GDPR 7 Points Survival Guide for Marketers

GDPR 7 Points Survival Guide for Marketers

If you look around your fellow business owners or digital marketers, you’ll probably see a lot of them making a big fuss about GDPR.

So what’s the big deal, and why should you care?

We know you work hard to grow your company, build a customer base, and convert leads.

However, some growth-focused strategies and technologies that are popular nowadays may be violating the General Data Protection Regulation (GDPR), which is going into effect on 25 May 2018.

This law will have an impact on many marketing activities, from lead generation to Facebook advertising, which are considered essential by many marketers.

Even though the GDPR is designed to protect the personal information of EU citizens, the line can become blurry if you sell to customers or service clients from all over the world – a common scenario in today’s digital economy.

Given the hefty penalty for violating this new regulation, which can cost a company up to 4% of annual global turnover or €20 Million (whichever is greater), it pays to make sure you whip your online marketing tactics into shape to be compliant with GDPR.

Reading through legalese probably isn’t your thing, so we have done some legwork for you. Here’s what you and your digital agency need to know about this new regulation:

Two Main Concepts You Need to Know About GDPR

For marketers who collect, process, store, and utilize the personally identifiable information (PII) of prospects and customers who are EU citizens, there are two main concepts to keep in mind:

A. Consent

In order to use PII for marketing purposes, you need to obtain explicit consent by asking users to opt in or opt out with a clear affirmative action.

That means you can no longer use pre-checked boxes or inactivity as implicit consent to track activities and send marketing communications.

Blog image 1.PNG

Image source

In addition, you need to clearly communicate how you plan to use the personal data while keeping in mind the updated data subject rights in GDPR, which include breach notifications, right to access, right to be forgotten, data portability, privacy by design, and the appointment of a data protection officer.

Blog image 2.PNG

Image source

B. Legitimate Interest

“Legitimate interest” can be used as grounds for collecting and utilizing users’ personal data without explicit consent, but not when the rights of the users override the company’s legitimate interest.

For example, an online seller doesn’t need to obtain consent to collect information required to complete a transaction from a shopper who is making a purchase.

However, “legitimate interest” can be open to interpretation, so it’s best to check with a legal professional on a case-by-case basis.

What You Need to Do to Stay GDPR Compliant

Keeping in mind GDPR’s key changes to data subject rights, here’s what marketers need to do ensure compliance and stay out of trouble:

1. Provide Proper Notice and Obtain Consent

When users initiate contact with your company and share their PII, they should be given information on how the data will be used and asked to provide consent (e.g., by checking a box on a lead generation webform or using a form-like element on website for consenting to the use of cookies.)

Once users have submitted their information, store a copy of the notice and the consent along with the timestamp of the interaction for future reference.

Many email service providers offer GDPR compliant opt-in forms and allow you to segment your list by the level of permission given. Make sure you inquire about those features and update your webforms as necessary.

2. Provide the Ability to Withdraw Consent

Under GDPR, withdrawing consent needs to be as easy as giving it.

Provide a link for users to manage their subscription preferences or withdraw their consent on a subscription preference page, which can be created through your email service provider or CRM platform.

The page will reflect users’ affirmative opt-in for the communications they will be getting from you.

Users can also send a withdrawal of consent directly to your company, and you’d modify the preferences within your system.

3. Communicate the Use of Cookie

If you use cookie on your website to track users’ activities, you need to obtain their consent to do so.

Add a notification on your website for such affirmative opt-in and make sure the cookie-consent message is written in a language appropriate for each user’s location.

Blog image 3.PNG

4. Offer the Ability to Permanently Delete Information

Users can request to have all their personal information deleted from your database. Such information could include email tracking history, call records, form submissions, and more.

Ensure that your email and contact system has the ability to perform a GDPR-compliant permanent delete. You should have a process in place to perform such deletion within 30 days of receiving a request.

5. Enable the Access and Portability of User Information

You should be able to grant access and portability of users’ personal data by exporting all contact records into a machine-readable format.

Personal data is defined as anything that can be used to identify a user, including name, email address, ID number, location information, IP address, or online identifier (e.g., a cookie).

6. Provide the Ability to Modify Data

Users should be able to modify the information in their contact record any time if they find it incomplete or inaccurate.

For example, you can add a link in your marketing emails to allow users to modify their profiles, or your sales reps can update the information when they interact with your customers.

7. Set Up a Process for Breach Notification

Under the GDPR, users need to be notified within 72 hours of any data breach that is likely to “result in a risk for the rights and freedoms of individuals.”

The tight 72-hour window for notifying users, customers, and controllers “without undue delay” after first becoming aware of a data breach means you need to have a well-designed process in place to detect breaches and notify users in a timely manner.

GDPR Is About Building Trust with Your Customers

When you look pass the legalese, GDPR is actually not that scary.

Many industry best practices designed to build trust and relationships with prospects and customers already address many of the rights mentioned in the new regulations so if you have been respecting the privacy of your subscribers you’re already more than halfway there.

Of course, you want to make sure your i’s are dotted and t’s are crossed. We are working with our clients to  make sure their customer acquisition strategy is GDRP ready. Feel free to book a complimentary audit with us. 

Also, you can refer to the GDPR Portal or this comprehensive collection of resources from the UK’s Information Commissioner’s Office to help implement the necessary steps and stay GDPR compliant.



4 campaigns to boost your ROAS (up to +400%)

4 campaigns to boost your ROAS (up to +400%)

2017 was an amazing year at Impulse! We have been partnering with 25+ clients, including large e-commerce like Sounds True, Émoi-émoi or Y-combinator startup like Instawork, profitably investing more than $2M on Facebook Advertising.

These are the four campaigns that we set up systematically to maximize profitability for our client. Please feel free to steal these. They have helped us increase our clients Return On Advertising Spend (ROAS) by 400%.

For those of you who are not familiar with what ROAS is and why to track it, a good way to think about it is that ROAS (ads revenue / ads cost) assess tactics effectiveness, while ROI (profits - costs x 100 / costs) measures strategy (a good recap here from our friends at Markeko).

1.   Lookalike Premium Buyers

Lookalike is a very powerful way to find users similar to your current user-base. Actually, it works so well that for many of advertisers it’s the only profitable type of targeting.

There are different ways you can continuously improve the performance of your lookalike campaign. One way is to improve the quality of the users you input to build these audiences.  We systematically segment users based on monetization or retention, and experiment with these audiences to identify the highest ROI.

PRO TIPS: It's important to keep a minimum of about 500 users as an audience source. Also, for B2B we usually combine lookalike with some interest targeting to ensure we stay in the specific industry we are targeting.

2.   Retargeting

Ok, so if you don’t have any retargeting campaign in place, stop reading this, go to Facebook and set it up right now. That’s the biggest low-hanging fruit, and it’s much easier to set up than you think.


Retargeting allows you to keep track of all visitors to your website and potentially retarget them in the future. So, even if you are not going to start your campaign today, you may want to make sure that you are ready to do so with your pixel set up.

PRO TIPS: For more advanced marketers, we had some great results from setting up a certain flow for your remarketing with a specific messaging for first to third day visitors, third to fourth days, and fourth to seventh days. Segmenting by days allows you to maximize your impression on the first day after the first visit, and also provides a stronger incentive. Here is a way you can set up this sort of flow.


Sometimes, we use a tool like to retarget visitors based on the time they spent on the page, and Facebook released last year this option in Ads Manager as well. 

3.  Cart Abandonment

This one is more specific to e-commerce and is a remarketing variation. It focuses focus on one specific type of user: people who drop off after clicking ‘add to cart’ (or another final actions in your funnel)

It is quite aggravating when you have done most of the heavy lifting, yet for one reason or another, your potential client changes their mind, forgets about it and doesn’t complete their purchase. Most of the time you just need to remind them that their cart is still waiting for them. A sweet way to do this can be to add a small coupon. We have a huge return with these campaigns with e-commerce.

PRO TIPS: For these guys, do not hesitate to push the frequency even above 20. They want your product but just got distracted, and the right column of their feed is a great place to remind them (and with cheap CPM).

4.   Top of funnel/awareness campaign

In addition to our conversion/performance campaigns, we always recommend keeping about 25% of the budget on awareness/brand building. FB offers very competitive way to build up your awareness through video views or website click campaigns focusing on traffic and visibility.


These are the people you'll reach out to with more targeted messaging and with whom you'll reap the rewards of retargeting. Do not neglect this campaign, and with decent content it can be pretty cheap to bring tons of interested visitors to your website.

PRO TIPS: Experiment with Post Engagement campaign. If your content is valuable, you will get tons of likes/share that will deliver a lower overall CPC Link than your website click campaign.

I hope this helps. If you have any questions or would like a free assessment of your account do not hesitate to click here to schedule an appointment  or send an email to