top of page
  • Writer's pictureKaren Gittins

How will GDPR affect Digital Marketing?

Updated: Jan 17, 2023

At first glance, it does seem that GDPR should be the concern of the HR department. However, digital marketing is reliant upon the collection of personal data. It is, therefore, is advisable for all Marketing professionals to be aware of how GDPR will affect their day job.

It goes without saying that, for marketers, analyzable data is the key to a successful marketing campaign. However, marketers will now be required to stick to the basics.

The changes introduced under GDPR will mean that every marketer will have to be able to prove that they need the data they request. Furthermore, any individual with access to consumer data will have a responsibility. This responsibility will be to ensure compliant use and storage of data. If they are in any way responsible for a breach of that data, it will not just be the company they work for that is held accountable. The individual will be held personally accountable too.

This does mean that in an individual could be subject to fines. So, do make sure you are aware.

The areas of GDPR which are most applicable to Marketers are:

1.Data Permission

2.Data Access

3.Data Focus

Next Steps

In simple terms, data permission means that a consumer will need to give explicit consent. Marketers will need to ensure that they are giving clear outlines of purpose. They must also ensure that consumers are giving explicit consent. In short, they must agree that they are:

  1. Providing their data freely.

  2. They only consent to their data to be used for a specific purpose stated.

  3. They agree that they are clearly informed as to that purpose.

  4. Their consent must also be unambiguous.

For new marketing campaigns, this will apply to details that are already stored. A pre-ticked tick box will no longer be acceptable. Marketers must be able to prove that there is a clear purpose for the data they require. Lastly, those lengthy disclaimers will not be compliant.

Case study: FlyBy sent a mass email asking their past subscribers if their details were still correct. Unfortunately, those customers had opted out of further campaigns. Since they had opted out, they had withdrawn their consent to even be contacted. The company was subsequently fined £70,000

Data access refers to an individual’s right to control how their data is stored and who is allowed to access it. Therefore, if a company has stored old data, an individual can now exercise a ‘Right to be Forgotten’. Marketers will have to ensure that consumers can easily access their data. Furthermore, consumers must also be able to permanently remove or delete their data. This means that a simple ‘unsubscribe’ will no longer cut the mustard.

Case study: Morrisons were fined £10,500 under GDPR. This was for emailing 131,000 customers who had unsubscribed from offer emails. Morrisons had emailed ‘all contacts’ (including those marked as unsubscribed). A rooky error? Maybe so, but individuals will have to be provided with an easy way of actually deleting their data. Why risk contacting someone who has explicitly requested their data to be removed from your mailing list?

Data focus means that the requested data is actually needed. So, proof of need and then proof of explicit consent are vital. For example, a marketer will have to prove that they need to ask for an individual’s food preference. However, the marketer will no longer be able to add in ‘nice to have’ preferences.

All is Not Lost

It might seem that GDPR will be especially prohibitive to marketers, but all is not lost. GDPR presents an opportunity for marketers to really improve the quality of the data they collect. True, consent does not guarantee that an individual won’t withdraw their consent later. However, an individual will be required to agree that they are fully informed on the matter to which they are consenting. Therefore, the compiled data should yield better results.

If you would like to discuss GDPR or require the assistance of a GDPR professional, contact Amdas recognize that this article is by no means comprehensive, we do hope that it has provided a brief and broad insight into the upcoming changes. For full information on how GDPR could affect your business, please visit the ICO website

2 views0 comments


bottom of page