How-to: GDPR Compliance for Advertisers
Last updated on April 24th, 2019
On May 25th 2018, the General Data Protection Regulation (GDPR) will become enforceable, bringing with it significant changes and forcing advertisers to re-educate themselves on all things personal data related. The GDPR will signify a seismic shift of the control of data ownership – back to their original owners. Each and every one of EU’s 500 million citizens will be affected, and for all companies that reside in the EU and/or process or collect data of EU residents – GDPR compliance is mandatory.
The term “personal data” takes on a broader scope with the new laws, and includes (but is not limited to): name, home address, photos, bank details, email address, social media posts, medical information, IP address and RFID tags. For advertisers, it is already clear that this legislation will impact marketing purposes, from sourcing prospective email lists to launching targeted display advertising campaigns. Privacy policies will have to be reviewed and updated, with cookie pop-ups and sign up forms needing to be restructured. Nevertheless, follow these checklists made for advertisers and you’ll be within the confines of the GDPR.
Cookie Consent (for retargeting)
This data is gathered from all people visiting your website, and mainly used for retargeting in online advertising.
- Cookie consent is key with the new regulations. You MUST ask for permission before a user’s data is collected. This can be done by installing a simple “cookie consent plugin” on your website, such as: https://cookieconsent.insites.com/
- Ask this permission using language that is easy to understand – stating exactly how you plan to use the individual’s data. Consent must be given explicitly, in the form of an unambiguous and affirmative action (e.g a binary choice to allow the cookies). The key when shaping these consent models is to ask yourself, “what I am using this data for?
A cookie notice needs to do more than just imply consent from simply visiting the site. Pop-ups that state “by using this site, you accept cookies” are not sufficient. A choice needs to be available for the user to make. So as not to clutter the pop-up, providing a “more info” link within the message is also a popular option for advertisers.
Sign Up Forms
Trim down your sign up forms so that they only collect the data you need for your marketing. Make it as easy as possible for users to fill the form out.
2. After the user has filled in their details, use simple and honest language about your data collection activity. Similar to formulating your cookie consent pop-up, ensure the user knows which parties will collect their data and clarify exactly how the data will be used.
3. Design your sign up form so that it has one box where a user can tick to agree to the Terms and Conditions, and a different box that they can tick if they want to also sign up to the mailing list.
4. Have a clear opt-in choice within the form, so the user has to actively allow their data to be collected. Have these choices laid out in granular options so the person knows exactly what they are signing up for.
5. Users should be able to withdraw their consent just as easily as they gave it. So for individuals that have signed up, it is recommended that companies have an unsubscribe link or button present in their emails. Customer support should also be given the ability to remove a user’s details, as per their “right to be forgotten”.
From the outset, GDPR looms as something to be taken seriously, with potential fines for not following the laws being intimidating to say the least. By following these steps you’ll safeguard your business to be compliant with the main pain-points as an advertiser.
Disclaimer: the laws are open for interpretation in many regards, and to ensure 100% compliance we advise you to seek legal advice.