This document provides an overview of GDPR compliance for online marketing. It discusses what GDPR is, who it applies to, and what activities require consent. Various online marketing channels like websites, remarketing, social media marketing, and email marketing are examined in terms of GDPR guidelines. The key takeaways are that explicit consent is needed for targeting cookies, remarketing lists, social media pixels, and email lists. Companies must implement cookie consent, update privacy policies, and only use compliant practices and third parties.
Creator Influencer Strategy Master Class - Corinne Rose Guirgis
GDPR Compliant Online Marketing
1. Amazee Metrics AG / Förrlibuckstr. 30 / 8005 Zürich / christina.meyer@amazeemetrics.com
Successful Online Marketing
with GDPR
Christina Meyer, Head of SEO/SEA
30.8.2018
5. What Is GDPR About?
Collecting, processing and storing of
personal data.
Personal data is:
• Direct information that can identify a natural person
• Indirect information that can distinguish one person from
another
5
6. What Happens if You Are Not Compliant?
Fines of up to € 20 Mio or 4% of your annual
turnover.
(Depending on which amount is higher.)
6
7. Who Has to Comply?
Operators of websites that can be accessed by EU citizens:
• If the website is directed to EU citizens
• If the company operates in the EU or collects personal data from
EU citizens
7
8. Consent Must Be…
8
Unbundled: Consent requests must be separate from other terms and conditions.
Consent should not be a precondition of signing up to a service unless necessary for
that service.
Active opt-in: Pre-ticked opt-in boxes are invalid – use unticked opt-in boxes or similar
active opt-in methods (e.g. a binary choice given equal prominence).
Granular: Give granular options to consent separately for different types of processing
wherever appropriate.
Named: Name your organisation and any third parties who will be relying on consent.
Easy to withdraw: Tell people they have the right to withdraw their consent at any time,
and how to do this. It must be as easy to withdraw as it was to give consent. This means
you will need to have simple and effective withdrawal mechanisms in place.
17. Website Guidelines
18
✓ Cookie Management Solution
✓ Detailed Privacy and Cookie Notice
✓ GDPR Compliant Forms
Website Guidelines
18. GDPR Compliant Forms
19
✓ Only Clearly Necessary Fields
✓ Inform Why, Where and How Long Data Is Stored
✗ Pre-Filled Checkboxes
✗ Using Data for Other Purposes than Stated
24. Site Remarketing
25
Most common form of remarketing. The website user sees ads after
leaving a website and is browsing on different websites.
25. Search Remarketing
26
After leaving a website, the user gets tailored search ads. The advertiser
can define higher bids, more generic keywords or tailored ad texts.
26. Social Media Remarketing
27
After visiting a website, the user sees ads on social media, on all devices!
This applies to Facebook, Instagram, …
28. How Does Remarketing Work?
Remarketing is based on one of the following:
1. Cookies:
A browser cookie is set while visiting a website. The website user
gets identified based on this cookie (e.g. Google Ads Remarketing).
2. E-Mail Address:
You can upload your own list of email addresses to identify the user
on other platforms (e.g. Google, social media).
3. User Login:
The user is logged in on a website and receives targeted ads based
on his behavior.
29
29. Remarketing Guidelines
30
✓ Explicit User Consent
✓ Option for Opt-Out at Any Time
✗ Setting Remarketing Cookie without Explicit Consent
✗ Using Email Addresses for Remarketing without Explicit Consent
✗ Remarketing of Logged in Users without Explicit Consent
Remarketing Guidelines
31. Social Media Marketing
Social Media Platforms have their own tracking pixels (Facebook Pixel,
LinkedIn Insight Tag, …)
• Can be used for conversion tracking
• Can also be used for remarketing!
32
32. Remarketing Guidelines
33
✓ Explicit User Consent for All Social Media Pixels
✓ Option for Opt-Out at Any Time
✗ Setting Social Media Pixels without Explicit Consent
Social Media Guidelines
35. E-Mail Marketing Guidelines
36
✓ Active Opt-In for E-Mail Lists
✓ Option for Opt-Out
✗ Pre-Ticked Opt-In Boxes
✗ Manually Adding Contacts
✗ Bought Addresses
E-Mail Marketing Guidelines
36. Take-Aways
37
TAKE
AWAY You Need Explicit Consent For
! Targeting Cookies on the Website
! Google Remarketing (Lists from Google Analytics or Google
Ads Remarketing Pixel)
! Social Media Pixels (Facebook Pixel, LinkedIn Insight Tag, …)
! Email Lists (Remarketing, Newsletters)
37. Take-Aways
38
TAKE
AWAY Be Compliant!
✓ Implement a Cookie Consent Solution
✓ Update Your Privacy Notice and Cookie Notice
✓ Check Forms and Third-Party Content on Your Website
✓ Only Use Compliant Remarketing Lists
✓ Do Not Set Social Media Pixels without Consent
✓ Use E-Mail Addresses Only with Consent and for Defined
Purpose
✓ Option to Easily Revoke Any Consent at Any Time
38. Thank You For Your Attention!
Christina Meyer
christina.meyer@amazeemetrics.com
@amazeemetrics
+AmazeeMetrics
Amazee Metrics