As a marketer, paying close attention to privacy laws is very important, assuming you wish to avoid fines and other legal consequences. One law that many marketers need to pay close attention to is the GDPR. Set in place in May of 2018, many are still learning how they need to change their marketing tactics to be in compliance with the legal requirements for GDPR. This blog post answers the question of “What is the GDPR?” and explains the impact of this regulation on marketers.

What is the GDPR?

What is GDPR?GDPR stands for General Data Privacy Regulation. It is a European Union regulation that protects the personal data of EU citizens. You may come to the conclusion that the GDPR does not apply to you if you are not in of the EU. However, that may be incorrect. If you have access to, control of, or process the personal data of any EU citizens, this applies to you.

The Impact of the GDPR on Marketing

The biggest impact of the GDPR is how marketers handle their customers’ data. It limits the way in which marketers get information about their clients and website visitors. When you consider that collecting and analyzing the data of customers is a large part of online marketing, many marketers have been impacted.

Permission to Receive Data

You can no longer assume that someone in the European Union wants you to collect their data. You now have to ask them if they would like to receive your promotional offers or allow you to collect their data. Asking for permission sounds more time-consuming and complicated than it really is. In fact, you have likely given a business permission to receive your data without realizing it!

When signing up for something online, you may have noticed new boxes you have to check off before hitting the “Sign Up” button. Most companies now ask you to check off that you have read their privacy policy and if you would like to receive offers sent to your inbox. These new boxes are a result of the GDPR. According to the GDPR, the request for personal data must be “clear and concise.” So, this means website owners cannot trick you into consenting.

Are you enjoying this post? If so, be sure to subscribe for occasional email updates from our team!


You may have also noticed you often see pop-ups on websites stating, “By continuing on this site, your consent to our privacy policy.” This is yet another form of compliance for the GDPR. While probably only 99% of people don’t bother to check the business’ privacy policy, website users are normally consenting to give data to marketers. Once a business has been granted permission to receive a person’s data, what data do they have access to?

Access to Data

There are many different forms of personal data that marketers have access to. Personal data can be anything from a birthday, name, email address, or location. When consumer’s give their consent to a business, they are consenting to their information being collected.

If you are in the United States, you may have heard of the CAN-SPAM Act of 2003, which primarily affects email marketing. The GDPR also has an effect on email marketing in a very similar way. Both of these regulations require you to remove people from your email list if they ask to be removed. The GDPR calls this the “right to be forgotten.” This means even if someone did consent to receive your marketing, you must delete their data when they ask.

Data collection requirementsSpecific Purpose for Data

One of the most surprising aspects of this set of regulations is that marketers must justify their collection of data. In other words, data cannot be collected if it will not be used (even if the consumer consents to it). You cannot collect as much data as possible without having a specific and intended reason to collect it.

In reality, marketers really don’t have to collect so much data. Usually, we only need to know specific interests and demographic information about consumers. We don’t need to know someone’s favorite ice cream flavor or their child’s birthday. Simply just collect the data about people you will legitimately use and that you can justify. If you can’t justify knowing certain information about someone, then don’t collect it.

Do You Have to Announce That You are Compliant?

If you are outside of the European Union, you do not have to make any specific announcement that you are in compliance if you do not want to. Although making an announcement might gain respect from your customers, as they know they are being protected under the GDPR.

If you are inside the European Union, you have options to demonstrate your compliance. According to the European Commission website, a business has the choice to be certified as compliant. Businesses do not have to get a special certification if they do not want to. Either way, all you legally have to do is just start complying, which makes it very easy to follow the set of regulations.

How to Be in Compliance

Above, we discussed the regulations set in place by the EU’s General Data Privacy Regulation. If you are a marketer, you may be asking yourself, Where do I go from here? There’s no need to worry, because with just a couple of changes, you should be in compliance.

Adapt your digital marketing strategyChanging Marketing Tactics

Considering the GDPR regulations apply to everyone who has the data of EU citizens, we all have to be very careful about our marketing tactics. If someone from Italy decides to opt-in to receive your promotional emails, you have to tailor your marketing tactics around them. Even if all of your website visitors and email contacts are outside of the EU, you never know who will visit your website in the future. If you follow GDPR regulations, it may make it easier for you to avoid violating the law by mistake.

The requirements of the GDPR are all pretty fair. They respect your website visitors’ privacy and don’t require major changes. You also might find that your marketing is more effective when people choose to be exposed to it. Consider making the choice to become GDPR compliant with your website or business.

Study the Regulations

The European Commission has a great and comprehensive website dedicated to educating people about the GDPR. If you are a marketer and want to be in compliance, you should study the regulations found on the website. Do not strictly browse blog posts (like this one). Rather, find other’s interpretation of the law. The only ways to ensure you fully understand the GDPR is by reading it, or by hiring an expert in this field to assist you. To get more information, you can visit the European Commission Data Collection website.

If you need help with your internet marketing, feel free to contact us by filling out the form below.


Joshua Lyons Marketing, LLC was established in 2015. Since that time we have provided digital marketing services to business and professionals. We help our clients increase their online exposure as a means to increase sales and revenue. Our core services include search engine optimization (SEO), website development and content creation. We also provide other online marketing services, such as email marketing, marketing consultations and various types of advertising. Our team is based in the Milton, Pace and Pensacola, Florida area. However, we work with clients throughout the United States. Read More



Get a quote today! Just fill out the form below and someone will be in touch!