en DE RU
Request Demo
Bloomreach Acquires Exponea. Learn more

Transform GDPR from Risk to Opportunity

Want to limit your risks and build trust with your customers? Join the upcoming Exponea Academy GDPR course today.

Listen this article on:

GDPR for marketing: What marketers need to know (+ Quiz)

Jan 10, 2020 Jordan Torpy 6 min read

Stories about hefty GDPR fines seem to be coming out with increasing frequency. It’s only natural for marketers to feel a little unsure about where they stand with respect to GDPR. After all, compliance probably requires changing some long-held business practices.

This can make GDPR seem like a formidable obstacle that stands in the way of your business. But here at Exponea, we prefer to look at GDPR as an opportunity for you to improve your relationships with your customers. When done properly, GDPR compliance should be a win-win situation.

To help you out, we’ve interviewed our in-house GDPR expert to bring you some GDPR best practices.

Annabel Pemberton (Introduction)

GDPR Marketing Expert

Annabel Pemberton is one of Exponea’s GDPR experts. With her passion for consumer rights and privacy, a Law degree, and experience helping e-commerce companies become GDPR compliant, Annabel knows how to turn GDPR compliance into business opportunities.

We sat down with Annabel to ask her about what GDPR means for today’s marketers, how it can impact their work, and how they can turn it into a tool for growth and better customer experiences.

Interview with Annabel

Watch this 8-minute interview with Annabel to discover how GDPR impacts marketing, and learn best practices for approaching GDPR issues. If you prefer to read her thoughts, you can check them out below.


How does GDPR impact marketing?

GDPR is a customer-centric regulation drafted with the protection of European individuals at its core. Because of this, marketing is affected, as it involves targeting individuals by utilising their data in order to deliver personalised content. Integrating marketing with privacy education about how a customer’s data is being utilised and asking for this data in the right way is therefore necessary.

Who is affected most by GDPR in marketing?

Any role which communicates, creates or delivers content to a European citizen needs to be aware of the fundamentals of GDPR, such as how to gain consent to collect data and compliant emailing. These roles include:

  • marketers who are creating content, 
  • designers of features such as weblayers, 
  • lead generation teams who are communicating with future prospects. 

As GDPR needs to be followed on numerous occasions, many organisations are now required to have a Data Protection Officer (DPO), who keeps oversight over the flow and handling of data in the organisation. 

What practical knowledge should a Data Protection Officer (DPO) have to provide the best advice for the company?

A DPO typically will ensure that they are engaging in the wider privacy community and keeping up to date wIth whitepapers and privacy news, while staying grounded with how these changes can be used in business. 

It is important that they are regularly monitoring that the safeguards around their organisations data are effective and mitigating harm. Therefore, a DPO might be working with the company’s Security team on a regular basis. They also have the responsibility of delivering company wide awareness and training about data protection to prevent and mitigate incidents that can occur as a result of poor data handling and use. 

As the role of DPO is a relatively new one, there are several industry backgrounds in the profession. Some individuals are qualified lawyers or have previous experience in data analytics or have undertaken further courses in the relationship between technology, business and the Law. 

What are some of the most frequently asked questions you get from clients?

Before working in our Data Protection team, I was a consultant in Exponea’s Client Services department and therefore would work directly with specific clients. Now I am regularly involved in preliminary discussions with our clients to inform them about Exponea’s GDPR capabilities. All of our clients handle different types and quantities of data, so we face different problems to solve regularly.

One question that we have been answering on several occasions is whether a client needs to adjust their cookie banner. A recent judgement has slightly changed how consent needs to be given for online trackers, so we have been helping our clients if they have faced difficulties. 

Another questions includes how consent to send communications should be asked for, including where on the website, how and what can then be done with that data. These are both questions that we cover in the GDPR Academy, ensuring that attendees understand GDPR but know how they can still be creative when compliant. 

What are the most common GDPR-related issues encountered by enterprise-grade companies?

Many enterprise-grade businesses face similar problems as SMEs such as how to handle consent categories, ensuring transparency over data collection to their clients and security of their system. These issues however are more complicated due to the quantity and type of data the company is collecting. These sensitive data types, such as health or banking data,  can be protected with better granularity of access controls and physical and security which we ensure for our larger clients. 

With a larger quantity of data, some clients also require features to manage customer consents, such as a customised consent page which is a topic we cover in the Academy. 

What kind of businesses do you think should be most encouraged to become GDPR compliant?

As you can see, many businesses are and will continue to be affected by data protection regulations such as GDPR. In particular, any company who is targeting European citizens needs to ensure they have an understanding and follow the regulation. 

Can you share some practical tips on GDPR for marketers with us?

Many companies feel that GDPR will restrain how they do business. This is a common contention that at Exponea we have set out to break, as creativity and GDPR can go hand in hand with the right knowledge and tools. 

My main advice is therefore to learn and respect the rules of GDPR, but use the opportunity to ask the right questions to customers to design your content for them. 

These customers want to hear from your brand and are your key audience, so it is crucial to serve content that will benefit them. As many companies fail to appreciate that GDPR gives them visibility into their audience, getting to know your customers this way can set you out from the crowd and improve brand loyalty. 

This mindset shift and thinking beyond the text of GDPR is central to our GDPR Academy.


How comfortable are you with GDPR? We’ve prepared a small quiz to check your GDPR- readiness. If you want to avoid hefty fines, you should be able to answer the following questions.

1. Do you know the legal basis under which you sent out your last campaign email?

  • Contract
  • Consent
  • Legitimate interest
  • Legal obligation
  • Vital interest
  • Public task

Your data protection authority expects you to have the answer.

2. Can you say why this banner is in breach of GDPR?

GDPR Subscription Banner

There are three mistakes. Have you found them all? GDPR expects you to.

3. SAS – A customer makes a subject access request. What do you do?

GDPR only gives your employees one month to respond. Do they know how to respond?

4. Right to Erasure

A customer can ask for their data to be deleted, while you can store the data important for the overall analytics of your project.

You can satisfy both of these competing interests. Do you know how?

5. Data Retention

Consent given for an indefinite period cannot be used forever. You should know how to assess when it expires.

Are you sure it has not already happened?

So how did you do? If you were unsure about any of the questions, you should brush up on your GDPR knowledge. The risks presented by GDPR are significant – you need to be certain that you’re compliant.

Exponea now offers a GDPR Best Practices course. Over the course of four live classes plus an examination, the course will ensure that you become aware of GDPR fundamentals and how you can utilise Exponea or other marketing automation tools to help meet GDPR requirements. You’ll also learn how to turn the risks of GDPR into an opportunity for your business.


Today’s marketers need to be familiar with the GDPR. But it doesn’t have to be an insurmountable challenge. With the right mindset and knowledge, marketers can use GDPR compliance as a tool to help improve the customer experience.

Transform GDPR from Risk to Opportunity

Want to limit your risks and build trust with your customers? Join the upcoming Exponea Academy GDPR course today.

meet the author
Jordan Torpy
Technical CDXP Specialist
Jordan works closely with the content team and Exponea experts to create material that brings value to readers. With a background in teaching, training, and marketing, Jordan uses case studies, presentations, newsletters and more to illustrate what's possible in the martech world today.

Watch Exponea demo video!
Explore the Customer Data & Experience Platform B2C Leaders Love to Use

MISSGUIDED Victoria Beckham Desigual
ebuyer River Island

We rely on cookies

to optimize our communication and to enhance your customer experience. By clicking on the Accept and Close button, you agree to the collection of cookies. You can also adjust your preferences by clicking on Manage Preferences. For more information please see our Privacy policy.

Manage cookies
Accept & close

Cookies preferences

Accept & close
We use cookies to optimize our communication and to enhance your customer experience. We also share information about how you use our website with our third parties including social plugins and analytics. You consent to our use of cookies if you continue to browse our website. You can opt out of our cookie use on the Do not Sell my Personal Information page. For more information please see our Privacy Policy.