Content Marketing

Responsible digital marketing in Europe that's GDPR-compliant (guide)

Digital marketing practices vary across the world, but businesses intending to market within Europe ought to ensure their practices are GDPR-compliant. Here's how.

Consumers are increasingly cautious about their personal information, and legislation is on their side.

In 2018, Europe adopted the General Data Protection Regulation (GDPR), a law that applies to any business that processes personal data in the European Union (EU).

The law aims to protect the data of European residents from misuse, disclosure, and sale by data processors and controllers.

For marketers, this means a commitment to treat data carefully and with respect: collecting transparently, asking for permission, and keeping the information secure.

The GDPR means a range of new obligations for businesses, and the stakes are high. Companies that don't comply can face fines of up to €20 million or 4% of their global turnover.

A common question asked is – who exactly do these laws apply to?

Well, according to the GDPR, it applies to any organization, whether EU-based or otherwise, as long as they are:

Offering goods and services to people in the EU (Note: This is regardless of whether these are profitable or not, meaning it applies to non-businesses)
Monitoring the behaviour of residents in the EU ("as far as their behaviour takes place within the Union"). As most advertising cookies collect user behaviour when they visit sites, this therefore applies to any site that uses cookies (which is almost every site).

Tl;dr - Virtually any website or digital service that collects any form of user data from users in the EU (including the use of cookies) must, by law, comply with the GDPR.

So, let’s have a look at the key principles of responsible digital marketing that's GDPR-compliant.

Sample of a cookie consent policy by UK news site the Guardian

Obtaining consent is one of the most common ways for marketers to obtain personal data legally within EU countries.

Other than obtaining consent, it is illegal for any organization to collect personal data, except through one of the other five ways: contract, legal obligations, vital interests of the data subject, public interest and legitimate interest as stated in Article 6(1) of the GDPR.

You have to make sure that the form to receive consent is clear and easy to understand.
On top of that, you must offer an option to opt out even if someone has already consented to receive messages from you.

A more detailed panel showing what data the Guardian collects and options to reject all, or choose what to opt in or out of

Use contextual targeting

Contextual targeting in advertising uses technology to scan text and images for keywords that match advertising with web browsing behavior.

This is one of the only forms of ad targeting that enables advertisers to comply with privacy laws, especially the very stringent GDPR. With one of the biggest players, Google, moving to block third party cookies in their Chrome browser come 2024, this means marketers have to find other ways to gather data.

Some agencies have already started shifting their budgets toward contextual targeting versus audience-based ad targeting.

Instead of basing ad targeting on consumer behavior, contextual focus on the type of content the user is viewing so advertising can align with greater relevance.

For example, if someone has searched for office supplies, you can use contextual advertising to show similar or complementary products. The privacy rules allow this type of targeting, but marketers may have to be more careful with the data they use.

Chatbots are an increasingly popular tool for digital marketers, and customers like them. According to IBM, Chatbots can answer up to 80% of routine questions, so customers don’t have to wait for an agent to get back to them.

For businesses, chatbots cut operating costs and reduce response time.

On one hand, you don't need to use a chatbot to collect data. At the same time, your customers can't use a chatbot unless they hand over personal data.

This is why your privacy policy should state what data you collect and how you use them. Your chatbot should also comply with GDPR security regulations to prevent data breaches.

The good news is that if you have installed a chatbot recently, it is probably already GDPR-compliant as many providers updated their services to respect the new regulations.

Some GDPR-compliant chatbots include Intercom, Zendesk, Userlike, and Chatbot.

Focus on transparency

There are many ways in which marketers can adjust their strategies to comply with GDPR, such as reducing the amount of collected data, using less intrusive advertisement, and ensuring data security.

While the GDPR may appear complex at first glance, the bottom line is transparency.

You need consent first and foremost – you can’t market to people who have not given you permission and you need to explain people exactly what they are agreeing to.

For example, if a person subscribes to your email newsletter, you can’t send them random promotions unless they have indicated that they want to be sent promotional information.

As such, ensure that you have a list of options that allow the user to choose what they'd want to subscribe to, good examples include core updates, news announcements, participation in events and surveys, and promotional content.

Eventually, the GDPR takes the privacy of users seriously, and seeks to reduce unethical practices when handling the data of consumers.

It's best that businesses look at treating customers' data and privacies carefully, in order to build long-term trust and customer loyalty.

Save time and money when producing high-quality bespoke content for your markets. ContentGrow helps marketing teams work with perfectly matched content creators at preferred rates. Sign up to get your campaign started or book a quick call with our team to learn more.