Back to Blog

5 Essential Data Compliance & Privacy Practices Digital Marketers Must Know

For a long time, marketing compliance was low on the task list for a marketing team – but in the last few years, there’s been a dramatic reversal that’s made privacy and data protection a fundamental requirement for good marketing.

There’s even evidence to suggest that consumers now factor in a brand’s reputation for data privacy when making purchase decisions.  

Regulations like GDPR (celebrating its fourth anniversary in 2022), CCPA or CAN-SPAM laws have been driving this change.

Marketing teams now need expertise about marketing compliance regulations if they want their work to be successful, so here we’ve summarised the best practices to follow when it comes to facing this tricky area of marketing.

What Is Marketing Compliance?

Marketing compliance is the act of ensuring that an organisation’s advertising, marketing materials and sales activity follows the standards and laws that are put in place to protect consumers and their data.

Compliance obligations are designed to protect the privacy rights of individuals and require companies to collect, store, and use information correctly. Violations of these laws can lead to significant fines (under GDPR, up to €20 million or 4% of worldwide turnover for the preceding financial year – whichever is higher).

5 Best Practices For Digital Marketing Compliance & Privacy

1. Let Users Choose How You Use Their Information

The foundational principle of marketing compliance guidelines is to give transparency and control to consumers in how their information is handled. 

However, companies can struggle with this requirement at the first hurdle because they don’t have a system set up ahead of time for managing user preferences when it comes to data.

To remedy this, there are a couple of key steps to take: 

  • Combine consent into forms. For example, if there is an option to create an account on a website, or sign up for an email newsletter, give users the option to opt-in or opt-out of marketing. 
  • Set-up a Consent Management Platform (CMP). Providers like Usercentrics or Didomi support the collection of consent for cookies on your website. 
  • Create a preference management centre. This is a portal that allows users to directly give or retract consent to different uses of their data whenever they choose to do so. It can also allow you to capture consent in a more granular fashion, such as allowing users to choose between channels of communications (i.e. phone vs email). 

But with all of this, there’s a catch that many marketers don’t recognise. With the sheer number of touchpoints that a consumer can have with a brand (for example, email communications vs website interactions), they could be giving and withdrawing consent in different places and at different times.

Unless you’ve integrated that consent data into a single profile, you’ll have different versions of their consent held in different data management systems (such as your email tool and your CMP) and therefore be without a clear real-time record of what you can and can’t do with that individual’s data. 

This is where Consent Orchestration is critical, which leads us to our next best practice…

2. Invest In An Integrated Solution 

Consent Orchestration (not to be confused with Consent Management) comes as part of an all-in-one marketing compliance software solution: a CDP (customer data platform). 

CDPs can pay dividends in marketing compliance because they are capable of collecting data from multiple sources (such as your brand’s website, CRM, apps and email) and then resolving identities to unify it into a single customer view

The best CDPs will do a similar exercise for consent preferences – aggregating all the different choices a consumer makes over different channels and then presenting the marketer with the most up-to-date version of the truth.

It then aligns these preferences whenever a marketer creates segments out of their data for use in campaigns, creating guardrails against inadvertently using data where it’s not permitted.

This is the process known as Consent Orchestration, and it’s found in Zeotap CDP because we’ve built for the strictest marketing compliance environments in the world. 

3. Vet Your Usage of Third Party Data 

Most marketers, if not all, are using third party data in some way. This might be in the form of marketing lists bought from third parties or through using anonymous audiences for ad targeting within a Data Management Platform (DMP).  

This arena is full of potential marketing compliance pitfalls , because the marketing department doesn’t have full control or visibility over the data that they’re using. It’s for this reason that many providers of third-party data have come under fire from regulatory bodies in recent years for questionable data collection and usage practices.

The effect of this has been to significantly diminish trust between consumers and advertisers, and is one of the contributing factors to the deprecation of third-party cookies due to come into effect in late 2023. 

In a privacy-first world, all this means that any third-party data provider being used has to be fully vetted to ensure that marketers don’t end up with compliance risks like privacy violations by proxy.

Data sources such as Zeotap Data have been created to solve this exact problem, delivering transparency in data collection practices and clear consent records on the way. 

4. Interrogate How (And Why) You Use Your Data 

There are three important data management principles that sit behind most data privacy regulations, and they’re very useful for all marketers to familiarise themselves with: 

  • Data Permission. In other words, how you collect consent in a ‘freely given, specific, informed, and unambiguous’ way, which is reinforced by a ‘clear affirmative action’.
  • Data Access. Also known as the ‘right to be forgotten’, which gives people the right to have outdated or inaccurate personal data to be removed. 
  • Data Focus. In other words, are you collecting only the data you need, and only using it for the appropriate purposes? 

It’s this last piece, ‘Data Focus’, that we turn our attention to here as it’s often the most neglected pillar of marketing compliance.

As a marketer, it asks you to really question whether you really need to collect all that data or whether your marketing can do just as good a job with less – in many ways, a streamlining of your data habits that not only helps you be more compliant, but more efficient.

All this also provokes another worthwhile thought – for a long time, marketers have strived for the ‘holy grail’ of a 360° customer view – but perhaps this should be challenged and swapped out for the right customer view  (see more on this in our article here).

5. Implement A Marketing Compliance Strategy

A marketing compliance strategy needn’t be complicated, but it’s important that every business has a clear and agreed set of guidelines.

This is where you should work closely with your Data Protection Officer (DPO) to come up with a marketing compliance process that’s specific to the requirements of your business, but in the meantime here are some outline steps to follow: 

Collaborate interdepartmentally

Marketing isn’t the only department who should know what they’re doing when it comes to this topic: other departments need them just as much. Coming up with internal legal and regulatory standards for everyone ensures consistency across the board so nothing slips through the cracks.

Document a process

Without a documented marketing compliance procedure, it will be difficult to prove that you are staying on top of all your legal responsibilities. You can start out by using manual checklists but eventually this process should become automated so it’s easier and quicker to manage over time.

Remember that if your team members don’t follow your marketing compliance standards, they’re pointless, so be sure to constantly communicate your processes and any changes you make to them.

Send automatic notifications if you change significant portions of your guidelines through a digital asset management platform or a file-sharing tool like Dropbox, or quickly communicate vital changes to your team through internal meetings.

Regularly review and update 

Marketing compliance isn’t a task to just “set and forget”. New regulations are coming out regularly, so it’s important to stay updated with the latest developments or else your company could get penalised for an unwitting faux pas.


In a world where transparency around data use is critical, you’re likely capturing more than just consent: you’re also storing a user’s preferences on how they want to be communicated to.

Using our consent orchestration with Zeotap CDP, you can make sure that this hard-won information is fully actionable in a privacy-first world.

 Find out more and secure your free demo today.

Share this post

Related blog posts

Sign up for our newsletter

Be the first to get access to our marketing resources and keep up to date with the latest CDP best practices, privacy standards, marketing, and customer data.

Industry recognitions

Trusted by

What our customers say

Schedule a Demo

It is simple to deliver amazing customer experiences without compromising user privacy. Complete the short form, and we’ll be in touch to schedule your demo.