about 75 percent of brands see GDPR as a challenge to implement, and around 42 percent of brand websites still aren’t GDPR compliant. Taking steps toward protecting the personal data of consumers is a positive change, but the results of GDPR won’t appear until most sites come on board and figure out the best ways of protecting data.


The impact of GDPR on the web industry is multifaceted. Here are seven ways GDPR creates a change online and predictions for where the regulations will go in the future.


1. Making Information Clearer to Consumers

One thing the GDPR provides is a clear source of information about the privacy policies of the site. The GDPR requires brands to put their privacy notice in an easy-to-locate place on the website. You’ve likely noticed that most companies have a link in the footer of their websites. However, some also have pop-ups letting site visitors know they updated their privacy policy recently.


Think through the reading level of your average customers and stay away from legal style language. If you need a lawyer to translate the policy for you, then it needs to be rewritten so your users understand it upon first glance.


2. Creating Policies

Updating your privacy policy forces your company into thinking through every element of your policies. How long do you keep information on file? What exactly do you use the information for? Create a plan for how you collect it, how you store it and what happens to information when you no longer need it for business purposes.


One of the easiest ways to ensure GDPR compliance is with a privacy policy template that lays out the specific elements needed. Look at your policies through the eyes of your users. How often should you update your privacy policy? Regulations change frequently, so revisiting your policies at least once a year keeps everything current with laws and your own company’s changes.




AT&T shares their privacy policy in a way that’s straightforward and easy to read. Note the way they list out the main points in bullet points for easy reading. They summarize the main points, but also provide clickable buttons to the full privacy policy.


3. Fixing Security Holes

One of the elements of the GDPR includes a responsibility for companies to keep information secure. Appoint a data protection officer (DPO) and ensure they have the tools needed for secure data storage. The DPO serves as a point of contact for consumers with questions about how their data is stored.


The DPO also updates any information collected at the request of consumers or deletes files promptly as outlined in the privacy policy or when consumers ask for removal.


4. Including Subscription Forms

In the past, companies collected emails or information via forms, but consumers weren’t always aware of how that information was used. More companies clearly list privacy policies on their forms now to ensure GDPR compliance. Adding the privacy policy on the form or near it gives consumers an opportunity to choose whether or not they agree with the use of their personal data. They can then decide to share the information or not.


cherrys industrial equipment


Cherry’s Material Handling has a form near the bottom of their page for promotional offers. The form has one field and a call to action (CTA) button — just under the subscription box is an invitation to “View our Privacy Policy.”


5. Adding Better Accessibility

One requirement of the new regulation is using simple language that makes the policy understandable for users. Sites that serve more than one country now have details translated into multiple languages. For example, AARP offers a page with their privacy policy and a link for the Spanish version. On the Spanish version of the privacy policy is a link to the English version. Providing two translations serves both languages and expands their customer base.


6. Changing Data Sharing

The new rules require companies to outline how information is shared with third parties. This change is both positive and negative. Consumers’ information is more secure because companies are less likely to sell data without informing their subscribers of the possibility. However, fears of regulatory laws limit how two or more companies work together and share data between themselves, reducing promotional opportunities for businesses.




Dyson states in their privacy policy that they never sell your information with others. Note the visual aesthetics of their privacy policy page. The company lays out their commitment and understanding of the responsibility of protecting your information. Scroll down the page and find a summary of their principles behind privacy and a link to the full policy.


7. Reducing Invasion of Privacy

The GDPR is changing the invasion of privacy perpetrated by companies such as Google and Facebook. In the past, you had no choice but to accept their demands to access all sorts of personal information to use their platforms.


However, Facebook and Google face $8.8 billion lawsuits for not giving users a way to use their platform and still opt out of sharing information such as what types of searches they’re conducting. Specifically, they’re in trouble for their predictive search bars that show users what others have searched for.


The GDPR forces big brands into considering the privacy of the average Internet user. Although this is a pro for consumers, it’s likely going to change the way you use Facebook and Google’s search engines.


GDPR’s Future

Some brands balk at initiating a bunch of new policies and following regulations when they aren’t even located in an EU country. Already, a few brands have refused to do business with consumers in the EU. Opponents point to the vague language of the GDPR as an area of concern. However, expanding into global business provides you with an additional customer base you otherwise wouldn’t have. Once the cases against giants Facebook and Google complete, rules should be a bit clearer and help smaller brands understand what changes they need to implement.


Lexie Lu is a designer and writer. She loves researching trends in the web and graphic design industry. She writes weekly on Design Roast and can be followed on Twitter @lexieludesigner.