*Disclaimer: First off, I’m not a lawyer, and you should really have one already. GDPR can be complex, so this is going to relate to Google Ads only.
I’ll not bore you with what GDPR is, and there’s plenty of information available about how this relates to your business overall.
Getting compliant
What we’re really interested in is how GDPR directly affects the work of managing Google Ads accounts and how to stay compliant.
If you’re not doing any remarketing or conversion tracking (wait, really?) you won’t need to do anything. Most advertisers will be tracking conversions and running remarketing. If you’re not, add that to-do list, priority 1.
Under GDPR, an advertiser must get opt-in consent from users if they use Google Analytics, Google Tag Manager or remarketing tags to serve personalised ads. This can be done with the use of a pop-up website banner.
Legally though, this is an important thing, and informs the user about what is tracked, and for what purpose. What is tracked on a website should appear under a privacy policy, detailing what information is tracked, cookies, and the reasons.
The most obvious Google Ads feature on the radar of our GDPR overseers is our ability to upload email lists to Google Ads as remarketing audiences. For some time now, Google has been asking managers to click a checkbox when uploading lists that the data was collected in accordance with privacy regulations. In essence, Google are asking you:
“Did everyone on this list opt in to marketing?”
On the new UI, it now looks like this:
If the answer is no, then you’ll need to start weeding the list before uploading. You’ll need to keep on top of this one. If a user decides to change their consent from opting in to opting out, then the list will need to be edited as soon as possible.
Keeping email lists compliant
You can set an expiration for the customer to drop off your list – this could make it easier to manage opt outs, as you could schedule an updated, clean list upload for the day the list expires.