How marketers can comply with data privacy laws without losing personalization in their surveys

As more and more of our lives move into the digital sphere, data security and privacy have become an increasing concern both on a societal and governmental level. 

Indeed, with the growing prevalence of regulations like the EU’s GDPR around the world, collecting data is quickly becoming a treacherous endeavor. 

However, while tighter regulations do make it harder to cast a wide net and collect a huge amount of data from your audience, these restrictions need not dampen the efficacy of your marketing efforts. In fact, limitations can often breed creativity by forcing you to focus your efforts in unexpected areas and come up with new solutions that you would never have thought of otherwise. It’s an old trick that artists have been using for centuries, and marketers should take note.

For example, in a world where personal data is heavily guarded, marketers can use quizzes and assessments to entice consumers to provide their data consensually. By offering an immediate benefit and satisfying the consumer’s curiosity, these creative marketing strategies can have fantastic results. 

privacy policy survey

Interestingly, in a recent survey of digital skills, 78% of respondents reported that marketing literacy in their organization is intermediate or below. That leaves lots of room for upskilling.

So, taking into account the aforementioned facts, we’ll discuss how to color within the lines of the newest regulations while still maintaining an effective marketing campaign. We’ll go over the obstacles that marketers face, how you can parse your data, how you should collect it, and how you can make it easier to obtain. 

Working with the growing public awareness of data security

The landscape of data security has changed rapidly over the last 20 years. While data privacy was hardly a blip on the radar of most people back in the year 2000, it’s hard to read more than a couple of articles about technology without hearing about it nowadays.

While improved data protection is undoubtedly a good thing for consumers, regulations like the GDPR have had a significant negative financial impact on marketing businesses, threatening to destroy a vital piece of their business models. As governments and consumers become more aware of the issues surrounding data privacy, it is becoming harder to run the same personalized and targeted campaigns that were once commonplace.


Indeed, failure to abide by data laws can not only result with you on the wrong side of the law, but on the bad side of public opinion as well. In today’s age, keeping up-to-date with 
data security best practices is vital to maintaining an excellent reputation for your business.

In a recent Pew Research study, 79% of respondents reported that they are somewhat or very concerned about how companies are using their data. Similarly, in Cisco’s 2020 Consumer Privacy Survey, 84% of respondents noted that they care about how their data is being used. These numbers, along with growing legal pressure, make it clear that data protection can no longer be relegated to an afterthought, but must be baked into businesses at their cores.

Take stock of the data you have already

The first step when making any sort of plan for the future is always to look at where you stand currently. Namely, you should start by looking into how you store your data: is it secure and encrypted? What sorts of security vulnerabilities can you anticipate?

Furthermore, are you at risk of losing all your data to a server crash? In addition to making sure you have proper security protocols in place, it’s also vital that you have a sufficient data backup, lest you need to recollect all your valuable data thanks to a disk failure. 

Once you’ve assessed your infrastructure and considered the cost of observability for continuous monitoring, you should take a look at the actual data. For example, you may have domains, email addresses, names, birthdates, and other personal information. As regulations change, some of this data may no longer be  held legally. 

Because of this, you should make a personal data inventory and evaluate whether you have collected the data in a way that complies with all current regulations. If you have not, that data should be deleted. 

Be selective with the data you collect

The long and short of the new regulations is that marketers can no longer simply collect consumer data willy-nilly. Instead, they must be purposeful and exacting about what they’re looking for: they now need to hunt for leads with a rifle, not a shotgun. 

In short, marketers must now go for quality over quantity. While the amount of data they can collect will be significantly reduced, it’s still possible to obtain a great deal of meaningful, pointed data. Doing so, however, will require a more considerable amount of upfront strategy than before. Marketers will need to formulate a clear plan of what data is most important to their efforts and focus on that.

digital marketing process

The process of determining the most critical data can be tough and will vary from industry to industry. Throughout this endeavor, the guiding question should be, “why do I need this data?” If there is no clear answer that comes to mind, those data points are unlikely to be vital to your continued marketing efforts.

While this can seem limiting, it is also an opportunity for strategic reflection. Many marketers have never clearly defined the reasoning behind their data collection. By being very deliberate about what sorts of data you collect, you may end up with less data, but more useful data. Sometimes, reducing the noise in the information you have is more important than gaining more information.

Improve transparency to gain consent

While data privacy regulations do allow for the collection of data without the express consent of the subject, the easiest way to ensure that you steer clear of any public or legal backlash is to gain express consent. And the easiest way to do that is to sell your audience on providing their data for their benefit. 

While data collection largely has a negative connotation, consumers are more eager than ever to provide their most intimate personal data as long as they believe it will directly benefit them. Self-tracking is rising in popularity, be it wearables that track your body’s vitals, apps that track menstrual cycles, or software that tracks how long you spend on different websites. 

This trend demonstrates that the roadblock isn’t that consumers no longer want to provide data, but that they are uncomfortable providing data when they don’t know what it will be used for. If you can sell your audience on the idea that providing their data will be just as valuable to them as a fitness tracking app, you’ll be able to collect the data without issue. 


It’s no secret that almost all the credible email marketing services allow marketers to segment their lists into different categories so that they can send more relevant communications to their subscribers. By telling your audience that their data will give them more relevant content and less spam, you’re more likely to receive their consent.  

Beyond proving that data collection will be a benefit to the consumer, it’s equally important to be transparent about how that data will be stored. Even if an individual is interested in providing their data, they may become hesitant if they don’t believe that data will be secure. For this reason, investing in a secure data storage infrastructure is essential for any business. 

The bottom line

Data collection is essential to a host of marketing processes ranging from assessing the maturity of leads to serving up the right advertisements on social media. While increasing public and governmental scrutiny can seem scary and restrictive, it doesn’t have to be. 

Smart marketers and businesses will be able to view these limitations as a breeding ground for new creative practices that can bring their efforts to new levels. 

As more and more of our lives move into the digital sphere, data security and privacy have become an increasing concern both on a societal and governmental level. 

Indeed, with the growing prevalence of regulations like the EU’s GDPR around the world, collecting data is quickly becoming a treacherous endeavor. 

However, while tighter regulations do make it harder to cast a wide net and collect a huge amount of data from your audience, these restrictions need not dampen the efficacy of your marketing efforts. In fact, limitations can often breed creativity by forcing you to focus your efforts in unexpected areas and come up with new solutions that you would never have thought of otherwise. It’s an old trick that artists have been using for centuries, and marketers should take note.

For example, in a world where personal data is heavily guarded, marketers can use quizzes and assessments to entice consumers to provide their data consensually. By offering an immediate benefit and satisfying the consumer’s curiosity, these creative marketing strategies can have fantastic results. 

privacy policy survey

Interestingly, in a recent survey of digital skills, 78% of respondents reported that marketing literacy in their organization is intermediate or below. That leaves lots of room for upskilling.

So, taking into account the aforementioned facts, we’ll discuss how to color within the lines of the newest regulations while still maintaining an effective marketing campaign. We’ll go over the obstacles that marketers face, how you can parse your data, how you should collect it, and how you can make it easier to obtain. 

Working with the growing public awareness of data security

The landscape of data security has changed rapidly over the last 20 years. While data privacy was hardly a blip on the radar of most people back in the year 2000, it’s hard to read more than a couple of articles about technology without hearing about it nowadays.

While improved data protection is undoubtedly a good thing for consumers, regulations like the GDPR have had a significant negative financial impact on marketing businesses, threatening to destroy a vital piece of their business models. As governments and consumers become more aware of the issues surrounding data privacy, it is becoming harder to run the same personalized and targeted campaigns that were once commonplace.


Indeed, failure to abide by data laws can not only result with you on the wrong side of the law, but on the bad side of public opinion as well. In today’s age, keeping up-to-date with 
data security best practices is vital to maintaining an excellent reputation for your business.

In a recent Pew Research study, 79% of respondents reported that they are somewhat or very concerned about how companies are using their data. Similarly, in Cisco’s 2020 Consumer Privacy Survey, 84% of respondents noted that they care about how their data is being used. These numbers, along with growing legal pressure, make it clear that data protection can no longer be relegated to an afterthought, but must be baked into businesses at their cores.

Take stock of the data you have already

The first step when making any sort of plan for the future is always to look at where you stand currently. Namely, you should start by looking into how you store your data: is it secure and encrypted? What sorts of security vulnerabilities can you anticipate?

Furthermore, are you at risk of losing all your data to a server crash? In addition to making sure you have proper security protocols in place, it’s also vital that you have a sufficient data backup, lest you need to recollect all your valuable data thanks to a disk failure. 

Once you’ve assessed your infrastructure and considered the cost of observability for continuous monitoring, you should take a look at the actual data. For example, you may have domains, email addresses, names, birthdates, and other personal information. As regulations change, some of this data may no longer be  held legally. 

Because of this, you should make a personal data inventory and evaluate whether you have collected the data in a way that complies with all current regulations. If you have not, that data should be deleted. 

Be selective with the data you collect

The long and short of the new regulations is that marketers can no longer simply collect consumer data willy-nilly. Instead, they must be purposeful and exacting about what they’re looking for: they now need to hunt for leads with a rifle, not a shotgun. 

In short, marketers must now go for quality over quantity. While the amount of data they can collect will be significantly reduced, it’s still possible to obtain a great deal of meaningful, pointed data. Doing so, however, will require a more considerable amount of upfront strategy than before. Marketers will need to formulate a clear plan of what data is most important to their efforts and focus on that.

digital marketing process

The process of determining the most critical data can be tough and will vary from industry to industry. Throughout this endeavor, the guiding question should be, “why do I need this data?” If there is no clear answer that comes to mind, those data points are unlikely to be vital to your continued marketing efforts.

While this can seem limiting, it is also an opportunity for strategic reflection. Many marketers have never clearly defined the reasoning behind their data collection. By being very deliberate about what sorts of data you collect, you may end up with less data, but more useful data. Sometimes, reducing the noise in the information you have is more important than gaining more information.

Improve transparency to gain consent

While data privacy regulations do allow for the collection of data without the express consent of the subject, the easiest way to ensure that you steer clear of any public or legal backlash is to gain express consent. And the easiest way to do that is to sell your audience on providing their data for their benefit. 

While data collection largely has a negative connotation, consumers are more eager than ever to provide their most intimate personal data as long as they believe it will directly benefit them. Self-tracking is rising in popularity, be it wearables that track your body’s vitals, apps that track menstrual cycles, or software that tracks how long you spend on different websites. 

This trend demonstrates that the roadblock isn’t that consumers no longer want to provide data, but that they are uncomfortable providing data when they don’t know what it will be used for. If you can sell your audience on the idea that providing their data will be just as valuable to them as a fitness tracking app, you’ll be able to collect the data without issue. 


It’s no secret that almost all the credible email marketing services allow marketers to segment their lists into different categories so that they can send more relevant communications to their subscribers. By telling your audience that their data will give them more relevant content and less spam, you’re more likely to receive their consent.  

Beyond proving that data collection will be a benefit to the consumer, it’s equally important to be transparent about how that data will be stored. Even if an individual is interested in providing their data, they may become hesitant if they don’t believe that data will be secure. For this reason, investing in a secure data storage infrastructure is essential for any business. 

The bottom line

Data collection is essential to a host of marketing processes ranging from assessing the maturity of leads to serving up the right advertisements on social media. While increasing public and governmental scrutiny can seem scary and restrictive, it doesn’t have to be. 

Smart marketers and businesses will be able to view these limitations as a breeding ground for new creative practices that can bring their efforts to new levels. 

Create your
own assessment
for free!

Create your
own assessment
for free!

About the author:
Nahla Davies

Nahla Davies

Nahla's worked on large scale enterprise projects and built compliance teams at multiple Fortune 500 companies. Previously - Digital Compliance @ Netflix. She likes talking about SaaS, tech, B2B marketing, cybersecurity and technical writing.
Want to know more?
Subscribe to our newsletter and get hand-picked articles directly to your inbox