This document provides an overview of GDPR compliance for online marketing. It discusses what GDPR is, who it applies to, and what activities require consent. Various online marketing channels like websites, remarketing, social media marketing, and email marketing are examined in terms of GDPR guidelines. The key takeaways are that explicit consent is needed for targeting cookies, remarketing lists, social media pixels, and email lists. Companies must implement cookie consent, update privacy policies, and only use compliant practices and third parties.

1. Amazee Metrics AG / Förrlibuckstr. 30 / 8005 Zürich / christina.meyer@amazeemetrics.com
Successful Online Marketing
with GDPR
Christina Meyer, Head of SEO/SEA
30.8.2018

2. What Is GDPR (DSGVO)?

3. Legal Overview EU
3
Datenschutz-Direktive
(95/46/EC)
e-Privacy
Direktive
(2002/58/EC)
e-Privacy
Direktive
(2009/136/EC)
Datenschutz-Grundverordung
Ersetzt die Datenschutz-Direktive
von1995, in Kraft ab 25. Mai 2018.
EU-U.S. Privacy
Shield (2017)
1995 2002 2009 2016 2018 2019
e-Privacy
Grundverordnung
Ersetzt 2002/58/EC.

4. Legal Overview Switzerland
4
1994 2014 2018 2019
Datenschutzgesetz
DSG - 1994
Datenschutzgesetz
DSG - 1. Januar, 2014
Revision
Datenschutzgesetz
DSG – 2019, Revision
CH-U.S. Privacy
Shield (2017)

5. What Is GDPR About?
Collecting, processing and storing of
personal data.
Personal data is:
• Direct information that can identify a natural person
• Indirect information that can distinguish one person from
another
5

6. What Happens if You Are Not Compliant?
Fines of up to € 20 Mio or 4% of your annual
turnover.
(Depending on which amount is higher.)
6

7. Who Has to Comply?
Operators of websites that can be accessed by EU citizens:
• If the website is directed to EU citizens
• If the company operates in the EU or collects personal data from
EU citizens
7

8. Consent Must Be…
8
Unbundled: Consent requests must be separate from other terms and conditions.
Consent should not be a precondition of signing up to a service unless necessary for
that service.
Active opt-in: Pre-ticked opt-in boxes are invalid – use unticked opt-in boxes or similar
active opt-in methods (e.g. a binary choice given equal prominence).
Granular: Give granular options to consent separately for different types of processing
wherever appropriate.
Named: Name your organisation and any third parties who will be relying on consent.
Easy to withdraw: Tell people they have the right to withdraw their consent at any time,
and how to do this. It must be as easy to withdraw as it was to give consent. This means
you will need to have simple and effective withdrawal mechanisms in place.

9. GDPR In Your Online Marketing Mix

10. 10
Display and Affiliate Marketing
YouTube Marketing
Campaign Marketing
Online PR
Website
Search Engine Optimization (SEO)
Search Engine Advertising (SEA)
Content Marketing
Social Media Marketing
E-Mail Marketing
1
2
3
4
5
6
7
8
9
10
Online
Marketing
Mix

11. Website1
12
Display and Affiliate Marketing
YouTube Marketing
Campaign Marketing
Online PR
Search Engine Optimization (SEO)
Search Engine Advertising (SEA)
Content Marketing
Social Media Marketing
E-Mail Marketing
2
3
4
5
6
7
8
9
10
Online
Marketing
Mix

12. Website Guidelines
13
✓ Cookie Management Solution
✓ Detailed Privacy and Cookie Notice
Website Guidelines

13. Cookie Categories
Recommended Standards for Cookie Categories:
14
Cookie Category Consent Needed?
Strictly Necessary Cookies Yes (implied)
Functional Cookies Yes (implied)
Performance Cookies Yes (implied)
Targeting Cookies Yes (explicit)

14. Non-Compliant Cookie Banner
15

15. Compliant Cookie Banner
16

16. Cookie Settings
17

17. Website Guidelines
18
✓ Cookie Management Solution
✓ Detailed Privacy and Cookie Notice
✓ GDPR Compliant Forms
Website Guidelines

18. GDPR Compliant Forms
19
✓ Only Clearly Necessary Fields
✓ Inform Why, Where and How Long Data Is Stored
✗ Pre-Filled Checkboxes
✗ Using Data for Other Purposes than Stated

19. Compliant Contact Form
20

20. Website Guidelines
21
✓ Cookie Management Solution
✓ Detailed Privacy and Cookie Notice
✓ GDPR Compliant Forms
✓ Check Third-Party Content
Website Guidelines

21. 3rd Party Content
22

22. 23
Display and Affiliate Marketing
YouTube Marketing
Campaign Marketing
Online PR
Website
Search Engine Optimization (SEO)
Search Engine Advertising (SEA)
Content Marketing
Social Media Marketing
E-Mail Marketing
1
2
3
4
5
6
7
8
9
10
Online
Marketing
Mix
REMARKETING

23. Site Remarketing
Search Remarketing
Social Media Remarketing
E-Mail Remarketing
24
1
2
3
4
4 Types of Remarketing

24. Site Remarketing
25
Most common form of remarketing. The website user sees ads after
leaving a website and is browsing on different websites.

25. Search Remarketing
26
After leaving a website, the user gets tailored search ads. The advertiser
can define higher bids, more generic keywords or tailored ad texts.

26. Social Media Remarketing
27
After visiting a website, the user sees ads on social media, on all devices!
This applies to Facebook, Instagram, …

27. E-Mail Remarketing
28
The website user receives a newsletter featuring the products she has
been looking at online.

28. How Does Remarketing Work?
Remarketing is based on one of the following:
1. Cookies:
A browser cookie is set while visiting a website. The website user
gets identified based on this cookie (e.g. Google Ads Remarketing).
2. E-Mail Address:
You can upload your own list of email addresses to identify the user
on other platforms (e.g. Google, social media).
3. User Login:
The user is logged in on a website and receives targeted ads based
on his behavior.
29

29. Remarketing Guidelines
30
✓ Explicit User Consent
✓ Option for Opt-Out at Any Time
✗ Setting Remarketing Cookie without Explicit Consent
✗ Using Email Addresses for Remarketing without Explicit Consent
✗ Remarketing of Logged in Users without Explicit Consent
Remarketing Guidelines

30. Social Media Marketing5
31
Display and Affiliate Marketing
YouTube Marketing
Campaign Marketing
Online PR
Website
Search Engine Optimization (SEO)
Search Engine Advertising (SEA)
Content Marketing
E-Mail Marketing
1
2
3
4
6
7
8
9
10
Online
Marketing
Mix

31. Social Media Marketing
Social Media Platforms have their own tracking pixels (Facebook Pixel,
LinkedIn Insight Tag, …)
• Can be used for conversion tracking
• Can also be used for remarketing!
32

32. Remarketing Guidelines
33
✓ Explicit User Consent for All Social Media Pixels
✓ Option for Opt-Out at Any Time
✗ Setting Social Media Pixels without Explicit Consent
Social Media Guidelines

33. E-Mail Marketing6
34
Display and Affiliate Marketing
YouTube Marketing
Campaign Marketing
Online PR
Website
Search Engine Optimization (SEO)
Search Engine Advertising (SEA)
Content Marketing
Social Media Marketing
1
2
3
4
5
7
8
9
10
Online
Marketing
Mix

34. E-Mail Marketing
Email addresses are personal data that can identify an individual person.
35

35. E-Mail Marketing Guidelines
36
✓ Active Opt-In for E-Mail Lists
✓ Option for Opt-Out
✗ Pre-Ticked Opt-In Boxes
✗ Manually Adding Contacts
✗ Bought Addresses
E-Mail Marketing Guidelines

36. Take-Aways
37
TAKE
AWAY You Need Explicit Consent For
! Targeting Cookies on the Website
! Google Remarketing (Lists from Google Analytics or Google
Ads Remarketing Pixel)
! Social Media Pixels (Facebook Pixel, LinkedIn Insight Tag, …)
! Email Lists (Remarketing, Newsletters)

37. Take-Aways
38
TAKE
AWAY Be Compliant!
✓ Implement a Cookie Consent Solution
✓ Update Your Privacy Notice and Cookie Notice
✓ Check Forms and Third-Party Content on Your Website
✓ Only Use Compliant Remarketing Lists
✓ Do Not Set Social Media Pixels without Consent
✓ Use E-Mail Addresses Only with Consent and for Defined
Purpose
✓ Option to Easily Revoke Any Consent at Any Time

38. Thank You For Your Attention!
Christina Meyer
christina.meyer@amazeemetrics.com
@amazeemetrics
+AmazeeMetrics
Amazee Metrics