Led by growing privacy concerns, the digital landscape has changed a lot over the past few years. From new privacy regulations to shifting consumer habits, marketing teams have to adapt to new practices, and leave behind the non-compliant data collection practices from the 2010s. But in a world that seems to be constantly changing, knowing where to start can feel overwhelming.


In this article, we will break down everything you need to know about consent marketing, starting with the recent history around privacy regulations in Europe, and why they are important for marketers globally. We will then present how to manage consent, and provide a clear checklist of actions you can implement today to make consent a cornerstone of your marketing strategies.


Summary : 



What is GDPR and how does it impact marketing?


If you’ve been anywhere near the internet in the past couple of years, you’ve probably heard about the General Data Protection Regulation (GDPR). Launched in 2016 and implemented in 2018, the GDPR is a regulation focusing on creating a set of data privacy laws across the European Union (EU). 


The GDPR created protocols for organizations handling personal information and established new definitions for personal data, consent, accountability, and all parts of processing data. Internet users around the world have been exposed to these changes because since 2018, any website that gets EU visitors and processes personal data (or works with a third-party service that does) must comply with the GDPR. 


Part of complying means asking each user for permission to access and use their data, hence the rise of cookie banners all around the internet. 


From a user's perspective, the GDPR helps internet users to:


  • Understand exactly how organizations use their data 

  • Make informed decisions whether to share their data or not 

  • Learn how to raise a data privacy complaint


What does it mean for marketing teams?


The GDPR redefines the ways you can obtain and process user data for your marketing campaigns. Essentially, the so-called “data-driven” days of marketing -recklessly purchasing lists, collecting non-compliant data and sending unrequested communications- are no more. 


And that’s a good thing, because it puts consumers in the driving seat of their data. 


This doesn’t mean that marketers won’t be able to rely as much on data, but that the focus should shift from quantity to quality, relying on first-and zero-party data. How can companies get their hands on that data in a compliant way? This is where consent marketing comes in.


Access the checklist


Consent marketing is a set of practices revolving around obtaining and catering to users' consent. At its core, it aims at ensuring only consumers that have actively expressed their interest and given their consent are contacted, allowing marketing teams to provide a higher level of engagement and personalization.   


“The information a customer intentionally and proactively shares with a company is the most valuable data you can get your hands on."

Romain Gauthier, CEO, Didomi (source)


How to manage your consent marketing efforts?


How are you supposed to actually manage and organize your consent collection practices? The first thing to keep in mind is that there are some distinctions between B2B and B2C practices.


Consent marketing in B2B

In Recital 40, the GDPR defines lawful data processing as follows:


“In order for processing to be lawful, personal data should be processed on the basis of the consent of the data subject concerned or some other legitimate basis”.


However, the notion of legitimate interest differs slightly in B2B and B2C.


Companies are considered as “corporate subscribers''. Since employees are representing the legal entity that is their company, no prior consent is needed for data processing or prospecting to email addresses such as first-name.last-name@company.com for example.


That doesn’t mean you can send a cold email to just anyone at any given company. A few rules must be met: 


First, you should have a valid reason to claim that the company you’re targeting can benefit from your offer, and that your communication is connected to the business context of the recipient’s role. For example, you shouldn’t contact the accountant at an insurance company to promote a social media scheduling software.


Additionally, you need to inform the email recipient what personal data you’re processing, for what purpose, and how they can remove themselves from your mailing list, or update their data. Providing everyone with an option to unsubscribe is a practice all marketers should be aware of by now.


Finally, the data should not be processed for a longer period of time than necessary. 


If all these conditions are met, B2B contacts can be contacted without prior consent on the basis of legitimate interest, but keep in mind that local regulations might add another layer to this topic. Always do your research!


Learn more about permission marketing


How do I collect and manage user consent?

As a marketer, you can collect consent using various methods, as long as you meet GDPR standards. To obtain consent, your users need to actively opt-in, for example by:


  • Ticking an opt-in box

  • Clicking an opt-in button

  • Volunteering optional information for a specific purpose (filling optional fields in a form to download a whitepaper for example)

  • Selecting from a yes-no option

  • Responding positively to an email requesting consent


The important thing to remember is that you cannot rely on inactivity, pre-ticked boxes or default settings. Consent needs to be freely given, specific, informed, unambiguous, and it can be revoked.


To facilitate the process, you can implement a Consent Management Platform, which will provide the technological infrastructure to store, update and prove consent.


5 tips for a GDPR-compliant marketing strategy


We’ve put together 5 simple tips to get started with a GDPR-friendly marketing strategy:


1. Run an audit of your current contact list

How compliant have your data collection practices been in the past? Go over your email list and make sure subscribers have explicitly opted-in to receive communication from you. In doubt, you’ll need to request explicit consent from subscribers who got automatically opted-in (from a pre-ticked opt-in box for example). 


2. Audit your personal data collection practices

To avoid having to go through the previous point again (and receiving a hefty fine), make sure to review the way you’re collecting data throughout your current marketing efforts. Start with all forms, emails, landing pages and of course your website.


3. Include an unsubscribe option in all your marketing materials

If that isn’t already the case, you need to ensure that users can opt-out at any time from any communications they receive from you, and not just with emails:Offering the option to unsubscribe or opt-out is also essential under the GDPR. 


4. Educate your team 

For a lot of marketing professionals, adopting a privacy first approach requires a profound change. Make sure everyone is aligned and understands that consent marketing is the new way of doing things, and an opportunity to lead the way in your industry.


5. Invest in consent and preference management solutions

One of the most significant steps you can take to ensure your consent practices are up to par with regulations is to implement consent and preference management solutions into your tech stack. 




A Consent Management Platform (CMP) is a platform used by companies to request, receive and store users’ consent. It allows organizations to store a list of preferred vendors as well as the purposes behind the collection of users’ information, and to update collected consents automatically.


On the other hand, a Preference Management Platform (PMP) helps marketing teams go beyond a binary opt-in/opt-out communication strategy. It allows users to tailor which communications they want to receive, based on their interests and habits. In turn, marketers are able to understand them better, and can create improved, personalized marketing campaigns accordingly.


Implementing a CMP and a PMP will not only allow you to comply with GDPR and other regulations in terms of data processing and handling, but it will also help turn compliance into a marketing opportunity. 


From customizing your cookie banner to collecting preference data directly from your users, it will allow you to adopt a privacy-first approach, and to place consent at the core of your marketing efforts.


You’re now ready to embrace a new, more compliant approach to marketing. Instead of approaching these changes and regulations as a negative, think of it as an opportunity to provide better, more targeted marketing campaigns to your customers, and to build a relationship based on trust.


GDPR was only the beginning. From the LGPD in Brazil to the PIPL in China and the CCPA in California, regulations will continue to arise globally. Smart companies and marketing teams will need to adapt accordingly. 




Gartner predicts that by the end of 2024, over 80% of companies around the world will be impacted by at least one data privacy regulation. The world is changing, and your marketing team doesn't want to miss that train. 


Book a call with an expert to learn how Didomi can help:


  Request a demo