Everything you need to know about GDPR – Explained

EU General Data Protection Regulation

With all the latest news about data breaches and how companies are using people’s personal data for advertising, this has a lot of consumers worried and demanding change. One of those changes is the European Union General Data Protection Regulation or GDPR. This new law is replacing the 1995 European Data Protection Directive. GDPR aims to bring all the EU member states under one umbrella by enforcing a single data protection law. It’s not just European marketers that must be compliant but any company that deals with data of European residents. GDPR is intended to put guidelines and regulations on how data is processed, used, stored or exchanged.

Under GDPR, companies that collect third-party data are required to revamp their processes for collecting personal information, and consumers are allowed to opt out. Marketers are increasingly focusing on first-party data practices that ask consumers to explicitly fork over their own information—think email signups, mobile app downloads, and comments. The new GDPR legislation can be broken down into 3 stages of compliance: Data Collection, Data Storage, and Ending the Relationship.

Data Collection

One of the important purposes of the GDPR was to create more transparency between the organizations that collect and control data, and the people whose data is collected. This means that organizations that attract people and want to collect data needed to clearly communicate what the data is used for in plain English. The individual must first give their clear consent to collect data and also be told about their rights to withdraw consent.

Additionally, organizations can only collect the minimum amount of data to meet the intended purpose. For example, if a website wants to collect data to turn visitors into leads, they can only collect the minimum information that is adequate and relevant to achieve this purpose of collection. Anything unnecessary or excessive will constitute a breach.

Data Storage

Organizations can only collect and store the data that was provided with explicit consent.  for the specified purposes. If they plan to transfer or share the data with another company, they need to ensure they have consent from the person before the information can be shared.

Furthermore, companies must ensure they have adequate security systems to store the data. Protecting it from loss, alteration, access; going as far as using pseudonymization or anonymization to protect the data. Users are now able to ask companies at any time to correct, update, or remove their data.

End of the Relationship

Finally, once a relationship has reached its end, organizations must have a clear data retention policy in place which outlines how long they will retain that individual’s information, keeping in mind there are laws or regulations that require the data to be held for specific periods. Users are able to request the deletion of their data at any time and the organization must comply with the request. Not only deleting the data from their own systems, but also any downward vendors’ systems who are processing the data.


As marketers, we should look at GDPR as an opportunity to rebuild consumer trust, these new industry regulations should not impede our progress. For advisors, this means ensuring that every member on the list has opted-in and is ready to engage. This will reset the balance between brand and audience by giving consumers more control, directing technology to be employed for more noble uses and compelling marketers to interact with consumers in more meaningful ways that create positive sentiment and ultimately restore trust. We strongly believe that enterprise marketers and advisors should be made aware of these changes, and to work together in to better communicate with their European contacts. After all, trust is what marketing should be about.