In today’s digital world it’s essential to understand what terms like privacy and cookie policy. GDPR mean so you can keep your personal data secure.

There are a lot of terms associated with security and online privacy. All of the pop-up windows we encounter when surfing the web can all seem to blur into one, and—sometimes—we might not even realize what we’re consenting to.

In today’s article, we’ll discuss three internet privacy-related concepts (privacy policy, cookie policy, and GDPR) to help you better understand how changes in online data laws affect the modern marketing experience—for customers and marketers.

The Value of Data

In today’s hyper-connected world, our personal data and the digital footprint we leave are valuable resources for companies. So valuable in fact, that The Economist called it the “world’s most valuable resource”.

Data informs the way companies communicate and market towards their customers. Due to its value, consumers are becoming increasingly aware of how their data is being used—with 92% of digital customers admitting privacy and data security as a concern and 57% reporting that they don’t trust brands with their personal data.

Perhaps even more concerning is the fact that 41% of marketers report not fully understanding how they should use and protect their customers’ data. The clear disconnect between companies and consumers when it comes to data collection and processing resulted in new European data laws being passed to better protect personal data and ensure transparency.

Enter: The GDPR.

Understanding the GDPR

GDPR stands for General Data Protection Regulation, a European law that was passed in May 2018. The goal of the GDPR is to unify data privacy laws throughout Europe to give consumers more control over how their data is stored and processed.

Data can include several determiners like someone’s name, their IP address, cookie identifiers, as well as more sensitive personal data regarding ethnicity, political and religious beliefs, and more.

The GDPR is a consumer-first approach to privacy. It means that all kinds of companies are held accountable for their actions and how they process customer data and they must be transparent about why and how they’re using users’ data. It also gives users more control over which data they allow companies to access and process, and gives them the option to opt-out when they want. If companies don’t comply with the rules established in the GDPR, they can be subject to extensive fines.

Key features of the GDPR

  • Organizations must record and monitor their personal data processing activities, including data handled within the organization and by third parties, or data processors.
  • Consent must be freely given and can be withdrawn whenever the user wants. Furthermore, individuals can request a copy of their data at any time.
  • GDPR requires legal justification or data processing by marketers.

Privacy Policy Vs. Cookie Policy: What’s the Difference?

Short answer: The cookie policy refers specifically to cookies that are stored on your website. The privacy policy, on the other hand, is a document that covers a wider range of topics relating to the processing of data on a website. The cookie policy is usually integrated with the privacy policy and is often considered the most important part for website consumers and businesses to be aware of.

Keep reading for a longer, more detailed explanation.




What are cookies and why do they matter? 

If you don’t already know what cookies are and why they’re important, here’s a quick low-down.

Cookies (not the kind in your biscuit tin) are small data files that are processed and stored on your computer while you’re browsing. By themselves, they’re harmless. But cookies are capable of storing enough data that can be used to identify browsers without their consent. This is what makes them such a controversial topic when it comes to internet privacy.

If you’ve ever been browsing the internet or scrolling through your social media website, and you’ve noticed an advertisement that’s related to something you were researching a few days ago—cookies are likely to blame. Cookies are used by advertisers to track users’ online activity and use that data to target them with specific advertisements.

There are many different types of cookies. Cookies store a huge amount of data which—in certain contexts—can be classified as personal data, meaning they’re subject to the GDPR. The privacy risks associated with cookies mostly stem from third-party marketing cookies, which is why digital marketing professionals have shied away from using third-party cookies in favor of an approach more in line with the inbound marketing methodology.

Cookie policy explained

A cookie policy refers to a declaration that lets users know exactly what cookies are running on your website and what data is tracked. It also details what you use them for and if the data is shared with any third-parties.

The policy should also express how users can opt-out of cookies, usually with a simple check-box, or alter which cookies they’re willing to accept and which ones they’re not in relation to your website.

What is a Privacy Policy?

A privacy policy details how website operators will store and process the personal data of their users. This policy is what lets website users know how their data will be used by a company, as well as how they’re ensuring they meet legal obligations (like GDPR).

How Do They Fit Into the GDPR?

Most countries have established privacy laws that require companies with websites that collect data to have compliant privacy policies in place. Under EU law, there are certain requirements that need to be included in a GDPR privacy policy.  Moreover, it states that privacy policies must be accessible, transparent, and written in plain language to be easily understood by anyone reading them.


As we mentioned in our short answer, the cookie policy is typically included as a section of the privacy policy to let users know what you’re going to do with that data specifically.

However, they can also be a stand-alone section on your website. Whichever way you decide to incorporate your cookie policy, it’s important to remember that it’s a legal requirement under the GDPR.

Digital Marketing and GDPR Compliance

How does staying GDPR compliant affect digital marketing?

The way marketers handle data is completely transformed under the GDPR. The requirement for consent meant direct marketers had to think twice about how they advertised to customers or executed targeted campaigns. When we think about digital marketing, two main activities are impacted by the GDPR: data gathering and targeting.

Data gathering refers to collecting customer data or the purpose of creating customer profiles and keeping track of their choices to use that data to cater to specific customer needs. With this data, marketers can then begin targeting individuals or audience segments via digital channels like email, SMS, or instant messaging.

On a fundamental level, it means that marketers need to have explicit consent from customers to market to them. For many marketers, it changed the way they thought about marketing and encouraged them to adopt new approaches that focused on attaining the customer’s consent through valuable content and targeted communication.

For digital marketers to stay GDPR compliant, it requires them to rethink the way they attain and process customer data. Instead of harvesting as much data as possible from customers, marketers had to focus on quality data only.

This means implementing strong inbound marketing strategies to attract customers with valuable content personalized to their specific customer journey. Inbound is about attracting, nurturing, and converting customers using different types of content that addresses and anticipates their needs. It’s about building long-lasting relationships with customers in which consent is given freely.

Final Thoughts

Staying GDPR compliant isn’t difficult as long as marketers recognize the value of their customers’ data—that starts by making your privacy policy (including cookies!) transparent and accessible.

Marketing tools like Hubspot make it easy to stay GDPR compliant by ensuring marketers are aware of their data responsibilities. Moreover, Hubspot software offers GDPR-compliant features to make executing marketing strategies that little bit easier.

Data privacy rules don’t exist to make marketing more difficult. Data privacy rules exist to enable companies to provide improved customer experiences built on consent and transparency. Customers are more likely to trust a business when they know exactly what their personal data is being used for. When customers trust a business, they’re more likely to stick around.


Want to know more about creating a digital marketing strategy that’s in line with data privacy laws?
We can help. Get in touch today and book a free consultation to find out more!

CTA Free Consultation



social media