General Data Protection Regulation

The General Data Protection Regulation (GDPR) will come into effect on 25 May 2018 and will be the biggest change to the data protection regime in the EU, since 1995, the launch of the Data Protection Directive. The changes will affect the way we operate when it comes to marketing in a number of ways, including:

  • Opt-ins, opt-outs, and consent regarding communications – which means prospects and customers must agree that their data can be used and they can be contacted
  • A customer’s right to be forgotten – which allows individuals to express more control over how their personal data is collected and used, but also the ability to access and remove data
  • The legal basis for processing personal data – which will require better housekeeping on the part of the marketer and a reduced amount of data collection for unnecessary reasons

GDPR compliance for marketers

When it comes to compliance with the new regulations, it is vital for marketers to remain within the designated constraints to ensure that they are not in breach of the new regulations. As before, marketers must ensure that the way they manage data is fair, safe and legal. However, there are now more restrictions concerning collection and the time scales associated with storing data.

So what do GDPR changes mean for marketers?

Although it may appear stringent, the new regulations are not quite as extreme as initially perceived. There are three core areas affected by restrictions, within marketing, of which all professionals in the industry should be conscious.

Opt-ins, opt-outs, and consent

Changes to the way that opt-ins, opt-outs and consent regarding communications are managed is key to abiding by the new GDPR restrictions. The new regulations state that consent for the communications must be ‘freely given, specific, informed, and unambiguous’, and articulated by a ‘clear affirmative action’. This means that marketers can no longer presume consent due to past activity or lack of recent activity. Customers and prospective customers will have to agree to a data usage policy, whereby their data is available to the company and that they can be contacted via the details submitted.

The right to be forgotten

The second key change is the right for consumers to be ‘forgotten’, with this change offering consumers more control over how their data is used and collected initially. This also means that customers will be able to access and remove their information from databases more easily and withdraw their consent for the use of their data.

Data management

The final key change regards the legal basis of processing customer personal data, and will ultimately require marketers to ensure better housekeeping of the data they have collected. It also requires professionals in the industry to collect data more carefully and avoid collecting personal data for unnecessary reasons.

How can marketers prepare for GDPR?

Without adequate preparation, marketing professionals could end up being hit with high penalties for breaching the GDPR regulations. The fines can be as hefty and amount to around €20 million or 4% of global annual turnover, whichever is the higher sum. Lower fines can amount to around €10 million or 2% of global annual turnover, which will likely be the driving encouragement for marketers to adjust their approach to the collection and processing method of data.


The GDPR news doesn’t need to worry marketers though and should be associated with a higher quality gate when it comes to information. Quality data is then more beneficial to lead generation and remove this barrier through only accumulating relevant and legally compliant information.


Businesses should set in place, a system in which they can easily process requests from customers to remove, amend or destroy customer data when requested. They need to make this as easy as possible to do so, to ensure their customers have this legal right and that it is easily accessible, with the most efficient way to do this by setting up an online access for users to submit their removal of data requests.


It has been suggested that large scale businesses could look to appoint Data Protection Officers to ensure compliance throughout the whole business, where as SME’s should look to retrain a number of existing staff to ensure they are meeting regulations and avoid noncompliance.


Overall, the changes are going to cost businesses, in terms of time and money. Firms will need to ensure that they are adjusting internal systems and strategies and may need to implement employee training strategies to support these changes. It is crucial that all businesses aim to be compliant ahead of the 2018 changes, to steer clear of a nasty fine.

For more information, take a look at this useful infographic created by the Direct Marketing Association (DMA), to assist those unfamiliar with General Data Protection Regulation (GDPR):


Absolute DM offer bespoke direct marketing solutions, with over 80 years of combined experience across the UK, EU, and the US. Our campaigns are created with brand values in in mind and a core emphasis on ROI for all of our clients. To find out how we can assist you with your direct marketing campaigns, contact us today!