Vol 1 No 2 (2018)

GDPR –Impact of General Data Protection Regulation on Digital Marketing

Natalija Parlov
Parlov Digital Intelligence Ltd; Apicura Business Intelligence Ltd
Željko Sičaja
Republic of Croatia, Ministry of Interior, Zagreb
Tihomir Katulić
University of Zagreb, Faculty of Law, Zagreb, Croatia
Published December 14, 2018
  • GDPR,
  • General Data Protection Regulation,
  • personal data,
  • digital marketing,
  • consumer protection
How to Cite
Parlov, N., Sičaja, Željko, & Katulić, T. (2018). GDPR –Impact of General Data Protection Regulation on Digital Marketing. Annals of Disaster Risk Sciences, 1(2), 105-116. Retrieved from https://ojs.vvg.hr/index.php/adrs/article/view/17


Due to the rapid development of technology, in the last ten years digital marketing has given rise to sophisticated automated models for successfully affecting the behaviour of consumers whose fundamental rights, such as the right to privacy and the right to the protection of personal data, have often been violated because of the discrepancy between the regulations and the actual use of personal data.

The possibility of targeting has been brought to an enviable level – a precise targeting of an identified individual and his or her personal data, as well as their complete demographic, sociographic and psychographic profile – thus opening the doors to the possibility of making precise predictive analyses and the placement of behavioural strategies by combining various digital channels in creating communication messages of inducement to purchase and continuous monitoring of the individual and their habits.

Information security, on the other side, is a term which all parties in the marketing world involved in the provision of technological services directed towards automated use for marketing purposes, i.e. third-party-side tools with the goal of collecting data, shy away from.

The goal of the General Data Protection Regulation is the protection of personal data, primarily the right to privacy in the digital age and the Regulation will strongly influence the current modalities of using digital marketing.

This study was carried out by the authors on 233 small and medium entrepreneurs in the Republic of Croatia on the use of marketing modalities and tools to collect data about targeted individuals. It has shown that through digital marketing, the companies collect not only the information about their consumers’ preferences, but their a priori goal is the concrete identification of an individual for the purpose of reducing the costs of marketing activities, directing customized communication to a targeted individual and creating a quick return on a marketing investment by raising sales – at the same time without any special sensitivity regarding the protection of the individual’s rights and their personal data.

The goal of the paper is the identification of the most frequent methods and tactics of digital marketing and their non-compliance with the General Data Protection Regulation which comes into force at the end of May this year.


  1. Act on the Implementation of the General Data Protection Regulation, Article 19, Official Gazette 42/2018. Retrieved from https://narodne-novine.nn.hr/clanci/sluzbeni/2018_05_42_805.html. Accessed on 18 May 2018.
  2. Article 29 Working Party Guidelines on consent under Regulation 2016/679. Retrieved from https://iapp.org/media/pdf/resource_center/20180416_Article29WPGuidelinesonConsent_publishpdf.pdf. Accessed on 21 March 2018.
  3. Brotby, W. Krag (2009). Information security management metrics. Auerbach Publications.
  4. Chaffey D., Smith PR (2008). Emarketing excellence: planning and optimizing your digital marketing, 3rd edition, Oxford: Butterworth-Heinemann, Elsevier.
  5. Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 Adopted on 3 October 2017 As last Revised and Adopted on 6 February 2018. Retrieved from http://ec.europa.eu/justice/data-protection/index_en.htm 17/EN WP251rev.01. Accessed on 21 March 2018.
  6. Heeter, C. (1989). Implications of new interactive technologies for conceptualizing communication. Salvaggio J., Bryant J. (eds.) in Media Use in the Information Age: Emerging Patterns of Adoption and Consumer Use. Lawrence Erlbaum Associates, pp.217-235.
  7. ICO. Information Commissioner's Office. Retrieved from https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/. Accessed on 18 May 2018
  8. Katulić, T., Vojković, G. (2016). From Safe Harbour to European Data Protection Reform, MIPRO ISS, Opatija 2016, pp. 1694-1698.
  9. Klaić, A., (2006). Information security requirements in the information systems planning process. 17th IIS Conference, FOI, Varaždin, pp. 265-269.
  10. Law on Implementation of the Regulation(EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation (OG 42/2018)
  11. Lewis, B. (2017). International Organization for Standardization; Information Security Management System auditors welcome ISO/IEC 27007 publication. Retrieved December 5, 2017, from https://www.iso.org/news/ref2232.html
  12. McMillan, S. J., Downes, E. J. (2000). Defining interactivity: a qualitative identification of key dimensions. New Media & Society, Vol 2 No 2, pp 157–179.
  13. Nikolić, G., Sičaja, Ž., Parlov, N. (2018). GDPR – analiza pripremljenosti malih i srednjih poduzeća na novu europsku regulativu i njezin utjecaj na poslovanje u budućnosti. PAR International Leadership Conference Proceedings. ISBN: 978-953-59508-20-0.
  14. Parlov, N., Perkov, D., Sičaja, Ž. (2016). New trends in tourism destination branding by means of digital marketing. Acta Economica Et Turistica, 2(2). doi:10.1515/aet-2016-0012
  15. Parlov, N., Sičaja, Ž. (2017). Utjecaj društvenih mreža na porast posjećenosti web stranica u turizmu. Tourism and Development 2017 Conference Proceedings, University of Maribor Press, doi: doi.org/10.186907978-961-286-121.6
  16. PMI, (2004). A Guide to the Project Management Body of Knowledge, 3rd Ed., Project Management Institute.
  17. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR), (2016). European Parliament and European Council. Retrieved from http://data.europa.eu/eli/reg/2016/679/oj
  18. Sicilia, M., Ruiz, S., Munuera, J. L. (2005). Effects of Interactivity in a Web Site: The Moderating Effect of Need for Cognition. Journal of Advertising, Vol 34 No 3, pp 31–45.
  19. U.S. Government, Legal Information Institute, Title 44, Chapter 35, Subchapter 111, §3542, Cornell University Law School. Accessed on 21 March 2018, URL: www.law.cornell.edu/uscode/44/3542.html