Call Us: 502.939.5882

Email : debra@writenowmarketing.com

Now Serving the Lexington Area

Data protection laws in the European Union have been called the world’s “gold standard”, so when EU businesses were required to have many phases of the General Data Protection Regulation (GDPR) in operation by May 25, 2018, businesses around the globe took notice.

Businesses in the United States are just beginning to realize the impact the EU law could have on how they conduct digital marketing. The law applies to U.S. businesses with a global presence or those that collect, store, or use personal data of EU citizens. However, even more U.S. businesses could be impacted if a similar law is adopted here, and the probability is high considering the number of recent data breaches at U.S. retailers and financial institutions that affected millions of U.S. consumers. The basics of the EU law are summarized here so you can consider how a similar law would impact the way you do business.



What types of businesses are impacted?

The law affects digital marketing including email marketing, e-commerce, and website design. Any organization that collects, stores, or uses customer data is included. The law regulates the way data is captured, used, and managed. The intention is to give consumers more control over data about them.



Basic provisions of the law

• Active op-in

Check your forms. If you invite users to subscribe to a newsletter or indicate contact preferences, the default must be “no” or blank. You can no longer pre-check the opt-in box so that users must intentionally opt-out. This also impacts businesses that collect email addresses for targeting. You will need to inform them and they will need to opt-in. Social media marketers will have to obtain consent for data to be used on social platforms. Business owners may want to contact existing customers now to encourage them to opt-in for future emails. Also, update forms on your website now to remove any pre-checked boxes.

• Opt-in check box must be separate from check box to accept Terms & Conditions.


• Opt-in for purchased lists.

If you purchase a list from a third party, you must gain consent from the individuals even if the third party had consent. Consent does not carry over.

• Separate consent is needed for different types of processing.
You must ask for specific consent for each process type, such as email, text, phone, and for permission to pass those details to a third party.

• Unsubscribing or changing frequency of communication must be easy.


• Web forms must clearly and specifically identify each party for whom consent is being given rather than broad or general categories of third parties.


• Transparency is required.

You must be transparent in how and why you are collecting personal information, what you will do with it, how long you will keep it, and the applications used to track that information.


• E-Commerce businesses that store and pass personal data on to a payment gateway will be required to remove that information after a reasonable time.


• Third-party tracking and cookies

Users are often unaware of the ways in which some websites utilize third-party marketing tracking applications. GDPR requires that users be informed that cookies are being used. However, the ultimate responsibility is with your business so review your third-party providers carefully.


• Google Analytics are not impacted by GDPR. Although user behavior is tracked, no personal data is collect.


• Talk to your web designer or marketing agency.

Google Tag Manager enables your website to send information to third-party applications. Make sure that those who have access to your Tag Manager, such as your web designer or marketing agency, understand their responsibilities. You may consider having contracts in place for your protection.


What should you do now?

As a minimum, get started now on these items:

• Check your forms for active opt-in.

• Remove any pre-checked boxes.

• Make sure opt-in box and Terms and Conditions box are separate.

• Make it easy for customers to unsubscribe.

• Take a careful look at any third parties you use to see how they protect user data.

• If your business relies heavily on email marketing, challenges could be ahead. Talk to your marketing professional about other ways to connect with your audience.

Don’t wait until the EU law makes its way across the pond. Your customers want to know that you are diligent about safeguarding their personal data.


How Should Your Business Respond to GDPR?


Write Now Marketing is committed to providing outstanding value to clients by building strong, reliable relationships. It’s our goal to manage projects so that our clients may stay focused on their strategy and purpose while we manage the details and execution of their advertising needs.


© 2017 Write Now Marketing LLC

All rights reserved.

You can also find us on...

Quick Contact Details

Call Us: 502.939.5882

Email :