GDPR Deadline has Passed: Here’s What’s Changed for Marketers

By Maria Brown

The May 25th deadline for the European Union General Data Protection Regulation (GDPR) has come and gone and many of our clients are asking “what changes for us” as a marketing arm of the company.  The skinny?  A lot.

Unless you’ve been living under a rock, the purpose of GDPR is to protect citizens’ data privacy. As marketers, we know that personal data is key to today’s marketing program. We must give consumers tailored content that speaks to individual likes, wants and needs. So how do we navigate this path when there are now significant restrictions – and hefty fines – associated with doing this job well?

Let’s take a step back here. GDPR compliance takes a total shift in thinking as marketers. We must forget more than 20 years of business practices and –wait for it – stop using every technological capability available to us today.  GASP! But yes, your read that right… and if you’re thinking “well, maybe only if we’re marketing in the EU” you’re only partly right — everything online is inclusive of the EU.  Translation: all your digital content falls under GDPR.

So, what are some of the most important takeaways here for marketers today:

Data Collection

If an organization is collecting data to convert a website visitor into a lead, they are only permitted to collect data that is adequate, relevant, and limited to what is necessary for the intended purpose of collection. Anything else will be a violation of GDPR.

Data Control

GDPR was designed to provide more transparency between the organizations who collect and control the data and the individuals whose personal data is being collected. For example, if you collect data on your website via a form you must communicate clearly to that person what the data will be used for. Also, you need to add a call to action to that form requesting consent for the use of that data.   Any time an organization wants to use the data for a new purpose, you must get consent from the individual. Correction: from every individual.

GDPR and Value

With GDPR, the value of all personal data is no longer for the organization, it is back into the hands of the individual.  Full stop.


When collecting data, security needs to be at the forefront and in accordance with the Security provisions of the GDPR. An organization must use “appropriate technical and organizational security measures” to prohibit personal data against unauthorized processing and accidental loss, disclosure, access, destruction, or alteration.  Use encryption when financial information is being conveyed including SSNs, bank routing numbers, and more.

Partnerships Matter

It’s important to partner with firms like Matter that understand these new GDPR laws.  For more information on what you should know about GDPR, please reach out.