Featured image

Remarketing under GDPR

25 Jun 2018

We like to share news, important updates and fresh blog posts.

Recently, the long-awaited General Data Protection Regulation, more widely known as GDPR, has taken effect.

For those who do not know, the GDPR is a new regulation in EU law on data protection and privacy. It contains requirements for the collection and processing of personal data of the citizens of European Union. 

There are many questions associated with this subject. It is an issue that is more suited for discussion among lawyers then business owners or marketers. And since we are not lawyers but marketers, please remember that the following article is not legal advice.

Should you not be sure about your legal obligations under the GDPR, consult a lawyer.

To make matters more comprehensible, this article will tackle only three questions concerning the use of retargeting ads.

The lucky three questions are:

Who is affected by GDPR?


Even though the question seems quite straightforward, the answer might not be so easy.

The first thing you need to know about the GDPR is that the regulation must be followed by every organization that processes personal data of the European Union citizens.

That means that you don’t need to be based in European Union, you are obligated to comply with the GDPR just by processing personal data of its citizens.

This implies that companies that process personal data of the EU citizens are those that sell to, buy from or otherwise conduct business with the EU citizens.

But here come cookies to mess with the good old logic.

Although cookies are mentioned only once in the GDPR document it turns out they are quite important for the GDPR. 

The EU views personal data as personally identifiable information. In the online world, it may be an IP address or the previously mentioned cookies

Basically, if you use cookies for targeted advertising or retargeting, you collect personal data according to the EU.

So theoretically, the threshold for being affected by the GDPR is not when you start doing business with the EU citizens but when the EU citizens can access your site which is anytime because we live in the Internet era.

Any site that uses cookies for incoming visitors and that is in English or any other official language of the EU is affected by the GDPR.

Whether the EU will enforce the GDPR even on sites that do not conduct business with the EU citizens remains to be seen.

How does GDPR influence remarketing with AdWords?


The GDPR won’t stop your remarketing with AdWords, you don’t need to worry about that. But you should take some steps to be compliant with the GDPR.

To help the advertiser comply with GDPR, Google has rolled out a new user consent policy for business affected by the GDPR.

According to the new consent policy, you must obtain end users’ legally valid consent to:

When seeking consent you must:

And you must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of a Google product. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data. User consent policy

provide end users with clear instructions for revocation of consent.

retain records of consent given by end users; 

the collection, sharing, and use of personal data for personalization of ads.

the use of cookies or other local storage where legally required; 

In other words, you need to ask the visitor for permission before you can use a cookie for marketing purposes. Important thing is that you need that permission before you use the cookie. Therefore, you need to make sure that the visitor gives you the consent before your site sends the cookie to their browser.

You also need to keep some kind of record of the fact that the visitor gave you a consent to use the cookie

Another requirement is to update your privacy policy. Shopify has made steps to update their privacy policy generator, so it helps you create GDPR compliant policies.

The generated privacy policy should also include information about any third parties that might have access to the visitors’ personal data.

Third parties are any apps or platforms that you use for your store and that have access to the personal data.

To review the personal data your apps have access to, complete the following steps:


How does GDPR influence retargeting with Facebook ads?


Facebook has made similar changes to their policies.

Since the Facebook new policies are quite longer than Google’s, pay attention to the following parts that are important to anyone using personalized ads and retargeting.

The EU guidance outlines four main requirements for consent:

Examples of publishers who might need consent:

There are many different ways for publishers to obtain consent. Common approaches:

  • Displaying a prominent message when a page loads for the first time (this is usually called a “cookie banner”) and informing users what action to take to consent.

A retail website that uses cookies to collect information about the products people view on the site in order to target ads to people based on their activity on the site.

Freely given


Given before using cookies or other storage technology to collect information

Specific and based on appropriate information

In other words, the changes are practically identical to the ones on Google. You need to get consent before using cookies for marketing purposes on Facebook.

Yes, to get informed consent from your visitors, you need quite advanced coding knowledge. But luckily for you, there are plenty of app solutions rolling out every day.

To make sure you don’t need to ask consent for every cookie separately, you should list information about all the cookies you use. This way you give the visitor all the necessary information and if they choose to give you consent, it should be valid for any cookies you informed them about.

What to do to comply with the GDPR?


Well, that was quite a tiring amount of information. So let’s go through the steps you should do to make sure your use of personal data for retargeting purposes is fine with the GDPR one more Time.

See? That wasn’t so hard. Now you should be GDPR compliant. If you have any questions, feel free to ask us on our site, FB page or FB group.

Include the information about third parties with access to the visitors’ personal data into your privacy policy.

Update your privacy policy to be consistent with the GDPR.

Get a cookie banner add-on to inform your visitors that your site uses cookies, and give them choice not to accept the cookies that are not necessary to run the page.

Click View details on the app you want to review permissions for.

From your Shopify admin, click Apps.

How does the GDPR influence retargeting with Facebook ads?

How does the GDPR influence remarketing with AdWords?

Who is affected by the GDPR?

Get started within seconds. For free.

Start now

From our blog

Tudo na Moda: How a small businessman made loads of money via Facebook retargeting
Tom Matýšek
03 Oct 2019

Tudo na Moda: How a small businessman made loads of money via Facebook retargeting

We all love getting new clothes. Finding the right piece of outfit that completes your wardrobe feels almost divine. But what to do in a situation where there are so many online stores offering you exactly the pieces you’re looking for? Sérgio Chaves, owner and CEO of Tudo na Moda shop probably asked himself this question at least several times. “What can I do to be different from the others that sell beautiful clothes as well? What can I do to be better?” he wondered while browsing through the Shopify app store. The answer and the solution were rather easy - the best way to get sales is via the ads. Continue reading

CP Addict: With a loyal audience to sky-high ROI
27 Sep 2019

CP Addict: With a loyal audience to sky-high ROI

There are many small or medium businesses that can make things happen because of enthusiasm and hard work but mainly because of well-picked niche and immense knowledge of the field they are working in. The one example above all is the CP Addict company. Continue reading

Let us know