GDPR – What you need to know

GDPR (General Data Protection Regulation) are coming in May 2018 – Are you ready for them? The new rules govern how we can gather, use and process Personal Identifiable information within companies. These will most likely impact how we can use data for Marketing and our websites. In this video we are going to find out what GDPR means and how itโ€™s going to impact our businesses

James Chiodo website:
Information on GDPR:


๐ŸŽ“ Learn more from Measureschool:

๐Ÿš€Looking to kick-start your data journey? Hire us:

๐Ÿ“š Recommended Measure Books:

๐Ÿ“ท Gear we used to produce this video:


The European Union will start enforcing new privacy laws in May. Are you ready for them? Do they even affect you? And will it change the way we do our data-driven marketing? Let’s find out.

Hey there, and welcome back to another video of, teaching you the data-driven way of digital way of marketing. My name is Julian and by now you probably heard of the new data protection rules of the European Union, also know as GDPR. They reformed the way we gather, store, and process personal data, like about your customers, or how we can use this data for marketing purposes.

Now, you’re probably just like me, and privacy and the law are not your strong suit, so I wanted to break these new regulations down for you. And I’ve gotten some help on this video from James Chiodo, who is a Privacy Professional, and he helped me put all the information together, answered a lot of my questions, and overall, really helped me to put this video together. You can find more out about him on where he also helps, especially website owners or app owners to get ready for these new regulations. Now, I know you got tons of questions, but let’s get into the most important ones first, and then take it from there.

First up, what exactly is GDPR? Well, the general data and privacy protection regulations are new sets of rules that are laid out by the European Commission to protect personal data of European citizens. It is really the biggest reform of privacy law we have seen since the inception of the internet. The last times there were really revised were 20 years ago, so obviously there has been a lot of changes over the years in terms of the technology and the capabilities that we now have to use personal information. Just think about remarketing, or email marketing, or marketing automation. We as marketers use this personal data that can be connected to an actual person every day. And that’s really what the European Commission wants to protect and really clear up from a responsibility standpoint.

Now, it’s important to understand that the GDPR is not a clear-cut do-or-don’t list. It’s more of a framework written down in a very legal jargon which still needs to be interpreted by the parties involved and also, probably by the courts later on in lawsuits that will come of it, if one or the other company is violating these rules. But just as a little scare it is important to know that these rules will be start to be enforced by the end of May. So, do these regulations apply to you? Well, most likely, the answer is yes. If you have a mobile website or an app, that is accessible to Europeans or you have European customers, you will most likely need to comply with the new GDPR rules. Now, you might ask yourself, “Why? My business is not based in the Europe. “They can’t enforce that in my country, “so why should I care about this?” But remember, these rules don’t just affect small websites, or small business owners, they also affect businesses that process and store personal data on your behalf. Companies like Amazon, Facebook, or Google, do have subsidiaries in European countries, so they might very well be penalized and deceptable to these new fines. So, as these companies want to play by the rules, they will hand down and pass down some of these regulations probably to you because they also need to make sure that you are handling this data responsibly. And you’ve probably already received emails from Facebook or AdWords on how they are changing their systems and making sure they comply with the GDPR. So, only if you are really shielded off from all European customers, I really think that you should start thinking about how you can prepare for the upcoming changes in GDPR.

And it’s also important to note that Europe has traditionally been a strong role model for wider affects of privacy laws and regulations, so if you comply with them, you’ll be on the safe side, really, and future-proof. So, what changes with GDPR? Without getting too much into the nitty-gritty of the exact rules, I would sum it out in one word, and this is about responsibility. Previously, it was never really clear who was responsible for personal data that was held and processed by companies, and therefore, nobody really felt accountable in recent terms, for violating anything in privacy laws. Just think about the scandal that is now happening with Cambridge Analytica or Facebook, who’s really responsible here and what do they need to change?

With the GDPR, this clearly now is a responsibility and this has shifted towards the companies that hold and process that data. Now with that, the ones who are giving up the data, you and me signing up for a service for example, we get certain rights and these really empower us to have more transparency in the company, and ask the company for our private information and how it’s being used. This goes from how the data’s actually gathered, over the processing of the data, and then storing the information. Now as an example, commonly you asked users to give up personal information on forms on your website. That might be because you want them to sign up to your newsletter, or other product from you. Even before he clicks that sign up button, you need to inform him of why you are using that information, and how you are planning to process it, and use it later on.

Then you need to get explicit permission, also called consent, to save, use, and process that data going forward. And then, once the user clicks on that sign up button and he agrees to your terms, then you probably are not saving it somewhere in your computer but rather on a service, and there’s also a way you probably give the data to, to process that data and do further marketing with it. Now, it’s important to understand that you also carry the responsibility for those services to be using that personal data on your behalf, so you need to make sure they also are complying with the rules and regulations of that data. And that’s all important because at any time, your users should be able to ask you for that information. What do you have on them? How is it being used? How it’s being process? And potentially, also, that it should be changed, exported, or deleted.

So, a quite a few processes that would be implemented into a company in order to comply with these regulations when somebody sends an email and wants to have all the data that you have on them. Now, this obviously, probably brings in more questions for you and how you can specifically put this into place in your business and become GDPR compliant. Unfortunately, like I said at the beginning, GDPR is not a clear-cut, do-or-don’t rule list that you can just apply. It really depends on your business, how big you are, what data you gather, how you process that data, and a host of other factors to become GDPR compliant.

So, now our next video on GDPR, I will let you know the specific steps that I actually took in order to become GDPR compliant with my website, and things that you might need to take care of if you want to make this change for yourself and be up-to-date with the newest rules and regulations. So, stay tuned to see that video. Now, thanks again to James Chiodo who helped me out putting this video together, and you can check out more information about GDPR on his website at I will link up his website down below as well. And if you have any more questions, please leave them in the comments below because I will try to answer them in our next video. And if you haven’t yet, then consider subscribing right over there because we’ll bring you new videos, just like this one, every week. My name is Julian, see you in the next one.


Leave a Comment

4 Comment threads
2 Thread replies
Most reacted comment
Hottest comment thread
5 Comment authors
JulianMalcolm MarcusDaniil MaksimkinBrian P.Ana White Recent comment authors
newest oldest most voted
Malcolm Marcus
Malcolm Marcus

Great stuff, clear and to the point. Will definitely keep an eye out for the next video. Malcolm

Brian P.
Brian P.

Will we need to have users opt in before a google analytics cookie can be enabled?

Daniil Maksimkin
Daniil Maksimkin

What about user ids? Should we asked our members to allows us to collect it?


thanks for your question. I will try to answer it in the next videos.

Right now my understanding is, that there is not specific rule that prohibits User ID tracking. You just need to adequately inform your users on what you are collecting and how you are using that data.

Explicit consent (like the cookie popup you see sometimes) is up to interpretation. Some might say stating it in the privacy policy is enough, some feel safer with a Popup.

(again: this might change as GDPR develops into more best practices and rules)

Ana White
Ana White

Thanks for the info. You suggest using disclaimertemplate services? If yes, do you have any coupons for them?


no, I don’t