[{"@context":"https:\/\/schema.org\/","@type":"BlogPosting","@id":"https:\/\/aokmarketing.com\/gdpr-advertising-checklist\/#BlogPosting","mainEntityOfPage":"https:\/\/aokmarketing.com\/gdpr-advertising-checklist\/","headline":"GDPR Advertising Checklist","name":"GDPR Advertising Checklist","description":"It just became more challenging to market or sell to prospective international customers. That\u2019s because the European Commission\u2019s General Data Protection Regulation (GDPR) came into effect, heaping onerous new data-management regulations on organizations of all sizes, from multinationals to SMEs\u2014and everyone in between. Think of it as Canada\u2019s Anti-Spam Legislation on steroids (or maybe crack, &hellip; <a href=\"https:\/\/aokmarketing.com\/gdpr-advertising-checklist\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">GDPR Advertising Checklist<\/span><\/a>","datePublished":"2018-08-07","dateModified":"2026-06-21","author":{"@type":"Person","@id":"https:\/\/aokmarketing.com\/author\/jana-legaspi\/#Person","name":"Jana Legaspi","url":"https:\/\/aokmarketing.com\/author\/jana-legaspi\/","identifier":8,"image":{"@type":"ImageObject","@id":"https:\/\/secure.gravatar.com\/avatar\/ba3039ce7c5eedb92f315518b69aea1d90d5c2076ce893d078c6f29cf6ddd032?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/ba3039ce7c5eedb92f315518b69aea1d90d5c2076ce893d078c6f29cf6ddd032?s=96&r=g","height":96,"width":96}},"publisher":{"@type":"Organization","name":"AOK Marketing","logo":{"@type":"ImageObject","@id":"https:\/\/aokmarketing.com\/wp-content\/uploads\/2025\/07\/AOK-Marketing-Logo.png","url":"https:\/\/aokmarketing.com\/wp-content\/uploads\/2025\/07\/AOK-Marketing-Logo.png","width":126,"height":53}},"image":{"@type":"ImageObject","@id":"https:\/\/aokmarketing.com\/wp-content\/uploads\/2018\/07\/Blog_Posts_GDPR_InternationalCustomers_01.png","url":"https:\/\/aokmarketing.com\/wp-content\/uploads\/2018\/07\/Blog_Posts_GDPR_InternationalCustomers_01.png","height":560,"width":780},"url":"https:\/\/aokmarketing.com\/gdpr-advertising-checklist\/","about":["Online Marketing Essentials"],"wordCount":980,"keywords":["GDPR"],"articleBody":"It just became more challenging to market or sell to prospective international customers.That\u2019s because the European Commission\u2019s General Data Protection Regulation (GDPR) came into effect, heaping onerous new data-management regulations on organizations of all sizes, from multinationals to SMEs\u2014and everyone in between. Think of it as Canada\u2019s Anti-Spam Legislation on steroids (or maybe crack, depending on your interpretation). The legislation is complex, burdensome and compliance is relatively difficult.In other words, it\u2019s a technocrat\u2019s fantasy. Imagine a cadre of Europeans huddling in Brussels for months to determine how best to gum up the marketing machinations of otherwise successful organizations. This is the legislation they would (and apparently did) produce.Many US and Canadian SME owners may have shrugged when they heard the news that GDPR was a thing, and that it would soon be put into effect. \u2018Who cares?\u2019 they thought, reasoning that because they only sell their products or services domestically, they\u2019d escape the GDPR\u2019s reach. Not so fast.The new law applies to any organization that processes data in the European Union, or that offers paid or free goods or services or monitors the behavior of individuals within the EU. There are exceptions if \u201cprocessing personal data isn\u2019t a core part of your business and your activity doesn&#8217;t create risks for individuals,\u201d but the net cast by GDPR is wide. In fact, it basically covers the entire Internet and can ensnare unsuspecting businesses by default.Why? Let\u2019s say you\u2019re a Canadian company that doesn\u2019t do business in the EU, but receives website traffic from overseas. If a French national simply visits your website, surfs around and leaves, you\u2019re in the clear. But if someone from the EU enters their personal information to download a report from your website, as an example, you\u2019re now deemed in control of their personal data under European law.Your organization would then fall under the purview of GDPR. With that fun bit of news out of the way, here\u2019s what that all means, according to the bureaucrats in Brussels:\u201cPersonal data must be processed in a lawful and transparent manner, ensuring fairness towards the individuals whose personal data you\u2019re processing (\u2018lawfulness, fairness and transparency\u2019).You must have specific purposes for processing the data and you must indicate those purposes to individuals when collecting their personal data. You can\u2019t simply collect personal data for undefined purposes (\u2018purpose limitation\u2019).You must collect and process only the personal data that is necessary to fulfil that purpose (\u2018data minimization\u2019).You must ensure the personal data is accurate and up-to-date, having regard to the purposes for which it\u2019s processed, and correct it if not (\u2018accuracy\u2019).You can\u2019t further use the personal data for other purposes that aren\u2019t compatible with the original purpose of collection.You must ensure that personal data is stored for no longer than necessary for the purposes for which it was collected (\u2018storage limitation\u2019).You must install appropriate technical and organisational safeguards that ensure the security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technology (\u2018integrity and confidentiality\u2019).\u201d That last point is the kicker. If it doesn\u2019t already\u2014and if there\u2019s even a remote chance that GDPR could apply in your case\u2014your organization must have data usage policies and procedures in place. Once those rules are implemented, it\u2019s especially important to communicate them to the individual(s) in your marketing and sales departments, or the outsourced provider that handles marketing on your behalf. Odds are these team members will be the ones handling client or visitor data most often, so they need to be aware of their data-management responsibilities.Also, be sure to double check your online search engine marketing targeting and retargeting initiatives to make sure you exclude any EU countries. That way if you have an email address in your database from past search marketing efforts, or if someone gets targeted in a &#8216;lookalike&#8217; audience\u2014individuals whose demographic profile is similar to your core target audience\u2014the platform should block them from seeing your ad, thus reducing your risk.GDPR rules and regulations are far more detailed and complex than what I\u2019ve outlined here, so if you enjoy being lulled into a coma, read the full legislative overview on the European Commission website (https:\/\/ec.europa.eu\/info\/law\/law-topic\/data-protection\/reform\/rules-business-and-organisations_en). It\u2019s unfortunately worth taking the time to read: penalties for non-compliance can range from a stern warning to a ban on data processing in the EU (not sure how this could be enforced) to a fine of up to \u20ac20 million or \u201c4 per cent of the business\u2019s total annual worldwide turnover.\u201d Ouch.The most important takeaway is that no legislation should hinder your organization from marketing to its core audience\u2014we survived CASL, after all. Compliance is never impossible, but you will need to make adjustments to satisfy the EU\u2019s new regulations.It\u2019s wise to be proactive by adding a GDPR compliance page on your website outlining your company\u2019s approach to data management and transparency. Explicitly inform website visitors of what you plan to do with their data and only use information you collect for the purposes you\u2019ve outlined\u2014or at least in cases where that data has derived from the EU. Then give your staff a primer on the GDPR\u2019s key points and outline their data-protection responsibilities. It could be worth spot-checking their marketing efforts to ensure compliance.The new reality is that you need to be more mindful of your organization\u2019s digital marketing practices and only use tactics that are compliant or can be reasonably deemed not to be exploiting the online data and privacy of Europeans. Brussels is now watching."},{"@context":"https:\/\/schema.org\/","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"GDPR Advertising Checklist","item":"https:\/\/aokmarketing.com\/gdpr-advertising-checklist\/#breadcrumbitem"}]}]