There have been an awful lot of horror stories circulating on the subject of GDPR and what it’s going to do to marketing, but is it really a bad thing and what do you need to do to ensure you comply with the new regulations?

If GDPR is new to you, it stands for General Data Privacy Regulation and it’s a new EU law that comes in on 25th May 2018, which will have a huge impact on how marketers can store data and contact customers and prospects. The UK will be implementing its own version of the law, so there’s no getting out of it because of Brexit.

Here’s why you need to pay attention and start getting ready for GDPR if you haven’t already:

The EU is really taking this seriously, and the penalties for not complying are eye-watering, with fines of up to 20 million Euros or 4% of your global annual revenue – whichever is GREATER!

Changes for compliance

When it comes to GDPR, ‘consent’ is definitely the word of the day. Whereas before, you could get away with single opt-in, pre-ticked consent boxes and assumed consent in tiny letters in your privacy policy, now the onus is much more on the business / marketer to clearly explain what the individual is signing up for and what their data is going to be used for. Customers can now have far more control over their stored data and whether companies can continue to use it. They have the right to be forgotten, to request that their data is amended if incorrect and to request transfer of their data to another company.

Marketing and GDPRIf you’re offering a lead magnet, for example, you can’t simply assume that when someone signs up for that, they are also giving you consent to add them to your marketing list. You need to specifically ask the question and let them choose to opt in. If you then want to do something else with their data, such as send it to a third party that’s providing a webinar for you, you’ll have to be clear on that and get consent again.



With GDPR, you can now only collect the information you need, and you have to make a business case for why you need anything else. You can also only keep the data for as long as it takes to use it for your stated purpose. Most companies will have enough information with collecting name, company name, and email address, so if you request anything else, such as how many employees someone has or their turnover, you either need to justify asking those questions or you don’t get to ask them. If a restaurant, for example, is going to send out a discount on a customer’s birthday for their favourite dish, they can make the business case that they need the birth date and the name of the dish.

Security is also a huge part of GDPR. So many consumers felt that they didn’t know what data was being collected on them, what companies were doing with it and if it was secure.  GDPR attempts to address this with transparency on data collection and an insistence on security and encryption to protect the data from hackers and data breaches.

Marketing under GDPR in a nutshell

Transparent consent is everything, so there’ll be no more use of bought lists with unconfirmed opt-ins or scraping information from the web – not unless you want to hand over a good chunk of your profits in large fines!

If you have marketing automation set up, whether from email marketing software such as GetResponse or MailChimp, or from something more advanced, such as Drip, you’ll have to be extra careful not to send anything to people who have already opted out of your list and have a system in place to ensure that an opt-out on one system is also updated on the other.

If you deal with journalists, they are as much entitled to give and withdraw consent as anyone else, so you can’t just send out press releases willy nilly, without asking for permission.

Basically, don’t assume anyone wants to be contacted, don’t contact them without permission, and keep in mind that you need further consent if you want to do more with their data.

So what’s left? What can you do?

Well, email marketing and automation aren’t going away, you’ll just have to be more creative and clear about how you get people to sign up. Try pop-ups on your site to encourage people to sign up to newsletters and use effective lead magnets that people want and add value. Push notifications are also still allowed because customers have to agree to receive them and because they don’t collect any data.

And of course, content marketing and social media outreach are still very much things you can do, they’re also some of the best ways to attract high-quality clients and customers.

Complying with GDPR requires an amount of work and it can sound like it’s out to make your job a lot harder.  The fact is, when implemented effectively you can achieve more targeted, higher quality leads on your email list, with an overall increase in your data quality.  GDPR will also encourage companies to be more creative and innovative with their marketing efforts. You’ll also build far more trust with your customers when they know you have their best interests at heart and are fully transparent about how you use their data.  That’s got to be a good thing.

If you need any further advice on complying with GDPR and how to manage your marketing accordingly, please don’t hesitate to contact us and make GDPR work for you.


Best Regards,


Darren Martin

Marketing Consultant – Elite Marketing Services

Measurable Marketing. Results That Exceed Expectations.