5 Things Every Mobile Marketer Needs to Understand About the EU’s General Data Privacy Regulation

The EU's new General Data Privacy Regulation (GDPR) requirements mean marketers will need to make changes about how they interact with, collect, and store personal information about  customers. In this post, Christine Ciandrini, our VP, Operations & Security, shares five questions marketers need to ask to test their readiness for GDPR, which goes into effect on May 25, 2018.


The European Union’s General Data Privacy Regulation (GDPR) goes into effect May 25, 2018.  The regulation has a wide ranging impact on the control and protection of consumer data so it’s a good idea to start now to plan for compliance. Here are five things you should know as a mobile app manager to help you prepare for new rules.

For marketers much of the GDPR focus is on rules requiring explicit customer consent to collect personal data. Primary impacts are that the consent terms and method of gaining consent must be unambiguous, data consent has to be proven, and the consumer can withdraw consent at their discretion.

Here are five questions to ask to test your readiness for GDPR;  

1) Does your current opt-in level meet the new unambiguous consent terms requirements?

More than likely you will need to introduce a new opt-in process for your app to meet the explicit consent criteria required by the GDPR.

2) Are your consent terms easy to understand?

Most Terms of Service / Terms of Use are complex, difficult to understand, and require lengthy review. GDPR requires that you clearly state what data you are collecting from the app user and how that data will be used.

This is a great opportunity to increase trust between your brand and your customer by making your consent terms as  clear and concise as possible. Remember that consent must be given for each specific use, not bundled, so you may need multiple terms for customer opt-in and tracking. Make sure the terms can be easily accessed, read, and understood on a mobile device.

3) Are you ready to contact your customers to upgrade consent level?

If your current level of consent has to be upgraded (and it probably will) you must reach out to each customer and renew consent. This requirement can really benefit you - it gives you a reason to touch base with each of your existing customers. Consider it an opportunity to renew interest in your app, gain additional information, and demonstrate your commitment to your customers’ privacy.

4) Do you have a way to store consent?

Companies have to prove that a customer has given explicit consent for data collection. That means that each opt-in has to be captured and stored. Since the customer has a right to erasure, your consent database must track when consent was given and if it has been withdrawn.  

5) Is your customer data accurate and secure?

Data must be kept up to date and accurate, and retained for no longer than is necessary. Marketers must keep an audit trail of their collection and use of data.

Customers can have their data removed upon request. You have to be able to accomplish deletions quickly and completely. Systems need to be enabled to perform take downs, and you have to have an identifiable process for customers to make the take down request and ensure it is acted upon.

The GDPR requirements necessitate changes to how you interact with, collect, and store personal information about your customers.  Starting now to understand compliance can mean capitalizing on ways to engage your customers and reinforce trust in your brand.

Have questions about what GDPR means for your brand? Get in touch with us anytime.