GDPR Checklist For Digital Marketing Campaigns

Digital marketing is the branch of marketing that includes any of your online efforts to reach your target audience. For example, this includes making use of platforms such as social media and blogs and using techniques such as targeted advertising or email marketing. And with many as 80% of businesses now conducting all their marketing online, it is clearly an important business function.

But digital marketing relies on the collection of data, understanding audiences, and being able to target them where they spend most of their time. Otherwise, you are just putting your content out into the crowded abyss that is the internet, with no idea if it’s going to be seen by the right people. But as well as creating engaging campaigns and analyzing data, businesses also have to take GDPR into consideration when planning their digital marketing strategy.

Despite these regulations coming into effect back in 2018, GDPR can still be confusing to many. That’s why we’ve put together this guide to provide a basic checklist for businesses that are planning on running digital marketing campaigns in the near future. That said, GDPR is complex and will impact different businesses in different ways, so this is by no means an exhaustive list. 

If you’re still confused or unsure whether you’re being compliant, it’s a good idea to check out the complete guide or even bring a data protection expert on board to help. 

Are you asking for explicit consent?

Consent is like the glue that holds GDPR together, that’s why we’re leading with this point. If you’re asking website visitors or customers to sign up for your newsletter, you need to make sure you’ve asked for consent to collect, store, and use their data. And this doesn’t just apply to email marketing strategies. It also applies to any campaigns that may ask for data, for example running a competition on social media. So consent needs to be at the forefront of everything you do. If you cannot prove that you explicitly asked for and gained consent from an individual, you could find yourself in hot water.

Are you also asking for cookie consent?

Sadly cookie consent isn’t tasty as it sounds. Almost all websites, including blogs, use cookies to store data. But in order to stay GDPR compliant, users must be given a choice whether they want to accept these cookies or not. What are these cookies used for? These can be used for a number of reasons, including retargeting campaigns. After cookies place an invisible pixel on the visitor’s browser, businesses can retarget them with advertising and content and try to get them to re-engage with their brand.

But similar to the above, if you plan to use cookies on any of your content including your website, you must get explicit consent from those visiting to allow these. This needs to be done through a clear affirmative action such as ticking a box, usually by way of a pop-up opt-in form.

Are you using sign-up forms? 

Pop-up forms can be great for getting people to sign up to your mailing list or offering introductory first-time discounts or lead. But if you’re using these you need to make sure they are just right. Give a brief explanation of how/why the data is being collected and point users in the direction of the full privacy policy should they wish to check it out. And don’t use underhand tactics such as pre-ticked boxes because these are illegal under GDPR guidelines.

Do you have a clear opt-out option? 

Are you running an email marketing campaign and encouraging site visitors and customers to sign up for your newsletter? Or perhaps you’re adding cookies to your site to use for retargeting later? Whenever you are collecting data during a marketing campaign you must also give individuals a way to opt-out of receiving your communications. 

What’s more, as part of GDPR, everyone has the right to be forgotten. This means that every individual should be able to withdraw consent and have their data removed from your systems. You need to make sure you have systems in place to manage any deletion requests and also a visible and simple unsubscribe button on any marketing communications you send out. 

Do you know why you’re collecting the data? 

Another important part of GDPR legislation is that you must have a lawful reason for collecting personal information and you must not collect more than you need. So in any campaign, you run that requires you to collect data, be that via sign-ups, cookies, or anything else, you must know why you’re collecting that data specifically and how you plan to use it in the future. Because of this, it’s best to always keep data collection to a minimum. If you only need a first name and an email address, then that’s all you should be asking for. 

Is your privacy policy up to scratch?

You must have a clear privacy policy set up and this needs to be outlined somewhere on your site where customers or users can access it. This will explain how you intend to use their data and the safety processes you have in place to protect it. This needs to be in plain English and the language must be as simple as possible. Using too much technical jargon or confusing vocabulary could be seen as a way of distracting customers from the information within. So it’s vital that your privacy policy be:

  1. As up to date as possible 
  2. Accessible to website users 
  3. Clear and concise
  4. Easy for anyone to understand

Are you careful when using third party sites? 

The good news is, when using third-party sites to advertise, such as running Facebook advertising, you limit your requirements. This is because the social media site itself is responsible for gaining consent and must let users know they may see targeted advertising etc. They must then give consent for this to happen. By simply liking your page they have already agreed to see your content. 

However, if you plan to use their information to contact them in any other way outside the platform they are using, let’s say again this is on Facebook but you want to reach them via email, Facebook will have to make this very clear in the original privacy notice as well as finding legal grounds on which to use this data under GDPR – and this causes bigger issues for them! As such, it’s best not to try and contact customers or users in this way. 

About the author

Ra Karthik

Ramachandiran Karthik is the Digital Marketing Manager at Adnabu. He loves to help Shopify stores grow their business with Google Shopping & Google Ads, using advanced features like multi-currencies, multi-languages, Metafields. Karthik has a lot of experience in digital marketing and enjoys exploring new ways to make advertising more effective for both advertisers and customers.

By Ra Karthik