For the past couple of months, I’ve been asked at least once a week whether we’re also going into legal counseling now, and whether lawyers and business compliance officers are our new target audience. After all, the GDPR is a regulation, and regulations are something that lawyers are interested in, right? (This is the short explanation I get after people notice my surprise at their question.)

Why should the GDPR be of interest especially to marketers and sales people?

As I understand it, the key purpose of the GDPR is to provide some sort of uniform consumer protection across the EU. Accordingly, I see it as a form of protection for customers and prospects when approached by sales and marketing tactics. And to be honest, consumers have needed this protection ever since the game moved into the digital environment. The methods that marketers have managed to develop have made people feel indifferent toward their (digital) privacy, and clever companies have built their business approaches primarily on the digital footprints that consumers leave behind (mostly unaware). I’d say we already sold our (at least digital) privacy long ago. We exchanged it for discounts, the chance to participate in prize draws, or merely out of convenience by clicking the Agree buttons to close those annoying pop-up windows.

We’ve already sold our privacy anyway out of convenience and the desire to get discounts. Click To Tweet

In a way, the GDPR will create some order in this area. Over time, the most likely result will more or less be that data-driven marketing will remain primarily a game for the big guys. Or at least a much more expensive game than it has been so far. For businesses, the GDPR will largely turn into more of a technological challenge than a legal one. This is the key reason I’ve been giving so much attention to this area for the past few months and encouraging my companies to invest in developing solutions in this area. Compliance with the GDPR will demand a transformation of practically all processes connected with capturing and processing personal data. Like it or not, these new processes will also require lots of new IT solutions that will fill in the gaps of current marketing automation and CRM systems, online stores, user portals, advertising platforms, and so on.

Where should businesses look for opportunities within the GDPR context?

Marketing and sales personnel should think about the following three things in connection with the GDPR:

1. How are they going to allow their customers and prospects to inspect (on demand) the personal data they have captured and processed while doing business with them? Here it’s important to note that the GDPR expands the concept of personal data significantly compared to the definition currently provided by the Slovenian Personal Data Protection Act (ZVOP).

2. How are they going to allow their customers to exercise their right to be forgotten?

3. How are they going to allow their customers (again, on demand) to export their personal data in a readable format?

New business models that will be introduced by the fastest

It is here that the GDPR will provide new business opportunities for companies. The thing that heads of marketing or sales should focus on today is finding methods and strategies for importing personal data and creating a competitive product or service ranges based on that information. A good example would be a telecommunication service provider that offers a personalized product range to its potential customers tailored to the individual’s needs (the personal data as defined by the GDPR also include information on an individual’s activities; in this case, these would comprise the mobile data usage, frequently-used telephone numbers, the number of text messages sent per month, and so on). Potential customers could disclose all of this information to the provider by importing the relevant personal data that were acquired by their previous provider.

The GDPR should be of primary interest to marketers and salespersons as it will affect their work the most. Click To Tweet

Data as currency

Here’s some more food for thought: it’s very likely that a type of an online broker will appear in the future that will provide competitive offers for a specific service to individuals based on their personal data. I believe people will be willing to share their personal data without reservation in exchange for the relevant information on the best deals.

Aside from its restrictions, the GDPR will also provide marketers and salespersons with new opportunities that only the fastest and most ingenious among them will be able to monetize. But how the regulation will affect the activities of media buyers and advertising campaign organizers is an entirely different matter.


[email protected]


During this year’s vacation, I almost fell out with my friends over—funnily enough—the magnificence of the internet and personal data collection. Long story short, we couldn’t see eye to eye regarding its usefulness and advantages and could only agree on one thing: that accumulating a large quantity of data in one place can be unfavorable in terms of security and privacy. When I hinted at the potential “solution”—the GDPR—everyone gave me a strange look. They hadn’t even heard of it before, which also seems to be the case with many people who should have been working on this intensively for at least the past six months. As always, they wait until the last minute.

What do you need to know about the GDPR?

On May 25th, 2018, the EU General Data Protection Regulation (GDPR) enters into force, introducing stricter methods for collecting, storing, and processing personal data within the EU. The changes that will have practical implications include a broader definition of personal data, which now also includes IP addresses, and considerably stricter conditions for obtaining permission to process personal data. Clicking and accepting the terms no longer suffices. And neither does collecting personal data that are not required for providing a specific service. Even more importantly, this will apply to all personal data you’ve already obtained and those that you will obtain after May 25th. Worried yet?

Wetherspoons already deleted half a million emails

Just over a month ago, the chief executive of the British pub chain Wetherspoons, John Hutson, ordered their entire customer email database be deleted. It is not known exactly how many emails have been deleted, but when the firm was last fined for breaching the British Privacy and Electronic Communication Regulation (PECR), it was reported that they had over 650,000. Since then, they have reportedly only promoted their deals on social media.

The owner of 700 pubs may indeed be able to afford to delete half a million emails, but what about you? Click To Tweet

Hutson made this decision after the British Information Commissioner’s Office (ICO) imposed a series of fines on several companies for sending marketing messages to people who hadn’t explicitly consented to receive emails. The airline Flybe was fined ₤70,000 after sending out more than three million emails under the title “Are your details correct?” Something similar happened to Honda and Morrisons. According to Hutson, on a risk basis it just wasn’t worth holding large amounts of customer data anymore, especially if they themselves weren’t clear on which customers had given consent to having their personal data processed and which hadn’t. He’s partly right.

Will the GDPR “destroy” data-driven marketing?

The risk that Hutson mentions will be even greater after May 25th and the fines will be significantly higher, but that doesn’t mean that personal data collection and customer profiling will no longer be permitted. In reality, this is inevitable and brings many benefits to you and your customers. When a man comes into a shoe store he doesn’t want the salesperson to offer him stilettos, and so why should it be any different online? If you’ve read mostly scholarly books in the past, you’d probably be surprised if Amazon was trying to sell you Fifty Shades of Gray. In the end, the goal of collecting data and profiling customers is to provide a personalized buying experience.

Your customer mailing list will be better segmented and you’ll be able to target your offers more precisely. Click To Tweet

Moreover, it is only by collecting and analyzing customer data that you can:

  • Understand customers’ past behavior and predict their future actions;
  • Segment and target the right customers rather than waste your time and money on those that are not interested in your products;
  • Communicate with potential customers at the moment they’re most interested in making a purchase (for example, through drip emails);
  • Measure your customers’ satisfaction and hence modify and improve your services or products if needed.

 Does the GDPR require you to delete your “old” contacts?

The regulation is clear on this subject. When data processing is multi-purpose, an individual must agree with all the purposes in question. In addition, Article 171 of the GDPR Preamble stipulates that only if the initial consent was given in accordance with the GDPR are you not required to obtain a new one. If you’ve already been very consistent in obtaining data processing consent, you don’t have to worry. But if you haven’t been consistent (and probably most of you haven’t been), you still have time to undo the “damage” and appropriately prepare for the EU regulation.


[email protected]com