Online shopping has inevitably prospered in recent years and has completely changed the retail game by providing consumers with a virtually limitless market and unprecedented convenience.

But this globally connected online marketplace also means online e-commerce retailers are constantly facing unique and sometimes volatile challenges that can have large impacts on various operations of their businesses. Most recently, the EU General Data Protection Regulation (GDPR), a privacy regulation law that is concerned with personal consumer data, is having a major influence on global e-retailer’s digital marketing and advertising services, where hefty fines will be imposed if not compliant.

In case you haven’t heard, the GDPR legislation is concerned with protecting the private data including email addresses, names, IP addresses and more of consumers in the EU. While the law is to be enforced in European nations, inclusive of the UK, the GDPR law ultimately affects all businesses with an establishment and operations in such countries, has EU citizens as customers or monitors the behaviour of EU citizens. Inevitably, many online retailers, including those established within Australia, currently fall into this category by selling their goods or services to European citizens or monitoring their behaviours for remarketing purposes, whether they are aware of it or not.

However, the GDPR explicitly states that by the deadline of May 25, 2018, such business who fall in the categories mentioned previously, must be able to ensure and substantiate the consent by EU citizens to collect their personal data. Businesses who fail to do so, therefore, encounter data breaches and are subject to considerable monetary penalties of up to 20 million euros, or 4% of the company’s global annual turnover – whichever is greater.

Despite the threat of substantial fines, some research suggests that just under half of all businesses are unaware of the laws that could have a huge impact on their business. Even more so, for the businesses that are aware of the imminent regulations, there is much confusion and misconception surrounding the laws. Firstly, it should be made clear that while large multinational corporations are undoubtedly most impacted by such protocols, SME’s are not exempt and should still take the necessary precautions to avoid any data breaches. Some businesses also fail to recognise that the location of their company does not equate to exemption, as many online retailer’s stores allow European citizens to purchase from their sites, or use cookies to track their online behaviours.

So with strict laws surrounding the use of personal data, what are the implications this will have for e-commerce retailers and their digital marketing services? As mentioned, the use of cookies to monitor online behaviour and to remarket is going to be heavily impacted. Experts suggest that no longer simply stating that cookies are in use is sufficient enough, and consumers must actively provide their consent in order to ensure that companies remain compliant and are able to legitimately prove their consent if need be.

Email marketing is another digital advertising effort that will be impacted by the GDPR. In fact, in the retail industry, EDMs have long been cemented as the top digital marketing channel providing the most profitable growth for online stores. Some suggest that GDPR will provide a great shake-up to email marketing, while others argue the regulations are simply further enforcing laws that are already in place in Australia. For example, the Spam Act 2003 (cth) already governs email marketing in Australia by enforcing consent, identification and unsubscribe options, similar to what the GDPR will impose.

While this is true, the Spam Act in Australia only has maximum monetary penalties of $1.8 million AUD, while the GDPR will be enforced on a much grand scale. With this in mind, some researchers suggest that the GDPR will simply ensure that marketers are doing what they’re already meant to be doing, therefore improving the quality and engagement of such communications. Other researchers also suggest retailers should update their current practices, by implementing a “double opt-in approach” to ensure that all leads can be verified.

While traditional digital marketing and advertising services such as remarketing and email marketing are going to be impacted, the personalisation technique to improve such methods is also deemed to take a hit. With engagement a high priority on the marketing agenda, marketers are consistently looking at ways to utilise personal data to make advertisements more relevant and interactive. However, the GDPR law that is soon about to be imposed governs how an individual’s personal data can be utilised, meaning that unless consent is granted to track a user’s online behaviour or gather their personal data, there could be a significant impact on how personalised and potentially relevant and engaging an advertisement may be.

So what can e-retailers do to prepare for the GDPR if they haven’t already? To ensure compliance with the GDPR, e-retailers should first analyse their current data processes. It is important to identify how data is collected, as you may need to verify the particulars involved with this, as well as how data is recorded as this may need to be proved. It is also important to analyse how data is stored to avoid potential breaches, as well as how data can be retrieved as individuals have the right to request access to the data stored about them under the newly formed regulations. Furthermore, retailers need to ensure they’re transparent with their consumers about who they share personal data with (e.g.: third-party verification services), as well as ensure procedures around erasing data are up to date.

The enforcement of the EU GDPR legislation is undoubtedly going to impact online marketing services globally for many online retailers who are accessible in European nations. Even those organisations that are not directly impacted by such laws, all organisation will be indirectly affected as Europe raises the bar surrounding the expectations for privacy protection and usage. With the regulations which are due to take force on May 25, 2018, marketers must ensure that their data processes in relation to their digital marketing efforts are up to date and compliant to avoid significant penalties and potential criticism for a lack of data protection.

At RGC Digital Marketing, we are a full service digital marketing agency based in Sydney, with proven strategies in e-commerce marketing. To find out more about the impact of the GDPR
on your digital marketing, please contact Richard on 1300 770 985 or email