There are only a few days left before the new GDPR rules for protecting the privacy of EU citizens come into effect. But many companies outside the EU are still somewhat confused, wondering, “What are we supposed to do? Where do we even start? Do these rules apply to us too? What about a coffee chain or a pizza place in Russia — does their website have to comply too? How?” And so on — many questions still remain.

To avoid diving into complex legal jargon and definitions, today we’ll look at this topic briefly and highlight how web designers can prepare for the new rules, as well as how online marketing will change under the new regulations. Yes, these rules do apply to marketers who use Google tools (AdSense, AdMob, AdWords, etc.); and since these tools are an essential part of effective online marketing, the significance of the new rules is undeniable.

Key Features of the GDPR Rules

The GDPR, passed by the European Union to protect the privacy of EU citizens, applies to anyone in the world who collects, stores, or processes that data. If your project sells plane tickets or products internationally, then yes — these rules apply to you and your company. Even though the regulations are meant to protect Europeans, the internet is global, and EU citizens can be anywhere. That’s why the GDPR sets a global privacy standard.

Regardless of your motives, your site must comply with the new requirements. Brand representatives must understand what may need to change. After all, that’s easier and cheaper than paying fines.

A modern web page doesn’t just work with content — it also processes visitor data. This data enables social media integration, analytics, email marketing, and more. Without it, online marketing wouldn't exist. And even though users may trust your site or brand, it’s still unsettling to think their personal data is being shared, processed, or stored somewhere. No matter how noble your intentions, human psychology will always prioritize control over personal data.

What makes GDPR such a burden for some businesses is that, until now, personal data was largely unprotected. Many of the existing privacy laws were written 25 years ago and haven’t kept up with technological progress. GDPR introduces modern data protection principles.

By ensuring that your website, app, or online store complies with the new rules, your brand shows that it takes user data privacy seriously. It also makes it easier for marketers to build an effective digital advertising and brand presence strategy. Plus, users will trust the brand more — leading to word-of-mouth buzz and stronger connections between your business and its customers.

GDPR is a smartly constructed set of rules that makes user data safer, creates a less paranoid internet, and lays the foundation for better data practices going forward.

What Data Is Protected by GDPR

When people hear that user data is now under strong protection, many are left wondering: “What kind of data are we talking about? Just name and email?”

GDPR broadens the definition of personal data — now it includes any information that can identify a user. This includes full name, various types of addresses, credit card numbers, digital wallet IDs, birth dates, and more. There’s also a separate category called sensitive personal data — which covers race, religion, political or philosophical beliefs, union membership, medical records, and similar. Why would companies want this info? Well, international social networks, certain platforms, even online stores sometimes collect it through optional forms — to build client profiles. Marketing can be messy and complex.

Will This Law Affect Me?

We’ve covered what GDPR is and what kind of data is protected. Now, let’s talk about how this affects marketing and business in Russia, and whether it does at all. And the answer is: yes, it does.

Of course, if you're just promoting a local coffee shop with no online ordering, or running a small blog or news portal, these rules probably don’t apply — because you’re not collecting EU user data. You could just set the data retention period in Google Analytics and be done. Just remember: once that period ends, the data disappears.

But if you’re doing online marketing for an international brand, it gets more complicated. At a minimum, your company must interact in some way with EU countries. If it does — you’re obligated to study and follow the rules. Typically this includes financial firms, transport companies, media and telecom, e-commerce, pharma, and more. In short: if you provide goods/services to EU residents, run bilingual websites, advertise on EU-based platforms, monitor European users on your site or social channels, or collect analytics for strategy development — you’re subject to GDPR. Sound familiar? Most of us do this when growing a site or brand.

Social networks, travel agencies, platforms with big data sets, email campaigns — all of them must comply. It doesn’t matter whether the company is registered in Russia or not. If you're offering services to EU citizens, and those citizens submit data to your platform, the GDPR applies — no matter where you’re based.

Just imagine:

In short, there are many possible scenarios — but it all comes down to this: if your company offers services to people in the EU or physically located in the EU, then GDPR applies. Period.

Web Design and Online Marketing

If you look at these rules from a narrow perspective, it may feel like: “We have to drop everything, redesign our website, overhaul all our social media ads, change how pages are indexed — basically redo everything!” But no — you don’t need to panic.

Privacy is not some last-minute add-on to a product. It’s a core part of it. Just create a dedicated Privacy Policy page — which most websites already have in their footer. The only difference now is that it needs to be updated to reflect the new rules.

Inform users about:

Not every site has a privacy policy, but we’ve found examples on reliable platforms.

Since digital marketing usually involves working with a finished website (for example), web designers may not always be aware of the nuances that later turn out to be GDPR compliance issues. So here are a few simple ideas that won’t hurt the design but will show everyone that your brand takes data protection seriously.

Notifications. For instance, if you have an email field for newsletter signup, include a small message below it stating that the address will be used for sending marketing materials. Add that by clicking "Submit," the user agrees to share their IP address and gives consent. You can also link to your privacy policy.

Collect less data. Sometimes you only need to know the city or country, not the street or zip code. If you want geographic coordinates, trim the precision.

Separate configuration data (like app or account settings) from login data (emails, passwords, etc.).

For many years, email has been used as a login. But maybe it’s time to allow users to create a username instead, hiding the email to avoid potential misuse or leaks.

No part of your UI should display personal information. Even greeting messages after login shouldn’t include identifiable data.

For example, the online store PrimaGames doesn’t show anything personal, just “My Account” after login.

Implications for Marketing

So, now that we’ve covered the key aspects of GDPR from the EU and Google, let’s get more specific: how does it affect digital marketing? For some, it may make things harder — for others, maybe easier.

On one hand, analyzing user behavior and types now requires fewer data points. And data can’t be stored indefinitely — so comparing results from five years ago vs. today may no longer be possible.

Under the new rules, if someone stops being your customer, their data must be deleted (as stated in your privacy policy). That means fewer contacts for analytics and fewer recipients for newsletters.

But on the other hand, it’s now the marketer’s job to develop a long-term brand strategy that keeps users engaged, so they want to stay. Build transparency in client–brand relationships. As we said earlier, users are cautious about giving away personal info — especially to new brands. But if you’re open and explain how the data will be used, people may feel like part of the brand’s journey — and that emotional connection is powerful.

Another factor: since users are now aware that their data could be shared with third parties, brands must work harder to earn their trust. A strong marketing strategy will now have to win over users, show them that the company actually helps people — not just claim to do so in emails or Instagram posts. Don’t just say you care — show it. That includes keeping newsletters light and useful, not spammy. After all, the spam folder is still alive and well.

Overall, marketing won’t change drastically — but specific tactics will need more attention and adjustment.

Final Thoughts

GDPR officially takes effect on May 25 — but that doesn’t mean every website will instantly get fined. Still, it’s important to understand how these rules affect a company’s digital presence.

If you’re providing services to EU citizens, be ready for them to request data deletion, correction, or access to what they’ve submitted. It’s now their right. And that means your marketing should focus on earning trust and avoiding data leaks. Otherwise, your ability to analyze your audience, run social media campaigns, or target ads with AdSense may be compromised — because the data will become less accurate or complete.

So transparency and trust are now the two pillars of any good marketing strategy.

And really, these rules have global implications. Just imagine: if they had been introduced earlier, maybe the UK wouldn’t have left the EU, or maybe there’d be a woman in the Oval Office… everything is connected.