Digital Marketing is evolving swiftly day by day and it is getting easier to reach customers using newsletters and advertisements. Data has become directly equivalent to money. Services like email, news, entertainment and search facilities are offered by businesses in return for data that is used to target advertisements.

Today we have many ways of tracking the user’s interests and what they might click on the website to generate and target different advertisements on them. This made advertisements more personalized as individual interests could be tracked, avoiding the hassle of generating many ads and increasing the chances of conversion.

Then came GDPR with all its principles of transparency and consent, and took digital markets by storm. Under GDPR any website processing personal data must require a legitimate purpose to do so. But before going further into that let us see what is GDPR.

The EU General Data Protection Regulation or GDPR as it is often abbreviated to is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. GDPR helps protect user’s data by asking user’s consent before setting cookies on any website they visit or any type of data is collected from them.

The Two Main Practices of Digital Marketing Impacted by GDPR

With personal data processing being a concern in GDPR, there are two main activities involved in Digital marketing that will get affected.

Data Gathering

Collecting information related to customers based on their interaction with the website. This includes tracking them to know their choices in order to improve the product offers according to the customer’s needs.

This does not comply with the terms of GDPR, as it strictly prohibits user data collection based on just website interaction. Until the user explicitly gives their consent on setting any type of cookies or type of collection of data, the website should not do so.  

Targeting Ads

Showing advertisements based on user interests tracked when they visit different websites. Advertisements could be targeted at them via emails, SMS, or push notifications.

For targeting advertisements, third party cookies are set of the website that tracks the user, which again does not comply with GDPR. Until user opt-in for such cookies to be used, the website cannot set ant marketing or advertisement cookies to track user interest.

As activities obviously don’t go along with GDPR that prohibit tracking of user’s data without their consent. There are certain rules all marketing industries must pay attention to in order to be in compliance with GDPR.

Rules To Follow In GDPR

GDPR makes sure all websites comply with its rules. For starters, without acquiring the fully accepted and freely given consent of the user, their personal information should not be accessed, collected or used in any manner.

All users or data subjects must have access to their personal information shared and be able to edit, delete and review it. The data shared by them must also be recorded in a safe place and proper protection and security must be given to it. It is to be taken care of that, the privacy policies must be explained in simple and clear language to all the users before they give any sort of consent.

GDPR honors the user or the data subject rights and gives them control over the data they shared. The following are the rights of the users should be given by the website:

To inform the customer or data subject

This right authorize the user or customer to ask the website about how the information collected from them is being used and with who is it shared with.

Grant access to their data

Under this right, the data subjects get access to their data being processed. They can request the website owner to get a copy of the data they submitted.

Rectification and correction

Under this right, the data subjects can modify or change the data submitted by them to the website. The users can send a request to do the same in case their data is not up to date or need any modifications.

To opt-out of consent

This right provides the users the choice of opting out of any cookies that collect data in the website or of processing any data that the user might have previously given the website access to.

To object when required

If the user wishes to object to the processing of the data given by them then they can do so using this right. This right is the same as the right to withdraw consent. However, it is applicable to special conditions such as when undergoing a legal situation, the user can object on using any personal details submitted.

Data exchange

This right gives the user the freedom to obtain and reuse their data for their personal use across different services. The user can use the data submitted to a website, copy, move or submit it from one IT environment to another without affecting its usability.

To be forgotten

Under this right, the user can choose to be forgotten by the website. This right comes in handy when the users have ended taking any services from the website. With the customer relationship ended it is important that the customer has the right to request the website to delete all the details previously submitted by them.

No automated processing of data

Automated processing of data takes place when required by law or higher authorities, about which the users must be informed immediately. However, if there is no such scenario happening users can object and cancel the processing of their data.

The user must be notified

According to this right, any change or deletion or rectification of user’s data must be notified to them. This is important as the change may or may not be made by them and is to be followed even in case of loss or breach of user’s data.


The website needs to be more transparent about its processing activities especially when marketing purposes are involved. The users must be informed about the nature of processing and the marketing activities involved in the same.

It is mandatory to follow all GDPR rules and regulations failing which can lead to fines and penalties. There are two types of penalties that you can be compiled to:

  1. Up to €10 million, or 2% annual global turnover – whichever is higher.
  2. Up to €20 million, or 4% annual global turnover – whichever is higher.

To know more about these penalties refer to this article on What are the Fines for Not Complying with GDPR.

What are the Impacts of GDPR?

GDPR has impacted many areas of marketing. A few are listed below:

Email Marketing

Email marketing does ask for user consent before sending any type of commercial message. But it is not very strict or specific about the consent being given freely or that the user needs to be informed about why it is required.

As to solve this issue many websites opt for newsletters. This way when you post interesting facts about your product users can opt-in for receiving an email newsletter, thus giving the website their consent for email marketing.


Analytics refers to the statistics on the performance of the website. Often tools like Google Analytics is used to find out how visitors are using your website. As Google Analytics is a third-party service, the users need to be informed about how their data is being used.


To personalize advertisements tracking cookies, apps and pixels are used. As soon as a user visits a website, these tracking mechanisms use their data for advertising purposes. This, of course, is a breach of GDPR rules. Until the user gives their consent on using their data for advertisements.   

Wrapping up, data have always played a crucial role in digital marketing. GDPR has indeed strengthened the data protection rights of users across various organizations around the globe. The digital markets out there need to revamp its marketing processes to ensure compliance with GDPR and safeguard themselves.