Skip to main content
Digitisation in medium-sized businesses

Successful online marketing in accordance with the GDPR?

By 26. March 2024No Comments9 min read
Richter-Hammer und Paragraph

Online marketing and GDPR: A successful symbiosis?

The question of whether online marketing and GDPR are compatible with each other was a concern for many when the General Data Protection Regulation was introduced. Today the clear answer is: Yes. 

Important aspects in marketing in the context of the GDPR

To provide an overview of which aspects of online marketing need to be taken into account with regard to the GDPR, we have summarized some key points. This includes website cookies, email marketing and the statistics tool Google Analytics. 

Website cookies: Clear transparency and user consent

Visitors to a website must be actively asked via a cookie notice which cookies may be activated. These can be divided into essential and third-party cookies. Essential cookies that are necessary for website operation do not require consent, while third-party cookies, for example for statistical tracking or remarketing, require the user’s explicit consent. After consent, the user should have the opportunity to view and revoke cookies at any time. 

It is important that the designed buttons in the cookie notice must not have a different visual presentation. The look should be neutral and uniform so as not to push or influence the user in a certain direction. This ensures a fair and transparent decision by the user regarding cookie use. 

Opt-in and opt-out in email marketing: Transparent communication with customers

In email marketing there is a double opt-in -Procedure crucial. Users who subscribe to the email list must give their consent in a separate confirmation email. At the same time, an opt-out solution must be present in every email sent so that users can unsubscribe at any time. 

Statistics tool Google Analytics: Data protection-compliant tracking

The integration of Google Analytics to evaluate visitor numbers requires obtaining the visitor’s consent. It is crucial to ensure that users are transparently informed about which data processing they should consent to. Clear and understandable explanations about the purpose and type of data collected contribute to an informed decision. 

In addition, when integrating Google Analytics, care should be taken to anonymize personal data, especially the IP address. The complete anonymization of the IP address ensures that no direct conclusions can be drawn about individual users. This is not only a good data protection practice, but also in line with the principles of the GDPR, which emphasize the protection of personal data. 

Those responsible for the website should ensure that the data protection declaration contains comprehensive information about the analysis tools used. This also includes showing how IP addresses are anonymized and what measures have been taken to protect the privacy of users. Only through transparent communication and responsible implementation can the integration of analysis tools such as Google Analytics be carried out in a data protection-compliant manner. 

Other third parties: Comprehensive cookie confirmation

Other third-party providers such as Google Maps, OpenStreetMap, Twitter, Vimeo, YouTube and Google AdSense also require the website visitor’s consent for each cookie set.

GDPR-compliant online marketing: Important factors

Anyone who is active in online marketing must take certain factors into account and check within the framework of the GDPR and the expected ePrivacy regulation: 

  • Consent (opt-in): The user must actively consent to the processing of their data on the website and in the e -Agree to email marketing. 
  • Objection (Opt-Out):The user must have the opportunity to revoke their consent at any time.</ span> 
  • Transparenz: Die Verarbeitung personenbezogener Daten muss transparent sein, nachvollziehbar in der Datenschutzerklärung dokumentiert. 
  • Anonymization: Personal data shared with third parties must be anonymized.
  • Cookie notice: Every website visitor must be informed about the use of cookies and must explicitly agree to them. 
  • Order data processing (ADV):An ADV contract is necessary when data is transferred to third parties. 
  • List of processes: A list of processing processes serves as proof for the authorities. 

Concrete examples of the successful implementation of the GDPR

A variety of companies have successfully found ways to conduct GDPR-compliant online marketing while achieving their marketing goals.


One such example is the German e-commerce company “FashionForward,” which specializes in selling women’s clothing.

Following the introduction of GDPR, FashionForward implemented a transparent and privacy-friendly marketing strategy based on customer understanding and consent. The company began providing its customers with clear information about how their data is collected, stored and used, and asked for explicit consent for any type of data processing.

By implementing a transparent cookie notice on the website, FashionForward allowed visitors to choose exactly which types of cookies they would like to allow. This not only led to higher GDPR compliance, but also increased customer trust in the brand.


Another example is the software company “TechSolutions,” which specializes in developing productivity and communication tools for small businesses. TechSolutions used the introduction of GDPR as an opportunity to improve its data protection practices and gain a competitive advantage.

The company conducted training for its marketing team to ensure all employees have a deep understanding of GDPR requirements and how to integrate them into their marketing activities. In addition, TechSolutions invested in implementing data protection management software to facilitate GDPR compliance and ensure that all processes and data processing activities comply with legal requirements.

These examples show that it is possible to conduct GDPR-compliant online marketing without losing sight of your marketing goals. Through transparency, consent and training, companies can increase customer trust while meeting GDPR requirements.

International data protection landscape

A comparison of data protection laws worldwide

Europe (GDPR): The General Data Protection Regulation (GDPR) has set an international benchmark for data protection. It requires companies not only to be transparent and accountable in their handling of personal data, but also to adhere to strict regulations on data processing, data protection measures and data breach notification. GDPR has also helped increase awareness of privacy and give consumers more control over their data.

USA (California Consumer Privacy Act – CCPA): The CCPA in California, modeled on European data protection law, gives consumers more control over their personal data. It requires companies to disclose their data protection practices and to give consumers the opportunity to view, change or have their data deleted. The CCPA has also provided impetus for federal data protection laws in the USA and shows that data protection is also becoming more important outside Europe.

Asia (Japan, South Korea): Both Japan and South Korea have strict data protection laws that are similar to European standards. In Japan, the “Act on the Protection of Personal Information” regulates the handling of personal data, while in South Korea the “Personal Information Protection Act” applies. These laws require companies to take data protection measures similar to those of the GDPR and set high standards for protecting personal data.

Latin America (LGPD in Brazil): Brazil has passed the LGPD (Lei Geral de Proteção de Dados), a data protection law that is similar to European data protection law. The LGPD regulates the handling of personal data and requires companies to provide transparent information about their data processing practices and to give consumers control over their data. The LGPD is an important step for data protection in Latin America and demonstrates the global movement towards increased protection of personal data.

Why it is important to keep an eye on international data protection regulations

Adaptability and Global Business: In an increasingly globalized world where companies operate internationally, it is essential to understand the data protection laws of different countries and adapt accordingly. This not only ensures legal compliance, but also strengthens the trust of customers and partners worldwide.

Risk reduction and reputation management: By complying with international data protection standards, companies can minimize potential legal risks and strengthen their reputation management. Data breaches can cause significant financial and reputational damage. Proactively adapting to different data protection laws reduces this risk.

Innovation and Competitiveness: A thorough knowledge of data protection laws in different countries can help companies develop innovative data protection solutions and increase their competitiveness. By taking international data protection standards into account, companies can adapt their products and services to global customer needs and open up new markets.

Conclusion: Successful online -Marketing in the age of GDPR

The introduction of the GDPR has presented online marketing with new challenges, but with the necessary attention and willingness to adapt, companies can successfully overcome them. By adhering to data protection standards, they can not only meet legal requirements, but also strengthen the trust of their customers. Solid preparation for the upcoming ePrivacy regulation is possible with comparatively little effort and ensures the long-term competitiveness of companies.

What are the main changes brought about by the GDPR in the area of online marketing?

The GDPR has tightened the requirements for handling personal data and requires transparent communication and active consent from users.

What role do website cookies play in the context of the GDPR?

Website cookies require clear transparency and user consent in accordance with the GDPR. Users must be informed about the type of cookies and have the opportunity to give or withdraw their consent.

How can a company conduct data protection-compliant email marketing?

The double opt-in procedure is crucial for data protection-compliant email marketing. Companies must obtain users’ consent and at the same time offer them the opportunity to opt out.

Why is it important to find out about international data protection regulations?

Companies operating internationally must understand and adapt to the data protection laws of different countries to minimize legal risks, strengthen reputation management and increase competitiveness.


Author Lea

Leas umfangreiche Praxiserfahrung bereichert unser Team mit neuen Perspektiven und innovativen Methoden, insbesondere in den Fachgebieten SEO, Website-Analyse und Einhaltung der DSGVO. Ihr Studium als Wirtschaftsinformatikerin ermöglicht es ihr, eine Brücke zwischen technischen Lösungen und wirtschaftlichen Anforderungen zu schlagen – eine Kombination, die bei der Betreuung unserer mittelständischen Kunden von entscheidender Bedeutung ist. Diese spezialisierten Kenntnisse sind fundamental, um unsere digitalen Vorhaben voranzutreiben.

More posts by Lea