Why GDPR is the Best Thing to Happen to Content Marketing in Years?

15/07/2018 2 comments

It seems these days, whenever you click on a webpage, you are greeted with the following message:

We’ve updated our privacy policy.

So why is everyone suddenly so concerned with this? Well, because on 25th May, 2018, the EU General Data Protection Regulation, or GDPR, has come into force and that includes a potential audience of 750+ million people. The regulation applies to organizations operating business in the European Union, but also those outside the EU that offer products and services, or otherwise collect, monitor, or use data from EU citizens.

That’s a good reason to pay attention to the new regulation. In fact, I think that GDPR deserves an in-depth explanation, especially how it affects content marketers and why it can be a boon to them, so here’s one.

What is GDPR?

First, what is GDPR? The GDPR is a new set of data privacy regulations that governs how companies can collect and process private data of EU citizens. It was announced on 14th April, 2016 and came into effect on 25th May, 2018.

Before this, data in the EU was regulated through the Data Protection Directive 95/46/EC, but the problem with this directive was that it was introduced all the way back in 1995. Since then, 23 years have passed, data has become a seriously valuable resource for companies (probably more valuable than you think, according to MIT Sloan Review) and, evidently, a new data regulation was gravely needed, one that better addresses the fears and concerns of the people whose data was being collected and used.

Enter GDPR.

What makes GDPR different from its predecessor? With the new regulation now in place, if you want to collect and process data from your visitors, you must now obtain their clear consent. This means that you have to clearly state that you are collecting their data and for what purpose that will be. For instance, if a visitor gave you their info to download an ebook or a white paper from your website, you cannot use this to sign them up to your email newsletter list.

The consent needs to be clear and unambiguous. Users need to know why they are giving their consent and you need to have a record trail that someone gave you permission to use their personal data. Here’s what Article 7 of GDPR, Conditions for Consent says:

Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing his or her personal data.

In a simpler language, consent must be documented (you can’t use pre-ticked or otherwise implied consent), including why it was given (for what purpose did the visitor gave you their data), how did you requested their data and so on. Furthermore, users can at any point withdraw their consent, in which case, you will be obligated to erase their data entirely.

What Does This Mean for Content Marketers?

When GDPR was first announced two years ago, it started a little panic in the online world. All of a sudden, website owners had to drastically change their privacy policies, not to mention many weren’t (some still aren’t) quite sure if the new regulation applies to them and to what degree.

But now that the dust has cleared and we have a pretty good idea of what GDPR is, we can finally say that the new regulation is nothing to be feared from. In fact, when content marketing is concerned, we haven’t seen anything better than it since Google’s Hummingbird update shifted the focus from keyword-optimized to conversation-optimized content and from search engines to humans and what’s helpful to them.

For a time, the big concern was that GDPR will make it much harder for companies to generate leads and increase their conversion rates, but this isn’t the case. Yes, in a way, GDPR will change the game, you will have to get smarter in how you do this, but that’s not a bad thing. GDPR can actually help you better position your brand and become closer and more relevant to your potential customers. If anything, GDPR will let you generate more quality leads than anything else.

The content (or content marketing) will play a crucial role here. By providing better content, you will also be able provide a better user experience as well. Better user experience means happier customers, who are in turn, more likely to buy the goods or services that you offer them, sign up for your email list, download your resources… you get the idea.

All of this will allow you to build a better, more authentic, relationship with your audience and customers. One you can both (and not just one side) benefit from.That is how you get them to convert and buy from you.

What Do You Need to be GDPR-Compliant?

Here are 8 steps that you need to take to prepare for the General Data Protection Regulation:

  1. Take an audit of the data you currently hold

Make sure to document and take an inventory of what personal data you already hold, including its origin and any third-parties (like data brokers) you share it with.

  1. Review and update your current privacy policy

If you are already collecting cookies from visitors or their data in any other way (such as through forms), take a good, critical look at them. Do they in any way imply consent or are ambiguous? Your new, GDPR-compliant policy needs to be clear and concise. You need to in particular pay attention to consent. Users need to give you their consent freely.

One note about consent. You cannot get consent from children (anyone under 16) lawfully as they may be “less aware of the risks, consequences and safeguards of sharing data”.

  1. Communicate with users that you will collect and use their personal data

Under GDPR, you are have to inform users of your intention to collect their data and its purpose. This information also needs to be easily understandable and its intent clear. For instance, if you want to add someone to your email newsletter list, you need to clearly state that you will be doing for this purpose and no other.

  1. Hire or appoint a Data Protection Officer (DPO)

If your website gathers and manages data from EU citizens, you will need to hire a Data Protection Officer. You can hire someone in-house or one from outside. This person will be responsible for supervising your data protection strategy and how you put it into action and, of course, ensure that it complies with GDPR.

  1. Make sure your data collection processes are opt-in and not opt-out

One of the major differences between EU and the US in how companies collect data. In EU, if you want to gather data, you need to get an opt-in consent from them, whereas in the US, users need to opt-out if they don’t want to be in your email list for example. If you just give them a mile-long terms of service and ask them to check the box, that’s not an acceptable opt-in.

  1. Actually follow your new privacy protection policies

The new privacy protection policy shouldn’t be just empty letters. You need to actually follow them once you put them in place. Failure to do so can cost your company up to 4% of its global annual turnover or €20 million, whichever is greater. If nothing else convinces you to follow this regulation, this surely will.

  1. Have a plan in case of a data breach

GDPR will no longer allow situation where a data breach happens but the company doesn’t report it. Now you will have to report a data breach to the supervising authority no more than 72 hours after it happened. If this ever happens (I hope for your sake it doesn’t), be sure to provide as much information about the data breach, such as why it happened, who it affects and what you intend to do to prevent this in the future. In addition, you also need to inform users whose data that is in the first place of the breach.

  1. Erase data when you no longer need it or when the user requests this

You can no longer keep data indefinitely once you obtain it. If you no longer need that data you should erase it. The same goes if the user requests you to do this. In this case, you’ll have to delete the data you have stored and inform an third-party of the user’s requests so they do the same.


GDPR affects not just over 750 million EU citizens, but every business that sells goods and services to them and wants to collect and use their data. Chances are, that’s your company as well. The question is, is your organization ready for the new regulation and, more importantly, are you as a content marketer ready?

Let me know in the comments below if you have any questions or comments about GDPR and make sure to share this article with anyone you think might find it useful.