The implementation of the EU’s General Data Protection Regulation (GDPR) marked a significant moment in marketing history, particularly in the realm of marketing analytics. This regulation introduced stringent rules on data privacy, profoundly affecting any company handling the personal data of EU citizens. This includes a wide range of popular marketing technologies and tools used in marketing analytics.

The GDPR’s influence has continued to grow, with recent developments in 2023 focusing on streamlining cross-border data protection enforcement within the EU. This includes a proposed GDPR Procedural Regulation aimed at standardizing procedures and increasing efficiency in handling GDPR cases with cross-border elements

The good news is that there are a number of steps you can take to get your marketing tech stack GDPR compliant.

To achieve GDPR compliance, marketers should:

1. Update technologies to align with GDPR.
2. Review data collection and processing methods.
3. Establish a GDPR-compliant data retention policy.
4. Implement a process for handling individual data requests.

GDPR-Compliant Analytics Tools

Google Analytics is the most popular website analytics tool on the market. However, it is not GDPR compliant. If you are looking for a GDPR friendly Google Analytics alternative, there are a few options available. One option is Matomo.

Matomo is an open-source analytics platform that is self-hosted, meaning that you own and control your data. It is also GDPR compliant.

Another option is Clicky. Like Matomo, Clicky is self-hosted and GDPR compliant. Both Matomo and Clicky offer similar features to Google Analytics, so you can continue to track your website traffic without sacrificing your privacy.

According to the website dasprive.be, a Belgian non-profit organization that lists all GDPR compliant tools, the following tools are also to be considered GDPR compliant alternatives to Google Analytics:

• Piwik Pro
• Plausible
• Pirsch.io
• Simple analytics

We’re used to Google Analytics being free, but a lot of the alternatives only have a very basic free option. If you are a data hungry marketer, you’ll most likely want to get a paid version of one of the analytics tools.

At The Growth Agency, we have experience with Plausible, Matomo and Piwik Pro and we will be testing the other Google Analytics alternatives on our different in-house domains, so we can consult our clients in the best way possible.

Most of our corporate clients have a year or more to become fully GDPR compliant, but we recommend them to install one or more GDPR compliant analytics tools as soon as possible. Why? This way they can run in parallel with Google Analytics and we have time to figure out which tool fits their needs in the best way.

GDPR compliant collaboration tools

Slack, Google Workspace, Microsoft Teams, Gmail, Outlook, WeTransfer,.. Chances are we just mentioned quite a few of your daily tools, right?

Unfortunately, all of them are not compliant with GDPR. It will be a tough job for corporations and smaller businesses alike to get their employees to adopt new tools that will likely not be as user friendly as the ones we’ve been accustomed to.

As GDPR enforcement becomes more centralized, collaboration tools must also adapt to ensure compliance. This shift could lead to the European Data Protection Board (EDPB) taking a more significant role in overseeing tools used across borders​​.

GDPR compliant email providers, outlook and gmail alternatives

ProtonMail and Tutanota are two email providers that offer GDPR-compliant services. Both protonmail.com and tutanota.com provide end-to-end encryption of user data, meaning that only the sender and receiver can read the data being exchanged. This ensures that your data is protected from prying eyes, whether you’re sending an email to a colleague or sharing files via email attachments.

In addition, both ProtonMail and Tutanota allow you to set expiration dates for messages, so that your data is automatically deleted after a certain period of time. This is a useful feature if you’re working on a project with a limited lifespan or if you simply want to ensure that your data is routinely purged.

Both tools offer two-factor authentication for an extra layer of security. With two-factor authentication, even if someone knows your password, they will not be able to access your account unless they also have access to your second factor, which could be a code sent to your phone or generated by an app on your phone.

The proposed changes in GDPR enforcement stress the importance of using email providers that comply with the latest procedural regulations, especially for cross-border data processing

GDPR compliant messaging / chat tool, Slack and Teams alternatives

Slack and Teams are tools that we almost can’t imagine business life without nowadays. Remote working made them even more popular and widely adopted.. Both are not GDPR friendly. If you want to look for an alternative messaging tool, matrix.org is a popular open-source messaging and chat tool that is designed to be compliant with the General Data Protection Regulation (GDPR).

matrix.org is used by a variety of businesses and organizations, including the European Commission, the UK National Health Service, and the German Federal Ministry of the Interior. matrix.org offers a variety of features that make it an attractive alternative to Slack and Microsoft Teams, including end-to-end encryption, support for a wide range of platforms, and a commitment to open standards. matrix.org is also free to use, making it an appealing option for businesses and organizations that are looking for a GDPR-compliant chat tool.

How marketers can brace themselves for GDPR

When looking at different tools, it’s important to establish two key factors:

1. Where is the company headquartered? The company should have their HQ in Europe and not in the US.
2. Where is the data stored/ where is the tool hosted? The tool’s hosting should be in Europe and not in the US.

Marketers should be aware that while the GDPR does not directly impose new obligations on businesses, it grants more rights to businesses and individuals involved in GDPR enforcement actions, thus offering a more efficient enforcement model and legal certainty​​.

Please note: this is not legal advice. We urge marketers and companies to consult with a lawyer to define the best path to GDPR compliance for their company.

At The Growth Agency, we will be testing more GDPR friendly marketing tools over the coming weeks. If you want to stay updated on this topic, please subscribe to our newsletter!