GDPR matters if your users are in EU

GDPR matters if your users are in EU

GDPR matters if your users are in EU 1000 300 digital devotee

I’m sure you’ve heard about the GDPR data protection laws for the EU which apply not just to companies in the EU but for any that capture user data of EU citizens.  You are likely to have some such contacts subscribing to newsletters, buying your products online, or viewing your website.

The GDPR is complex and contains many legalities about how you handle and use data:  You will want to work with your legal advisor to understand in more detail what you need to do.

Deadline to comply: 25 May 2018

What information must be given to individuals whose data is collected?

  • who your company/organisation is (your contact details, and those of your DPO if any);
  • why your company/organisation will be using their personal data (purposes);
  • the categories of personal data concerned;
  • the legal justification for processing their data;
  • for how long the data will be kept;
  • who else might receive it;
  • whether their personal data will be transferred to a recipient outside the EU;
  • that they have a right to a copy of the data (right to access personal data) and other basic rights in the field of data protection;
  • their right to lodge a complaint with a Data Protection Authority (DPA);
  • their right to withdraw consent at any time;
  • where applicable, the existence of automated decision-making and the logic involved, including the consequences thereof.

Rights of EU Citizens

  • information about the processing of your personal data;
  • obtain access to the personal data held about you;
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request that personal data be erased when it’s no longer needed or if processing it is unlawful;
  • object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
  • request the restriction of the processing of your personal data in specific cases;
  • receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
  • request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.

What’s the practical outcome for marketers?  In a nutshell you need to tell people why you want to collect data and how you will do it before getting their explicit content to proceed.  And once you have the data, you need to understand exactly where it is stored and have a systematic way to delete it if requested (and if you’re not obliged to keep it by tax authorities etc.)

For example on your newsletter subscribe form you might consider this…


  • clearly state what the subscriber is signing up for
  • no prechecked subscribe boxes
  • include link to privacy policy – you should seek legal advice about how to revise yours
  • let subscribers know they can unsubscribe anytime


Campaign Monitor, a large email platform, has a good webcast about how GDRP effects marketers you might want to listen to.

If you are a Hong Kong registered company you can read more about the GDPR from Hong Kong Privacy Commissioner for Personal Data.

Taura Edgar

I am a digital marketing professional based in Hong Kong since 1998. I have developed and led digital teams to grow brands and have a wide background in strategy, conception, art direction and production for digital projects.

All articles by: Taura Edgar
    Privacy Preferences

    When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

    For performance and security reasons we use Cloudflare
    Google Analytics tracking code disabled/enabled
    Google Fonts disabled/enabled
    Google Maps disabled/enabled
    video embeds (e.g. YouTube) disabled/enabled
    View our TERMS OF USE
    Our website uses cookies mainly for analytics and content like YouTube. Define your Privacy Preferences and agree to our use of cookies.
    Skip to content