The New GRPR Directive: Everything Your Organization Needs to Know

As of May 2018, all EU member countries will be subject to the new General Data Protection Regulation law, or GDPR for short. But just what is the new GDPR directive, and what does it mean for businesses and organizations that are part of the European Union?

What is the new GDPR Directive?

The new GDPR directive was created as an upgrade and replacement of the EU E-Privacy Directive which is currently used by the 28 separate EU member states to resolve issues and apply a standard where each EU member has its own separate email laws.

It will have a direct effect on an organizations marketing strategy where they hold, use or have collected data which is used by the business to contact anyone for commercial purposes, such as newsletters, products or solution updates as examples.

Current data collection techniques employ less transparent methods of acceptance where a visitor must tick boxes or the lack of an “opt-out” button would grant the collector (your organization) permission to contact them or use their data for other commercial purposes should they wish to download any articles, PDF’s or whitepaper from the site they are visiting.

Before your visitor is allowed to download any content they are interested in, they have to provide contact details to provide permission for the collector to use them for commercial purposes such sales, product updates or a subscription to email newsletters.

What changes does the new GDPR Directive involve?

The GDPR policy states that your organization must be 100% transparent about the reasons why you are collecting their contact data and give the user full control over what is collected, how it is collected and what it can be used for.

The principle is that website visitors can then make an informed decision about allowing the data they are providing your organization in return for the content they want to read, being used for something they understand and that they agree to this usage.

The policy also provides the visitor with the right to be forgotten, so that no future contact with website visitors who download your content is permitted. You may feel that there is always an option to “unsubscribe” from email marketing emails and content that this is enough, but many do not enforce this policy, and even after unsubscribing you may still receive sales and offers in your emails that are not wanted.

GDPR effects on email marketing

This will have a direct impact on organizations who use the personal data of any EU citizens and have current or future email subscribers. You may think that once the UK has left the European Union this will allow an exemption from the GDPR Directive, but if your business deals with anyone in the EU following Brexit, you will still have to comply with GDPR regulations.


When your visitors choose to subscribe or tick that all important box, they are currently not 100% sure what they are providing consent for.
Unless the visitor is prepared to do some substantial research read the privacy policy of every website they visit, they may not be aware of what they are signing up for or where their data will end up. Organizations will no longer be able to hide behind “it is in our terms and conditions”, or “it is in our privacy policy” as a defense for noncompliance.

The GDPR Directive is designed to comply with specific, informed and unambiguous consent of the use of your data and what exactly that data will be used for. Your organization will no longer be protected by the assumption that silence from your website visitors grants you permission to send emails to your marketing database.

Permission and the opportunity to say no or opt-out of using the email address for commercial use must also be clearly visible on your website.

What about my organization’s current contact database?

This is another area where you must be prepared to provide resources to review and any email databases you have that are used for commercial purposes will have to be contacted to gain written consent for their continued use along with an op-out choice.

You will have to generate an email marketing campaign to ask existing subscribers to re-subscribe to your marketing emails in a way that complies with the new GDPR Directive.

What happens if someone makes a compliance complaint against my organization?

If you are challenged about your GRPR position, you firstly must provide evidence that the subscriber granted you permission in compliance with the policy. The onus is on your organization to provide and keep evidence to support your claim of permission, and compliance failure could result in penalties of up to 10 million euros.

My organization did not know about the new policy, what can I do?

Unfortunately, this defense will have little leverage, as this policy was passed through the EU in 2016 with a timeline for businesses to prepare for legal compliance after May 2018. Therefore, with a 2-year timeline to make all the arrangements for your organization’s processes to be updated it was felt that this was sufficient time to be compliant before the new law will be enforced.


The new GDPR Directive has been created to acknowledge that much more sensitive data has been produced than ever before, and managing data on a large scale can be risky for organizations if they do not plan out an appropriate strategy to ensure that all contact data and email addresses they collect have given their permission to be contacted. Although it can come across as quite complicated it is in fact relatively straightforward to ensure that GDPR compliance is carried out effectively.

In our next blog about GDPR, we will provide some handy hints and tips for how to prepare for this new Directive and ensure that your organization is compliant with the new regulations before they come into force in May 2018.


About Corinium Digital

Corinium Digital offers digital marketing solutions made possible by our global network of emerging CXO roles. Our speciality is audience acquisition from cross- sector industries & a range of seniority from junior staff all the way to the decision-making C-suite (500,000+ global contacts). We provide multiple platforms to build relationships all year with our truly digital CXO communities. We will improve your lead generation, branding & content/ thought leadership. Advising on industry insights with dedicated editorial staff, online content specialists, digital marketing advisors & UX/ CJM manager, we can help create an integrated, digital strategy to increase your online presence. For more information visit

Written by Lisa Ventura, Content Marketing & Editorial Manager – Corinium Digital.

Comments are closed.

Corinium Global Intelligence is registered in England & Wales, number 08520994. Registered office:
Brook House, School Lane, South Cerney, Cirencester, GL7 5TY.

Share This