GDPR - The Death of Personalised Advertisement?

The big uncertainty around four letters

On May 25th the General Data Protection Regulation (GDPR) will come into effect. Are you wondering, if your business is affected by the GDPR? You can check it with this three simple questions:

  • Are you based in the EU?
  • Do you have operations, servers or customers in the EU?
  • Do you process personal data or use tools (like Google Analytics) that do so?

If one of the answers to these questions is yes, you can count yourself to the lucky ones that need to comply to the GDPR!

So what is the GDPR?

The GDPR contains a set of laws with the main goal to protect users, make the usage of their personal data more transparent and give them control over their data and hinder big concerns to cause the next Cambridge Analytica scandal. But it is especially causing small and medium-sized business sleepless nights, trying to keep an overview of what needs to be done to fulfill the requirements. Marketers are uncertain if they still can continue with their Facebook-campaign, Blogger are disabling their Google Analytics out of concern that they will be punished with a 20 million fine and developers are typing their fingers sore to add last-minute requests to make the website GDPR compliant.


It feels like nobody knows exactly what to do but luckily the internet provides a tremendous amount of articles, how to make your business GDPR conform. Therefore, this article will not go into technical details but discuss how the GDPR will affect personal advertising.

Keep calm and advertise on

The internet offers a great possibility to target customers very personalized. Through the usage of personal data, you can send your customers content based on their preferences and provide them with hand-tailored ads instead of random offerings. Isn’t it great that you can inform a girl from Hamburg, whose favorite artist is Ed Sheeran, that from today on concert tickets in her hometown are available? But therefore, you need personal data. You need to know that the girl is living in Hamburg and that she’s interested in Ed Sheeran. So how does the GDPR affect personal advertising?

The first impression is that using data to provide your (potential) customers with personalized content is becoming unbearable difficult. But no worries, it is still possible to do all this great stuff! There are three steps you need to take:

1. Get Consent

Consent is the magic word. You can still use all the data you need, you just need to ask your customers beforehand. The GDPR is forcing you basically to become politer. Ask and give your customers the possibility to refuse to share their personal data with you. This means also that the collected information needs to be directly relevant for its intended use. If you decide to use the data later for another purpose you need to get permission again. Also, the consent must be given actively, no pre-checked boxes or inaction as a form of consent are allowed.

2. Provide Information

Information is the second part of the solution. You need to inform your customers which data you are collecting and what you are using it for. This needs to be stated in the privacy policy and it is important that you are required to use plain language so that everybody can understand what you are doing. Vague formulations are not GDPR compliant. You also need to enable your user to access their personal data being stored and inform them within 72 hours if a data breach occurs. Furthermore, you need to give them the possibility to be forgotten. This means they can ask you to erase their data and potentially stop third parties processing it too. But you not only need to inform your customers, but also be able to prove that you are compliant, which means you need to keep a record, how you got consent for marketing activities on how you protect your customers' information.

3. Check your tools

If you are using Facebook, Google Analytics or any other tool which works with the personal data you need to check, who is responsible for the data protection and how to ensure it. Big companies like Google and Facebook are also compliant and implement some features to help you make this happen, like the new function in Google analytics to delete single user data if they request it.


GDPR is a complex topic and depending on your business it takes more or less effort to adapt to the new regulations. But remember: you are not alone! Almost every company needs to implement these things and soon they will become a standard. Important is that you know where you are processing personal data, to implement a strategy how to manage your customers' data, inform your customers and receive their consent.

Show them how using their data makes their experience with your product or website much better!