How GDPR affects Australian Marketers

There’s a reason why your inbox is full of emails about updated privacy policies.

Europe’s new data protection laws, called GDPR, comes into effect on 25 May.

The General Data Protection Regulation, or GDPR, aims to protect European user data via new rules and policies on the collection, storage, and use of personal data. It also outlines the rights of individuals to protect, access, and modify their own data, including a newer clause called “Right to be Forgotten”.

The fines for non-compliance are stiff: from the 25 May, the penalty for breaches can reach up to 20 million euro or 4% of a company’s annual global turnover.

So, the 20 million euro question is…

Does the GDPR apply to Australian businesses?

It depends.

Businesses that offer goods or services to customers in the European Union (EU) need to be GDPR-compliantfor European user dataregardless of where the business is based.

According to the Australian Government, “Australian businesses with an establishment in the EU, or that offer goods and services in the EU, or that monitor the behaviour of individuals in the EU may need to comply.”

Even more specifically…

“Australian businesses that may be covered include:

  • an Australian business with an office in the EU;
  • an Australian business whose website enables EU customers to order goods or services in a European language (other than English) or enables payment in euros;
  • an Australian business whose website mentions customers or users in the EU;
  • an Australian business that tracks individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.”

If you’re unsure of your eligibility and obligations under GDPR, we recommend getting legal advice.

What are the key elements of the new regulations?

In case you don’t want to wade into the 150-page, 54,328-word document here’s a quick summary of key elements that impact marketers.

  • Businesses must collect users’ consent to receive communication about marketing, or any other communication that is not related to their original enquiry. The new requirements state that “pre-ticked boxes or inactivity should not therefore constitute consent” (which is in line with the Australian SPAM laws already on the books).
  • Businesses must make it easy for users to see what consent they have given, withdraw it, and register an objection.
  • Businesses need to tell users if cookies are being used to track them, and if so, they must consent to their use.
  • Users have the right to request for their personal data to be permanently deleted in a timely manner.
  • Users have the right to request a copy of their personal data.
  • Users have the right to request to update any of their personal details if they are inaccurate or incomplete.
  • Businesses must ensure that sensitive customer data is protected by up-to-date and effective security practices.
  • Businesses must report data breaches to proper authorities within 72 hours.

That all sounds complex. What’s actually going to change?

Great question.

When I recently spoke to the CEO of an international marketing platform, they admitted there’s still a ton of uncertainty about what this means for Australian marketers.

Because the new requirements apply to all data previously collected, it means companies will need to re-opt in all EU users if their data was captured in a non-GDPR way. Ouch. That could completely change the way companies use their current email marketing list.

Here are a few predictions for what GDPR means:

I believe we’ll see the European Commission going after the largest companies with the most egregious privacy violations. In the context of Cambridge Analytica, this is a good thing.

We’ll likely see global companies rethinking what data they need to capture. Perhaps we’ll say goodbye to the wild west days when brands and analytics platforms captured every single data point possible, with the hopes of crunching it into something useful later.

We’ll likely see better practices in user privacy, email opt-in, and data-management across countries and industries. Just as the 2003 American CAN-SPAM Act has become “best practice” over time (for example, including the sender’s address in marketing emails), we’ll ultimately build better practices around marketing consent and opt-ins.

The “right to be forgotten” means that marketing platforms will add in the option for companies to more easily process the removal of individual’s data from 3rd party platforms, which is a good thing.

Overall, I think the biggest change will be for email list growth and lead generation. Marketers working in the GDPR context will face a larger hurdle in building email and customer databases and will be forced to introduce clearer hurdles to opt-in processes. This is ultimately good for customers and their inboxes, but bad for companies that depended on growing their email list for sales.

As this is the largest privacy changes in the online era, it remains to be seen how this changes marketing outside of the EU.

If you’re terrified of the changes coming into effect on May 25, one option is to simply block all traffic coming from the EU.

Sort of joking… sort of not.

About Us

Hi, we’re ntegrity, an award winning digital agency in Melbourne, Australia. We specialise in digital strategy, digital marketing, and training, and aim to operate as an extension of your team.

You can read more about our story and team or explore what we offer.

These are the 3 areas to invest in for post-COVID digital success

COVID-19 has sparked global digital disruption—are you ready for a new future? The clearest outplay from COVID-19 is the seismic…

How to build a customer journey map to target your strategy

As any leader of an impact-led organisation can tell you, there can be an overwhelming number of customer touchpoints –…

8 emerging digital marketing trends in 2020 for not-for-profits

The global pandemic has meant 2020 is far from ‘business as usual’. The behaviours of everyday people have changed. In…

What we’ve learned from 115 days of live broadcasts

When COVID first hit, not-for-profits were thrown into the deep end. The ntegrity team wanted to help, but social distancing…

How to create compelling videos for your NFP (even while social distancing)

In the time of social distancing and lockdown measures, more than ever, video is queen. 7 million Aussies watched YouTube…

How to use empathy maps to think like your donors

Connecting with donors is as important as ever in our digitally-connected world. 76% of consumers now expect companies to understand…


Acquisition Campaign

An award-winning acquisition campaign that increased leads by 42%

WISE Employment is a leading disability employment services provider. Yet when their main referral source stopped providing them with leads, they partnered with us to develop a digital strategy and help execute the campaign to attract job seekers and employers, and fast.

View Case Study
As seen in