A Digital Advertiser’s GDPR Checklist

05.11.18 // Kendra Macek

Disclaimer: Obility is in no way liable for your companies compliance with GDPR.

The General Data Protection Regulation (GDPR) deadline is right around the corner on May 25th. It is imperative that EMEA advertisers understand the steps that need to be taken in order to comply.

Between the multitude of gated guides and speculative blogs it can be hard to know what you need to do as a digital advertiser to be compliant. Therefore, I have been reading a plethora of ultimate guides, attending sessions at Marketing Nation Summit, and having healthy debates with coworkers on implied consent. From that, I arrived at a compiled list of actions digital advertisers need to perform to stay compliant.

This checklist is by no means the end all be all. However, it’s a good first step in ensuring your paid advertising efforts on search and social are compliant.

Where To Start

GDPR compliance centers around the use of data and requires explicit consent in most cases. Contact data most often lives in a Marketing Automation and/or CRM system. Therefore, it makes sense for us to start with those platforms and move onto the paid ad platforms afterwards.

MA Platform and/or CRM System Fields to Add

  • Add the following six lead fields in Marketing Automation platform and/or CRM system to facilitate consent compliance (Double opt-in required for some regions)
    • Opt-in to processing – (Boolean field: yes or no)
    • Opt-in last updated – (Date and time the consent to processing was last updated)
    • Opt-in notes – (Capture purpose of consent, the way consent was obtained, previous consent purposes)
    • Double Opt-in to processing – (Boolean Field: yes or no)
    • Double Opt-in last updated – (Date and time the consent to processing was last updated)
    • Double Opt-in notes – (Capture purpose of consent, the way consent was obtained, previous consent purposes)

Landing Page Changes

  • Update landing pages to include a privacy policy on each page that has a form that states how you will be using their data
  • Add an unchecked checkbox to the landing page stating that the contact agrees with your data usage practices
    • Consent can also be given by means of (note: make sure to document thoroughly)
      • Verbally to their account executive
      • Email affirming their opt-in to marketing or other contact in an org
      • Providing verbal or physical copy of contact deals in person (business card, etc)
  • Provide a way to withdraw consent (through a subscription center, etc)
  • Provide a method for contacts to request and view the data you have collected.

Website and Cookie Tracking Changes

  • Place a pop-up on your site that asks users to opt in or out of cookie tracking
  • Provide a way to opt-out of marketo cookie tracking at any time (on privacy policy is a good place)
  • Manage cookie consent preferences within Marketo
    • In Marketo go to Admin >Munchkin>Person Tracking> and choose to support “Do Not Track” requests
    • If using web personalization, you also need to go to Account Settings> Domain> Honor DNT and choose “on”

Search & Social Platforms

  • Identify all audiences being targeted using contact lists or cookie tracking
    • For audiences using contact lists, locate lists in CRM or MA system
      • Implement field for status of contact for Opt-in or Opt-out in smart list
      • Filter list to only include contacts who have opted in
      • Sync MA to platform to auto-update lists
        • Marketo has direct integration with most platforms, using AdBridge
        • For other MA platforms like Hubspot, Pardot, ActOn, and Eloqua use a third party connector like Zapier
  • Pull lists into campaigns, layer in additional targeting (if applicable), adjust bids and budgets, and launch.

Final Thoughts

With all the legal language surrounding these regulations and all the speculative but vague blog posts I have found, it can be difficult to discern next steps. The resources below helped me break down the barriers of this regulation and aided in my understanding of next steps to ensure compliance in ads for my clients.

Whatever your role is these resources below should give a clearer understanding of what GDPR is, how it will effect your data practices, and how to comply to these regulations.


Other GDPR Resources

Information Commissioner’s Office Guide


Official PDF of GDPR Regulation by Chapter

Marketo Guide: GDPR and the Marketer

General Data Protection Regulation Checklist


Paid Platforms

AdWords Changes in Ad Policies to Comply with GDPR

Microsoft (Bing) and GDPR

Facebook’s Commitment to GDPR

LinkedIn Marketing and GDPR

Twitter and GDPR


Marketing Automation & CRM Compliance

Marketo and GDPR

Hubspot and GDPR

ActOn and GDPR

Pardot and GDPR

Salesforce and GDPR


More Blogs by this Author…

Tags: , ,

About Kendra Macek

Kendra is a Paid Social Supervisor with a background in paid search and display. SaaS B2B Digital Marketing is her passion and specialty! She loves how often it changes, how quickly it's growing, and how successfully it can drive new business for her clients. In Kendra's offtime she loves glamping in cabins, wine tasting, and karaoke! View all Kendra Macek’s posts >