DMA: Data and Marketing Association
Consumer Help

GDPR Compliance

The aim of the European General Data Protection Regulation (GDPR) is to update the national data protection laws in Europe since the 1995 Directive was established. However, GDPR is stricter and more wide-reaching than the 1995 Directive. Many applaud its goal to provide more transparency, choice and enforcement of personal data; however, some of its requirements are far-reaching and complex and will impact all organizations who deal with EU residents’ personal data. We have outlined some key provisions below for marketers to begin the process of coming into compliance.

This guidance should not be construed as legal advice; it is being provided for informational purposes only. Please consult with your legal counsel for application to your business practices to ensure that your program is meeting appropriate legal requirements.

View DMA's Recent GDPR Webinar


EU adopts sweeping data privacy legislation called the European Union Data Protection Directive.


The European Commission (EC) formally unveils a proposed General Data Protection Regulation (GDPR), aimed at replacing the 1995 Directive in its entirety.

December 2015

European negotiators finalize the proposed GDPR language

April 2016

The European Parliament approves GDPR, concluding the legislative phase of adopting the regulation, and commencing a two-year transition period before the regulation takes effect.

May 25, 2018

Enforcement of GDPR begins

Who/What is Covered by GDPR?

What types of marketing are covered?
Postal, email and Interest-based advertising (IBA)

If you answer yes to any of the questions below then you are covered under GDPR:

  1. Do you process or “control” EU residents’ personal data?
  2. Do you offer goods or services in EU? (It is not a requirement for you to collect money directly from EU individuals to qualify.)
  3. Do you monitor the behavior of EU residents?

Key Notes:

  • Monitoring behavior can include online tracking methods from apps and websites.
  • Increase in territorial scope — regardless of the company’s location, any company processing EU residents’, consumers’, businesses’ or employees’ data (anyone physically residing in the EU or any data collected or processed in the EU) falls under GDPR. Non-EU businesses processing the data of EU citizens will also have to appoint a representative in the EU.
  • Liability for due diligence covers both data controllers and processors.

For additional information on the provisions, enforcement and resources, please log in below.

Thank You For Reading. To continue,

Don't Stop Now. Become A DMA Member!

This content is limited to DMA Members. Become a member to get full access to all of our resources!

Learn More

Already a DMA Member?

DMA provides a variety of compliance resources to help marketer's use data responsibly.
View Compliance Resources