"Helping Businesses Create, Optimize & Grow."

Vorbly Blog


Digital Marketing Best Practices.

Learn How To Grow Your Business.


How To Safeguard Consumer Data For Marketing Campaigns?

Updated: Apr 6, 2018

As the EU General Data Protection Regulation (GDPR) comes into effect on 25 May, 2018. The new regulation will effect all businesses with websites accessible by users in the European Economic Area (EEA). Even if your business does not market directly to EEA consumers, this regulation still applies. And failing to comply with the regulations could lead to fines of up to €20 million.

Such data protection regulations will become a commonplace as governments and regulators step up consumer protection efforts. From specific data protection laws in the United States to Australia's Privacy Principles (APP) and Singapore's Personal Data Protection Act (PDPA).

What Data Protection Means To Marketers?

Brands and businesses which operate in these jurisdictions will have to be aware and implement changes to their marketing campaigns. Uses these online tools to learn more about data protection regulations in each country.

Search Engine Marketing will get more complex with new data protection laws. With the new EU GDPR laws, website publishers may serve only non-personalized ads to EEA users (or 389 million users). As more users are excluded from personalized ads, Remarketing Campaigns will see a decline in reach and effectiveness.

Remarketing Campaigns. How will data protection laws affect your remarketing campaigns? Remarketing advertisements use either cookies or device IDs to obtain personal data about users to retarget them with customized ads. With explicit consent required for the use personal information from cookies, marketers should expect to see a decline in retargeting volumes.

Best Practices For Data Protection

We have summarized some best practices for data protection that small businesses should implement. These practices serves as a guide and should be reviewed by a legal professional and customized for your business.

Update your privacy policy. Disclose important information such as what and how data is collected, how data will be used, information sharing policy and information security measures in your privacy policy.

  1. What type of information is collected? Personal information (e.g. name, email), browser and device information (e.g. cookies, demographics) and IP address.

  2. How do you collect information? Data can be collected through your website, customer service rep, third party sources (e.g. social media, Google), browser, devices, mobile apps and cookies.

  3. How do you use personal information? Information can be used to respond to consumers' queries, fulfillment of orders, send announcements, send marketing communications, personalize consumers' experience, contests, data analytics, audits and fraud monitoring.

  4. How will you share personal information? In some cases, you might have to share information with your subsidiaries, affiliates, third party (e.g. Google Analytics) and other service providers to provide consumers with products and services.

  5. How will you secure personal information? Provide more information about the technologies and processes your business has implemented to protect consumers personal data from loss, misuse, interference and unauthorized access.

  6. Other useful information. You should provide useful information such as how consumers can access, amend or remove their information, retention period, personal data options, policy around minors and complaints.

Obtain consent from users. Marketers need to obtain express consent in a "freely given, specific, informed and unambiguous" way before using consumer information for personalized ads. Adding an opt-in checkbox in your contact forms, newsletter subscriptions and marketing campaigns ensure compliance with data protection laws.

Maintain your CRM database. This might sound like common sense, but when you collect data from thousands of customer touch points, your database can have errors. You need to make sure that every customer in your CRM database has given you permission to market to them. If someone opts out, your CRM database should be updated automatically to ensure that the customer is not contact in the future.

Google AdWords & Analytics. According to Google, GDPR terms will be incorporated in the terms of service for all customers. You can accept the new terms of service in your AdWords and Google Analytics accounts. And Google Analytics will be enhanced with new controls to manage the retention and deletion of personal data.

"You must use commercially reasonable efforts to disclose clearly, and obtain consent to, any data collection, sharing and usage that takes place on any site, app, email publication or other property as a consequence of your use of Google products" - Google

Marketing Tips For Data Protection

1. Email Marketing Campaigns

It can be as simple as including an unsubscribe link in your email marketing template and allowing users to manage their email preferences. Use contact forms and newsletter subscriptions with opt-in function to build your email lists. DO NOT buy email lists or scrape (or copy) emails directly from websites. Under the new GDPR regulation, buying lists and scraping personal information are strictly forbidden.

BestBuy and Wayfair allow customers to unsubscribe or select their preferences for their marketing emails. Retain more customers by providing the option to select frequency.

2. Refer-A-Friend Programs (or Member Get Member)

Refer a friend programs work when customers enters a friend's email address in order to claim an offer (e.g. discounts or cashback). Then an email is automatically sent to the friend without obtaining explicit consent to contact them. These email "notifications" might violate GDPR regulations. Instead, learn from Ebates and be creative with your referral campaigns.

Ebates allows customers to send a link directly to their friends. When their friends sign up and volunteer their personal data, customers earn a referral fee.

3. Focus On The Data You Need

As marketers, we are always tempted to obtain more information about prospects and customers. When you are selling home loans, is asking for customer's favorite song really necessary? Marketers need to stop asking for "nice-to-have" information and stick to the basics. With less information collected, businesses can streamline their CRM databases and ensure better compliance with data protection regulations.

4. Understanding Customer Preferences

From data protection regulations, there is an opportunity to learn more about your customers. Instead of a simple yes or no option when asking for consent, marketers can present a range of options to better understand customer preferences. You can be compliant and further segment your customers.

CNBC subscribers can select their interests (e.g. breaking news) when signing up for the newsletter. And the company only sends relevant articles to subscribers.

5. Building Trust With Customers

Consumers choose brands and businesses they know, like and trust. Building trust with consumers can be as easy as being transparent and honest with your privacy policy. And obtaining consent prior to sending marketing communications can demonstrate your company's commitment to treating customers with respect and safeguarding their personal information.

What's Next For Small Businesses?

By adopting best practices and using marketing tips for data protection, small business will be able to comply with the data protection regulations. And increase the effectiveness of your marketing campaigns by building trust with your customers.

Learn more about the EU General Data Protection Regulation (GDPR) and how it will affect your business.

Vorbly | Marketing Made Easy

Digital Marketing Solutions For Small Businesses