Brandhome BLA
How the GDPR will affect your (online) business How the GDPR will affect your (online) business

How the GDPR will affect your (online) business

A step change for data protection

  • share

Privacy and data protection are trending topics nowadays. On one hand, people want to know what their personal data is used for. On the other hand, businesses need a simpler and clearer legal environment to operate in. That’s why in less than a year, on May 18th to be exact, the General Data Protection Regulation (GDPR) will be applied in all EU member states. The GDPR will “harmonize” data privacy laws across Europe and give greater protection and rights to individuals.

The regulation will replace the current privacy law that exists since 1995 and is no longer relevant in our present digital age. But how will this new law affect the (marketing) business? And will it disrupt the power of internet giants like Google and Facebook?

The new data protection legislation

Almost every company with an online presence collects personal data from its users. With the new GDPR coming up, companies will be more accountable for their handling of people’s personal information. This can include having data protection policies, data protection impact assessments and having relevant documents on how data is processed. Companies need to know what personal data it holds, where and how it is sourced, how it is processed, and who accesses it. Data subjects also need to exercise their rights under the GDPR. They have the right to know under what law or consent companies are processing their personal data. This includes the fact that people have to get insight into their data and have the ‘right to be forgotten’. If you violate these regulations you will be confronted with enormous fees (up to 4% of annual revenue).

A threat or an opportunity?

All of this leads to companies becoming more and more transparent. Your client database needs to be up-to-date at all times, even if someone decides to opt-in and opt-out within the minute. However, you do not necessarily have to consider all these changes and preparations as a burden. This new regulation implies that people who opt-in are truly interested in your product or service. This means your database will be more relevant to your business. In that sense, you may also see the GDPR as an opportunity. GDPR-proof companies also have a unique selling point. Although consumers find a personalized experience important, they are even more concerned about their privacy online. A company that can ensure them that their personal information is safe, will be a big step ahead of their competitors.

Challenges for internet giants

So, if you take into account how these changes affect a regular company, how will it affect the bigger digital companies of this world, like Facebook and Google, who basically live off personal data? These companies also need explicit consent of users before being able to use their data for advertising purposes. This is a big challenge because it’s impossible to use a ‘service-wide’ opt-in for everything. Being Mark Zuckerberg also has its limits. You just simply can’t deny users access to your services because they refuse to opt-in for tracking. Facebook and Google need to ask their users for consent and present an opt-out and/or opt-in at different times and for different things. This creates varying levels of risk. Let’s take a closer look at these implications for Google and Facebook.


Personalized advertising on all Google platforms such as YouTube, Google Maps, Google Search and all the other websites where Google provides advertising will require opt-ins for extensive tracking. This also affects different AdWords features, Gmail ads and programmatic services. Location targeting (as used in Google maps) on the other hand, can’t easily target user based on geographical proximity anymore.


First of all, the nature of the content in the newsfeed may limit the range of data it can process. The use of personal data from Instagram for advertising on Instagram may be accepted as compatible with the new regulations and enable Instagram to use an opt-out notice rather than request an opt-in. For WhatsApp, a platform that is gaining more popularity, it will be necessary for users to give their consent for their personal data to be processed for purposes unrelated to WhatsApp functionality.

Is your company ready?

In overall conclusion, we can say that the GDPR regulation comes with some challenges. Companies like Facebook and Google are not immune to disruption. But the critical question for every business will be whether users will click ‘yes’ when asked to consent. There are a lot of things to think about, so you better start now! We will give you a step in the good direction with the following tips:

  1. Take an audit of your current database: know your contacts and how you acquired them.
  2. Review and disclose your data practices: what do you do with the data?
  3. Make sure you have consent from the people in your current database and new contacts.
  4. Rewrite your privacy statement and make sure people understand it.
  5. Think about a procedure for when a person wants to check their data or have their data deleted.
  6. Make sure the UX is still good when some people don’t want to opt-in.
  7. Invest in a good data-protection system.
  8. Look at your upcoming initiatives to ensure compliance now.