GDPR – What companies that work with Digital Marketing must know

What is GDPR?

GDPR (General Data Protection Regulation) is the European Union legislation that significantly changes the obligations of companies managing personal data from EU residents. The change aims to increase the online privacy of these individuals.

Who needs to be compliant with the law?

Companies with a Digital Marketing operation that process EU citizens data must be compliant. Even if your business is based elsewhere, it must be in accordance with the legislation.

Important: This page aims to bring educational information about GDPR, however it must not be used as means to ensure your company is fully compliant. In this case, we recommend a specialized consultancy that will carry out an analysis and application procedure for your business.

How does GDPR affect my business?

GDPR demands different compliances that infer on security, transparency, privacy and confidentiality of data. The regulation has been effective since May 25, 2018.

If your company does not comply with legislation, it may be fined in up to 20 million euros or 4% of its annual revenue.

Sharing responsibilities

Understand how the involved parties are treated according to the regulation:

Data Controllers Data Processors
It’s your company It’s the software you use to store and process customers and potencial customers data
Primary responsibility Secondary responsibility
Responsible for security, transparency, privacy and confidentiality Responsbile for making sure that your company’s data is stored and processed in a secure way
Gathers information through forms and similar sources Responsible for security and privacy in the processing of gathered data

As controller, what does my company have to do to be compliant?

Among the required actions, there are:

  • In your online pages, clearly state the goal for which you are capturing each of the personal data;
  • Make an individual’s stored data available for their own consultation or deletion, if required;
  • Include an alert in your website about the use of automated monitoring systems, explaining the use of this navigation data;
  • Adjust Terms of Use, contracts and privacy policies to include the regulation demands;
  • Ensure user consent about the use of their personal data;
  • We suggest your company to seek for specialized consultancy to provide a complete evaluation on data protection. Read the full regulation here.

As processor, what is RD Station doing to be compliant with the regulation?

It’s possible to carry out a series of adjustments to GDPR by using RD Station Marketing. Additionally, we are deploying improvements to optimize the user experience of the platform and of the Leads that have stored data in it.

Below you can find the main ones:

Conversion consent

RDSM allows your company to easily edit its landing pages and forms, as well as insert checkboxes as a clear way to obtain user consent. More in this link.

Double confirmation for Registration

The feature is already available and allows ownership verification of an email address, without the need to use Automation Workflows and tags to do so. If the Double Opt-in feature is enabled, we send an automatic email post conversion to confirm the Leads interest in your company’s content. The double confirmation ensures new Leads are always valid and engaged contacts, keeping your base healthy and updated.

Lead public URL

We’ve inserted the option to disable the Lead public URL. Now, the standard option is disabled to protect the Leads information within the platform. Moreover, you will be sure that the access to the information is human and not mechanic, thanks to the Captcha inclusion, which is more of a resource to protect the Leads information in public URLs. For the accounts that have been with us since before June 2018, we recommend to disable the Lead public URL.

Exporting Leads and conversions

Only email addresses registered as RD Station Marketing users have access to the Leads and conversion lists. You can also consult the last exports history to know who did it and when they did it.

Digital Marketing in the era of data privacy

Gather user data with consent was already an obligation in several countries. With GDPR, this is reinforced to make the authorization more explicit. This means the time has come to think about how your company relates to its Leads.

Adjusting to the regulation is relatively simple, but the most important part is to structure your customer journey in a way that your marketing adds value to them, in order for them to keep interacting with your brand and sharing their data in a voluntary manner.


What does “consent” mean in the GDPR context?

GDPR requires the user to freely consent, in a specific and not ambiguous way, for the treatment of their personal data. As controller, your company must specify the use of date and leave the decision for the customer to make. It can be done with the addition of checkboxes in Landing Pages, for instance.

Is the double opt-in practice mandatory?

This type of 2-step mechanism is not a GDPR requirement. However, different countries may demand it, as it is the case of Germany.

What is personal data?

Any information that identifies an individual direct or indirectly. Examples: name, phone number, physical, economic or cultural data.

Is it necessary for European data to be stored within the continent?

No. GDPr does not demand storage to take place in the continent. As long as personal data are properly protected, they can be transferred to other regions.