Since the introduction of the GDPR on May 25, 2018, stricter guidelines apply to the handling of personal data in the European Union. Especially in online marketing, rethinking is necessary to meet the requirements of the General Data Protection Regulation.
Online-Marketing & GDPR
Do online marketing and the GDPR even fit together? This is probably the question most people asked themselves when the General Data Protection Regulation was introduced. Today, the answer is YES.
The most important points in marketing and the GDPR
We have summarized some important points so that you can see which points you must observe in online marketing with regard to the GDPR. These include website cookies, email marketing, remarketing with the Facebook pixel, and the statistics tool Google Analytics.
Website-Cookies
When a user visits a website, he or she must first be asked by means of a cookie notice which cookies may be activated. Cookies can be roughly divided into two categories: Essential cookies and third-party cookies.
Essential cookies are cookies that are necessary for the operation of the website. Third-party cookies may be necessary for tracking statistics or remarketing, for example, or are cookies of external media such as YouTube, Vimeo, Google Maps, etc.
The cookie notice must inform the user about these cookies. In addition, the user must explicitly agree to the use of cookies. No cookies may be set before this.
Important: Even after consent has been given, the user should always have the option to view cookies that have been consented to and also to revoke them at any time. For this purpose, an opt-out solution within the privacy policy is a good idea, as we offer with our Borlabs Cookie Plugin. This can be easily integrated at any point via shortcode.
Opt-in and opt-out in email marketing
In online marketing, email marketing is one of the most important channels for communicating with customers and users and regularly informing them about new products. But with the introduction of the GDPR, it is also important to check whether corresponding opt-in and opt-out solutions are available.
Opt-in:
The so-called double opt-in procedure is intended to ensure that a user who subscribes to the e-mail list consents within a separate confirmation e-mail. This means that they may only be added to the e-mail list as an active user and receive e-mails if they have given their consent via the separate confirmation e-mail.
Opt-out:
The opposite of the opt-in procedure is the opt-out procedure. This means that the user must be able to unsubscribe from the e-mail list at any time. Such an opt-out solution must be present in every email sent. Most email tools offer the possibility of automatic integration of an opt-out solution in every mail.
Google Analytics
A popular statistics tool for evaluating visitor numbers, page views, or behavior is Google Analytics. The statistics tool can be integrated into the website and tracks the visitors. Whether the visitor's consent is required for this has been a matter of legal dispute up to now. We recommend obtaining consent for Google Analytics tracking from the visitor. In addition, care must be taken to anonymize personal data, in this case, the IP address.
In the Borlabs Cookie plugin, only the tracking ID from Google Analytics must be entered. Our cookie tool anonymizes the IP addresses of the user automatically.
Remarketing with Facebook Pixel
The Facebook pixel is one of the main tools in online marketing when it comes to implementing social media campaigns or Facebook Ads on Facebook itself or Instagram. It serves primarily the remarketing purpose here. But here, too, caution is called for with the introduction of the GDPR.
Basically, every user must agree to the tracking or "firing" of the Facebook pixel. Of course, this leads to significant losses, since not every visitor agrees to tracking via the Facebook pixel. Just like Google Analytics, the Facebook pixel can be easily integrated into the Borlabs Cookie plugin via tracking ID.
Other third party
Other third-party providers that are often included on websites include the following:
- Google Maps
- OpenStreetMap
- Vimeo
- YouTube
- Google AdSense
Of course, there are numerous other tools which are used for e.g. click tracking, mouse tracking, social media buttons, WordPress plugins, and much more. Each cookie of these tools must be confirmed by the visitor of your website.
What online marketers need to pay attention too
Anyone who is active in online marketing must pay attention to a number of factors with the introduction of the GDPR and with the ePrivacy Regulation still to come later.
So you should check the following points:
Consent (Opt-in)
Can the user actively consent to the processing of his personal data? This applies to the website itself and also, for example, to e-mail marketing.
Consent removal (Opt-out)
Can the user revoke his consent to the processing of his personal data? This possibility must be guaranteed at all times.
Transparency
The processing of personal data must always be transparent. The user must therefore be able to understand in the privacy policy what data is processed, where it is processed, and for what purpose.
Anonymization
Personal data that is passed on to third-party providers must be anonymized - see Google Analytics.
Cookie notice
Each website visitor must be informed about the use of cookies and explicitly agree to them.
Order data processing
If data from your website is passed on to third parties or transferred to them, a so-called contract for commissioned data processing is necessary. This regulates the transfer and processing of personal data to or at the third-party provider.
In addition, you should have a so-called procedure directory, in which the processing procedures of the personal data are presented in detail. This serves as evidence for the authorities if required.
Conclusion
The introduction of the GDPR was initially a hard blow for everyone who does online marketing and may also be active there for customers. This is because the GDPR has made marketing "more difficult" and from now on applies as a guideline for the processing of personal data.
In the meantime, people in online marketing have come to terms with this and if all requirements are observed, you should - with a few changes - also be prepared for the upcoming ePrivacy regulation.