General Data Protection Regulation (GDPR) rules are set to go into effect on May 25th. If you do not directly deal with customers in the European Union (EU) then the update is unlikely to affect you. However, this is not to say it will never arrive in Thailand & S E Asia. So for all companies engaged in digital marketing, especially those who use Remarketing and Conversion Tracking you may want to pay attention to the following rule changes.

What Is the GDPR and Who Does it Impact?

The GDPR is a series of new regulations approved by the European Union on April 27th, 2016. These regulations are intended to help protect the privacy and personal data of residents of EU countries.

Along with protecting individuals within the European Union, the GDPR regulates the export of data to other countries, including the United States. This means that even if your business is not located in the EU, you still need to abide the GDPR when targeting consumers in the EU.

Remarketing and targeted marketing use cookies to gather data from Internet users. In the past, these steps were completed in the background without the user being aware of the data collection. Now, websites will need to request permission to gather data. This should impact most businesses, especially those that rely on personal data for gathering insight into consumer behaviour.

Cookie Notification

Data Controllers, Processors, and Subjects

The GDPR defines the roles of the data controllers, processors, and subjects. The data controllers are the organizations that collect data from residents in the EU. The processor is the organization that processes this data while the data subject is the consumer.

Cookies and Remarketing Now Require Consent

If you use Google or Facebook products on your website to gather information, you may need to make a few changes in line with the new rules. Affected products that track on-site actions from your visitors include Google AdWords, Analytics, and Tag Manager as well as the Facebook Pixel.

Tag Assistant example

(You can download the Google Tag Assistant tool to check what tracking is installed on your website)

You may already have noticed that websites are preparing for the GDPR. The most notable change is that websites must now request permission to use cookies and the tracking code used by Google & Facebook products. A simple pop-up with an opt-in form can be added to request the visitor’s consent to collect, share, and use his or her personal data to deliver targeted ads.

In some situations, you must also mention any third parties that will receive the data. When collecting data from children, consent must be given by the child’s parent or custodian. It is always the responsibility of the data controllers to prove that consent was obtained through an opt-in form.

Customer Match and Store Sales Features

Customer Match and Store Sales data do not require consent. These are the two exceptions to the regulations specified in the GDPR for data collection. With Customer Match and Store Sales data, Google is simply processing data that you provide.

When you use Google AdWords, both you and Google are the data controllers while Google is the data processor. You are both liable for ensuring that the collection of data complies with the GDPR. With Customer Match and Store Sales data, you are the sole controller collecting the data.

For those that are not familiar with Customer Match, this feature allows you to upload a CSV file containing personal data. This data is then used to target groups using Google AdWords. However, it is up to you to ensure that the data was properly obtained following the GDPR.

Store Sales is also used for targeted marketing through Google AdWords. It allows you to import data from your own store transactions. As with Customer Match, Google does not need to prove that consent was given to use this data. You are responsible for complying with the GDPR in these situations.

Get Ready for the GDPR Implementation

The GDPR is scheduled to go into effect on May 25th. If you use any of the features or products discussed, you should begin getting ready for the regulations. The deadline is approaching. If you do not comply, you may face steep penalties.

With the threat of hackers and businesses illegally obtaining personal data from websites, the public is becoming more concerned with the protection of their data. Online privacy is a major issue that the European Union is attempting to address with these regulations.

The bottom line is that the GDPR may impact the way you use certain online marketing products, such as Google AdWords and Facebook Advertising. Make sure that you comply with these regulations and pay attention to any changes or amendments to the GDPR.

If you are unsure about whether or not you need to take action on your website, speak to one of our consultants at Phoenix Media on 02 038 5400, or Contact Us through this form.


  • Published on : Monday May 21, 2018

About the author

As the managing partner for Phoenix Media, Rob brings over 10 years’ experience in digital marketing and running successful agencies in the UK, Australia and Thailand. Starting in a sales role he has covered all aspects of the agency from sales and service to technical ad operations. Reach him directly on

Recent blog posts and insights.