Sell more with better email & SMS

Get ecommerce-focused email & SMS marketing that makes it easier to grow your brand, get sales & build better relationships.

Start free

Drive sales on autopilot with ecommerce-focused features

See Features

[GDPR Video] All about the GDPR & Cookies, Pixels, Retargeting & Vendors

Reading Time: 4 minutes

Make sure cookies, pixels, and vendors are GDPR-ready with these important tips from Jodi Daniels, Privacy Consultant at Red Clover Advisors.

You can watch her talking about the most important things you need to know about being GDPR-compliant.

You can also read along as she explains it to you.

All about Cookies, Pixels, Retargeting & Vendors

The wonderful Jodi Daniels from Red Clover Advisors is here to talk to you about making sure the way you collect data, track your users via cookies and pixels to retarget them, and work with 3rd party apps and vendors is GDPR-compliant.

Watch it below to get informed:

Here’s a transcript of Jodi explaining everything about cookies, pixels, retargeting and 3rd party vendors:

#1 Create a data inventory

“Hi, Jodi Daniels of Red Clover Advisors. I’m delighted to talk to you today about GDPR and ecommerce: what do you need to do to get ready.

I always tell businesses you’ve got to start with your data inventory. You have to know what you’re collecting, how are you using it and who are you sharing it with.

Who are those vendors and suppliers? So make a list and have it handy.”

#2 Privacy, advertising pixels and cookies

“Now that you have that list, you need to build your privacy notice. Your privacy notice is the document that informs the user—the individual—who comes to your site:

  • what are you collecting on them
  • how are you using it
  • where are you sharing it
  • how are you protecting it
  • what are their choices

It probably should also talk about marketing and cookies.

I imagine that you’re likely using perhaps an analytics cookie to measure the performance of your site, or retargeting cookie to lure visitors to your site, or some type of a pixel or beacon.

All of that needs to be in your privacy notice, and really often in a cookie notice. If you’re using those kinds of cookies then you need to have a cookie consent banner.

That’s that banner that appears at the bottom or top of a site and inform someone—ding-ding-ding—cookies are being used here, and also allows them to accept those cookies and to see more about them.”

#3 Manage individual rights

“In your cookie notice you need to be able to manage individual rights.

Those are those rights like the right to be forgotten, the right to object, the right to change my data, and several others.

In your privacy notice you should have information about how a user can go about exercising those rights. is it an email, is it a form, how do they do that?”

#4 3rd party vendors, compliance and myths

You need to know what kind of data that you’re collecting and where it’s being shared, what vendors or suppliers have that information? So that when I say I want my data to be deleted, you know where to go. You know which vendors should have that information.

It is the general data protection regulation, and so we need to ensure that we are protecting the data that we are collecting. So do you have strong security measures in place? What about your team, how do you share and protect their information?

What about your suppliers?

Now, there’s a myth out there that if your vendors are GDPR-compliant, that that’s all you have to do and that is not true. As a business, you have responsibilities as well. Now, if your vendors or suppliers are not GDPR-compliant, then you are not GDPR-compliant.

You can’t be GDPR-compliant if the people you’re sending it to are not also going to be protecting it per GDPR’s rules.”

#5 The 6 steps you need to take next

“So, as a recap:

  1. you need a data inventory
  2. you need to know what it is that you’re collecting, storing, sharing it with whom
  3. you need a privacy notice that articulates everything that you’re collecting, how you’re using it and who you’re sharing it with
  4. you need to be able to manage this individual rights request and how is that going to work
  5. you need to protect your data
  6. you need to know how your vendors and suppliers are complying with GDPR,as well as email marketing, so when it comes to being able to market, you need to be able to have a lawful basis. Most often it’s on consent.

Consent needs to be freely given, specific and informed. No pre-checked boxes, no just sign up for everything under the sun.

It must be very specific, freely-given, meaning no pre-checked box. You should also have a privacy notice nearby in that email marketing signup.

So I hope that you found this helpful. Again Jodi Daniels, Red Clover Advisors. Look forward to hearing any of your questions and your feedback.”

Watch more videos in the series

Watch more: [Video] Getting Consent for Your Email & Marketing Automation
Watch More: How to Make Your Google Analytics GDPR-Compliant
Watch more: [Video] The 3 Crucial Parts of a GDPR-Compliant Privacy Policy
Bernard Meyer
Article by
Bernard Meyer

Bernard is the Director of Content at Omnisend, with a passion for good research, helping ecommerce businesses with their marketing automation needs, and beating absolutely everyone in Mario Kart 64.


related features
These are the Omnisend features that can help you get the results mentioned in the article.