Quick Entry Form

Share some details about yourself

How would you like us to contact you?

Select the areas you're interested in

Add further information about your project

Thanks for getting in touch.

Your request has been submitted and we will be contacting you shortly.

Sorry, there was a problem submitting your request. Please email us at [email protected] or call us on 0161 971 3200


Back to Articles

How GDPR Will Affect Your Organisation's Marketing Activities

December 2017 7 min read


You’re probably sick of hearing about GDPR at the moment, and to be honest so are we but there are some important implications with regards to your marketing activities that you should be aware of before the big bombshell hits.

If you’ve been living under a rock, GDPR or the General Data Protection Regulation is a brand-new set of legal requirements regarding businesses use of customer information. GDPR will come into effect in May 2018, giving businesses throughout the EU a deadline to make sure their use-of-data is up to scratch. Obviously, the spectre of Brexit looms large over the implementation of the new regulations and even after our not-so-swift withdrawal from Europe, UK businesses will still need to be compliant since GDPR will affect any business that processes EU citizen data.

GDPR will replace the existing Data Protection Act, which has been in effect in the UK since 1998 but due to its complexity and the speed at which the internet has developed since 1998, it has become somewhat obsolete in 2017.

Any organisation that dares to oppose the almighty force of the Data Protection Act faces a fine of up to £500,000. GDPR has ramped up the penalty fines to up to €20,000,000 or 4% of the business’s annual global turnover. These fines have unsurprising startled everyone who hold EU citizen data and is probably the main reason why GDPR has become such a buzzword in the past 18 months.


Much of the focus on GDPR has been on these financial penalties but how are the new rules going to affect your day-today marketing efforts?


Email Marketing

The days of blindly sending out emails to gigantic lists of potential customers are seemingly over. GDPR now establishes that an individual must consent to receiving information from your organisation before any messages are sent out. Tick boxes asking whether an individual wants to be targeted by your email campaigns have been around for a while but now it is a mandatory requirement to give customers the choice to ‘opt in’ and there can no longer be any shenanigans by placing boxes that say something like ‘Tick this box if you do not want to receive information from Company X’.

What exactly does ‘consent’ mean in this highly vague context? Thankfully, GDPR is on hand to provide us lucky few with a succinct definition:  'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her’.

Under GDPR, customers will have the right to ask you to delete their information from your database. According to the Information Commissioner’s Office, customers can specify the following as reasons for their information to be deleted:

  • “to exercise the right of freedom of expression and information;
  • “to comply with a legal obligation or for the performance of a public interest task or exercise of official authority;
  • “for public health purposes in the public interest;
  • “archiving purposes in the public interest, scientific research historical research or statistical purposes; or
  • “the exercise or defence of legal claims.”


The Right to be Forgotten

So, there’s quite a broad spectrum of justifications that customers can use in order to remove themselves from your database. Lucky for you, the Marketing department will likely be responsible for ensuring that customers can easily ask to be removed, be this by including unsubscribe links in emails or by providing data removal through a self-service user portal. It is also important to bear this in mind when changing any third-party marketing tools (CRM, e-mail automation software etc.) as you must be able to delete the data stored on these platforms after you have finished using them.

Justify Your Data

Following on from this definition of customer consent, the next point to consider is that you are collecting only the customer data that you need. As marketers, we have a tendency to wring as much information out of a lead as possible on the off chance that this data might be useful at a later date. GDPR will clamp down on those who can’t justify that the data they are collecting is for legitimate purposes.


Marketing at exhibitions, conferences and trade shows is as easy as shooting fish in a barrel – well, not any more. You can no longer just take personal details from delegate without first gaining written consent. This is a potential game changer for many within the Marketing industry as events were a sure-fire method of bulking out email marketing lists. From now, everyone will have to be much more measured in the way we approach events marketing.


What Should You Do?


Implement Clear Processes

Make this the moment to instil formal data processing procedures in your organisation. Unfortunately, this will probably begin with a data audit – I know there are worse things than trawling through a database full of contact information, but that list is probably incredibly short. Data cleansing specialist, W8 Data has published a report that claims up to 75% of marketing databases will be obsolete by time GDPR rolls in. A worrying proposition given that GDPR will roll out in less than a year’s time.

Update Your Policies

Your privacy policy will need to be updated to reflect the changing nature of your data collection practices. It’s improbable that every visitor to your site will stop to take a look at your beautifully-crafted privacy policy but you need to make sure that if someone does take notice, that is does represent your company entirely truthfully.

Think Ahead

It’s scary to think about but you need to think about what your organisation will do in case any actual data breaches occur? This process would usually involve admitting that you have suffered a data breach, offering any short-term solutions that could help mitigate damage for the customer, and explaining how you intend to prevent such problems in the future.

Designate a GDPR Champion

Do you have someone in your organisation who is responsible for ensuring that all your data is compliant? For smaller businesses, it’s understandably difficult to assign a dedicated data protection officer so it may be a case of someone performing dual roles – perhaps an HR Manager – or even outsourcing this responsibility to an external provider.

Revitalise Content Strategies

Relevant and timely content from your organisation can have a positive effect on customers and their willingness to give contact consent. It’s pretty obvious really, if you’re constantly spamming customer inboxes with material that is utterly inconsequential to their job or interests, they’re likely to hit the unsubscribe button pretty quickly. Don’t give them a reason to do that. Give them a reason to stay. Give them great content.

Don’t Hide Away

Rather than sneakily hiding away a small consent tick box in the bottom corner of a page, you could be up-front about why you’re asking for the user’s consent – perhaps you want to send them amazing, relevant content (see above) or get their input on site improvements. Customers are often fearful that by handing over consent they will be flooded with constant sales pitches from your organisation but will be much more willing if they know exactly how their data will be used.

Consolidate Data

The easiest way to make your data manageable is to control it through a single platform. A CRM is ideal for managing vast amounts of data and can help you make sense of the information that you possess. If a customer comes to you and asks you to delete their details from your records, you only need to delete one set of data rather than scrambling to remember the disparate platforms on which this data could be stored and crossing your fingers hoping that you’d managed to get rid of it all.


Benefits of GDPR


Better Content

As briefly touched on in the section above, GDPR gives your organisation a need to create more personalised content in order for customers to be more willing to give marketing consent. Sending tailored content is likely to lead to a more engaged user base, which will lead to a higher conversion percentage on your website.

Become a Mind Reader

You can adapt your consent forms to understand what exactly potential customers are interested in. You can then tailor marketing communications to better target individuals. Additionally, you could spend a bit of time adapting your consent forms so you can better understand which areas of your business interest customers. For example, you could ask:

  • Do you want to be contacted with information regarding our Web Hosting services?
  • Do you want to be contacted with information regarding our Digital Marketing services?
  • Do you want to be contacted with information regarding our Creative Design services?


If the user responds positively to one of these questions, then you know exactly what they would like to talk to you about – giving you a pipeline to a conversion.

Clear the Air

According to PR firm Edelman's annual trust barometer survey, public distrust with corporations seems to be at an all-time high in 2017 and there seems to be a common perception that corporate practices are shrouded in smoke and mirrors. By ensuring you’re consent collection practices are up to GDPR standards, your organisation will be able to add a much-needed element of transparency.

I hope this post has been useful to you whether you're a marketer, oversee a marketing department or if you just love reading overly-long articles on the impact of cross-border data regulations. If you have any comments or suggestions for future posts, please let us know via Twitter.

Thanks for reading and look out for future posts!

Written by Joe Sanders GDPR Enthusiast

The views expressed in this article are solely those of the author unless explicitly stated. Unless of course, the article made you laugh, in which case, all credit should be directed towards our marketing department.

Read more from our blog