Digital technology has inexorably changed the face of privacy. According to Cameron (2022) 80% of consumers are concerned about the usage of their personal data and 95% feel it is important that their data is protected when online. On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect. It represented the most comprehensive effort yet to govern the way businesses collect and manage consumer data, establishing consistent data standards to protect EU citizens from potential privacy abuses (Greengard, 2018). Marketers rely daily on customer data, with it being a key consideration in digital marketing planning.   

Data Collection

An example of GDPR’s impact is the enforcement of data minimisation, ensuring that only relevant and appropriate data is to be collected. Collecting excessive or unnecessary data can result in non-complianceresulting in serious penalties, such as fines of up to 4% of global annual turnover or €20 million, whichever is higher (General Data Protection Regulation (GDPR) (2023)). 

Data collection can either be first party data, such as collecting consent via a website form or at a purchase point, or via a third party data processer, such as a marketing agency. Marketers using third-party data processors must exercise due diligence when choosing appropriate and trustworthy partners in order to maintain transparent and accountable data processing practices.   

Consent v. legitimate interest

When considering sending marketing, such as via an email campaign, to your contact list, you must first consider your objective and who you are sending it to. As a general rule of thumb, if you are targeting a Business to Consumer (B2C) audience with personal email addresses, you would need to obtain consent in advance of your campaign. If you are targeting a Business to Business (B2C) audience, with a company email address, you may feel that they have a legitimate reason for receiving your campaign and would therefore be able to send this under Legitimate Interest, without prior consent. You would however need to provide the option to unsubscribe in both cases.   

Transactional v. marketing campaigns

In the case of your messaging, you need to be clear whether you are sending a transactional email or whether you are including marketing messages. If the message is purely transactional you are able to send this without consent, for example and email confirmation an order placement. This will need to include no marketing messaging or signposts to your marketing channels. If you are promoting an offer, or a new service, with clear links to your marketing channels, you will need to do this as a Consent or Legitimate Interest Campaign.  

Review your data reporting

With the introduction of GA4 this month, now is the perfect time to consider how you capture and process data. An audit of your data sources, reporting and measurement would be a timely exercise as you start to map out your new reports in GA4. This new version of web analytics from Google approaches your consumer’s journey across multiple digital platforms (such as mobile, desktop and tablet), so it would also be prudent to reconsider your user’s interactions with your digital marketing channels.   

The Government published draft legislation to update GDPR in March 2023, so further change is coming in terms of how we can process and use data in our marketing. It is there important for marketers to clearly outline how they plan to process, analyse and use customer data, alongside developing an understanding of how their audience want their data to be processed and how they want to be communicated to.