Check out our latest product updates!
Share this
15 May 2018

Marketing agencies: The GDPR guide to get your clients compliant

Many marketing agencies currently feel their time and resources are dominated by clients concerned about compliance, but this shift towards greater transparency and trust is the start of something great for marketers.

GDPR is far more than a checklist to tick off and forget about, it will transform the way marketers roll out their strategies for some time to come.

Organise all customer data, wherever it’s stored


Whatever resources your clients use - MailChimp, Facebook Adverts Manager, or Shopify - there’s a bank of customer data sitting in all of them. It’s particularly hard to keep track of personal data when it’s spread out.

As the ‘controller’ of the data, your client takes responsibility for all data organisation, from how securely it’s stored to how quickly it can be accessed. Customers can potentially ask for their data to be deleted after the 25th May, so their details have to be easy to find and easy to remove.

If a third party is compliant, is your client compliant?

Remember, just because MailChimp have ticked their GDPR compliance boxes, doesn’t mean their users are automatically compliant. Connecting all data to one central database is an efficient way to make sure a client can meet all their GDPR criteria, without having to sacrifice the digital marketing and ecommerce tools they need to grow. That being said, MailChimp and others have been releasing very useful functionality (such as GDPR compliant forms) to help businesses operate within the law. Make sure you check them out.

Make opt-ins and consent clear and transparent

Most marketing activity involves collecting and using customer data, but the way users give consent has to be clear and distinguishable from saying no. The days of automatically-ticked ‘subscribe’ boxes are definitely over.

Marketers can still get creative with opt-ins, and users that do consent are a more engaged and trusting audience to connect with. The language used needs to be clear so users know exactly what they’re agreeing to, and the business needs to make it clear how they’re going to use the data once they have it.

How to keep a record of consent


Under GDPR, consent can be given and taken away at any time. Your clients need to make a record of exactly what their individual users consented to and when, as well as what they were told they were consenting to. If this changes, or consent is needed for something they weren’t aware of at the time, the user will need to give consent again. It’s constantly evolving, so the more it can be automated, the better.

Overhaul their privacy policy

One of the most important pieces of website content is now the privacy policy. All of your clients will have a privacy policy already, but it’s unlikely to be compliant, and it’s possible they haven’t updated it in years.

The content should accurately explain how the business collects data and what they do with it, and it needs to be written and structured in a way that a user could actually read and understand. The terminology should be plain and clear without assuming any knowledge.

Keep it updated and keep users informed

A compliant privacy policy is always a work in progress - it’s never really finished. Before a new privacy policy is rolled out, the existing database of users need to be given the opportunity to read it and check they’re happy with it. It should be updated as and when your client changes the way they collect and use personal data, always keeping the end user and their comprehension in mind.

While your clients are asking questions about their email databases and how they can market themselves under new privacy regulations, your role as the experts has evolved. With a greater focus on transparency, there are more opportunities to speak to your clients’ target audiences in new and powerful ways. In other words, it’s time to raise the bar and your team has the tools do it.

Find out from the experts how to make sure your clients are confident they’re GDPR compliant.’s CEO, Julian Saunders, will guide you through 4 easy steps any business can take right now.

Watch the Webinar

Picture of Chris


Read more posts by this author.

Read More