SEO and GDPR: Why SEO will be your best marketing tool in the GDPR world

How does GDPR affect marketing?

Plus, of course, where does SEO sit in the GDPR world?

How will GDPR affect future marketing and where does SEO sit in the GDPR world?

What is GDPR?

Firstly, let’s look at GDPR and what it means.

GDPR stands for the General Data Protection Regulation, which came into force on 25th May 2018.

It applies to every business that holds, collects and stores information about EU citizens that makes them personally identifiable, even if it’s just their name, email address or computer IP address.

GDPR also covers if/how we give data to third parties such as web developers, virtual assistants, web hosts, email marketing providers, analytics providers, plugins installed on our websites and more.

The aim of the regulation is to protect people’s privacy and ensure that data that could personally identify them is held and used in an ethical way, and that it is disposed of in a timely and correct manner too. This includes giving people the ‘right to be forgotten’ and to have their data fully erased.

The regulations require that data is “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes”.

Previously, each of the EU countries have had their own privacy laws. GDPR is about unifying data protection laws for a single, consistent approach. It’s also about bringing data protection into the 21st century.

Even when/if Brexit is finalised, the GDPR will be incorporated into UK law and will still apply, especially if you want to do business with anyone in the EU.

If you run a business then GDPR is something you need to know about and act on.

Personal data as a commodity

Why is data protection such a hot issue?

Everything we do online leaves a digital footprint. In May 2017, The Economist called personal data ‘the world’s most valuable resource’, even rating it above oil!

Companies (maybe this includes your own) track the searches we make, the websites we visit, the things we buy, the phone calls we make, the photos we take, where we go and much, much more. This helps to build up an understanding of buyer behaviour, making it easier to sell to us.

And because all this data is so valuable, it’s also a target for theft and misuse.

According to UK Government statistics, nearly half of all UK businesses suffered a cyber breach or attack in 2017.

The joint class action against Facebook, Cambridge Analytica and two other companies for allegedly misusing the personal data of more than 71 million people to develop ‘political propaganda campaigns’ highlights that data protection isn’t just about cyber-attacks, fraud or identity theft – it may also be used to influence opinions and shape the very fabric of modern societies.

Beyond the scary headlines

There have been a lot of headlines about the potentially massive fines associated with GDPR non-compliance. Worst-case scenario figures such as €20 million or 4% of annual turnover are daunting for any business.

Couple this with misinformation out in the public domain and it’s tempting to panic about the impact GDPR will have, especially on small businesses without extensive resources.

However, I think we all need to take a calming breath and look beyond the hype.

One of the most reasoned explanations of GDPR I heard recently is that it really just tightens up and consolidates the data protection regulations already in place.

GDPR is about gaining ‘active’ consent from people about capturing their data rather than relying on implied consent or expecting people to opt out of data capture.

The GDPR says that you must use plain language to tell people who you are when you request their data, as well as:

  • why you want it
  • how long you’ll keep it
  • what you’ll do with it
  • who will receive it

Businesses that are collecting customer data in a responsible way with a clear opt in and information about how they will use the data probably don’t have too much to worry about (although you should understand how GDPR will affect your business and be proactive about compliance).

This article isn’t about how you become compliant with the GDPR though. Instead, I wanted to explore why SEO and other GDPR-compliant marketing approaches will be even more important from now on.


How GDPR may effect marketing and data capture

Recently, Smart Insights asked their members whether their companies were GDPR-ready – only 6% responded that they were! Sixteen percent said they don’t even know what GDPR is.

It’s clear that there’s still a lot of work to be done.

Many business owners are currently trying to work out what the GDPR means for their company, especially in terms of marketing and capturing/using data for current and potential customers.

  • Will long-established mailing lists have to be deleted?
  • Or, at the very least, will masses of customers decide not to opt back into mailing lists if/when prompted to confirm their ongoing consent to be contacted?
  • Is it still OK to get people’s sign-up details in exchange for a lead magnet?
  • Is Google Analytics GDPR-compliant?
  • Will we be able to hang on to the contact details of previous clients and contact them with special offers?

These questions and more are being asked time and again, often receiving different answers, depending on who’s answering the question.

Without a definitive, plain language list of obligations for each type of business, GDPR will herald a period of uncertainty as everyone tries to work out what applies to their organisation.

This means that companies are likely to look for ways to attract new business that are less reliant on data capture and lead magnet marketing in order to risk falling foul of the GDPR and associated fines.

Businesses may turn to Google AdWords or Facebook advertising to target and bring in new customers. But, with growing competition for keywords, the prices will soar. There is also some debate about how the GDPR will affect these two PPC advertising options.

SEO may be a safer investment.

SEO and GDPR: SEO is about creating a fantastic user experience (UX) and building your professional reputation as an authority in your field.

SEO and GDPR-compliance

Search engine optimisation will potentially be one of the best and most effective ways to market your business once GDPR comes into effect because, in many ways, it is already GDPR compliant.

On- and off-page SEO doesn’t rely on data capture. Instead, SEO is about creating a fantastic user experience (UX) and building your professional reputation as an authority in your field.

As we’ve explored in numerous previous blogs, the ranking signals that search engines look for when creating search engine results pages (SERPs) are all about relevance and best answering the searchers’ queries.

Simple steps can help you bring more customers to your website and, in turn, attract more enquiries, bookings and/or purchases WITHOUT marketing to your mailing list.

Think about the following:

Meta data

A strong meta title and meta description should reflect what visitors will find on the web page and show how your content will meet up to the reason for their search.

If you can write each meta description as a compelling call to action, it should bring people to your website from search engines. It’s your opportunity to say, “Click on me instead of anyone else”.


Short, targeted keyword-rich URLs also help to signpost what each page is about to your website’s visitors and show the relevance of your content, bringing in more traffic.

They also make it easier for people to make an educated guess about the address of a web page on your site without having to search for it. According to SEMRush’s Ranking Factors Study 2017, direct website traffic – i.e. traffic where the source or referrer is unknown or the visitor has typed in the company URL – is the most important ranking factor. This beats dwell time, bounce rate, backlinks, content length and more.

Crawlable pages

If you use text that search engines can read, as well as images and videos or embedded properties with relevant alt tags, it will help search engines to rank your web pages and bring in a relevant audience who want to buy what you sell.

Clear headings

Headings and sub headings that reflect what your content is about are essential to help visitors identify what a web page is about. If people can see at a glance that they’re in the right place, they’re likely to stay on a page for longer, lowering the bounce rate and upping the dwell time. These are both important ranking signals.

Intelligent use of keywords

As I discussed in a recent blog, artificial intelligence (AI) is shaping SEO, not least in how we use keywords. It’s crucial to intelligently employ primary, secondary and related keywords throughout your content to show its relevance to a specific topic to search engines.

If you can do this, it will help search engines to return the most relevant results in searches, especially in the context of voice searches through virtual assistants such as Google Home where the top result is often the only one searchers hear.

Website security

Google announced that, from July 2018, a ‘NOT SECURE’ notification will pop up on websites that are HTTP rather than HTTPS.

Changing the security certificate of your website to HTTPS is an effective way to show that you value the online security of your web visitors. It is also likely that non-secure websites will drop in rankings moving forwards with priority being given to secure sites.

Under the GDPR, you will also need to update your cookie and privacy policies to capture an active opt in rather than implying that a person gives consent to their details being tracked or captured by virtue of visiting your site.

These are all steps that you can take today to boost the visibility of your business at the same time as cleansing your data and making sure that your mailing list is GDPR compliant.

Other GDPR-friendly marketing options

SEO isn’t the only GDPR-friendly marketing option you have at your disposal. You might also want to think about the following:

Social media marketing

Social media marketing is likely to become more important to businesses in the GDPR-compliant world.

In many ways, GDPR is about encouraging organisations to create mutually beneficial relationships with their audience, which is a concept that social media is built on.

We already understand that, via social media, fans can unfollow or unlike a business with a single click. Other forms of marketing will be subject to the same rules under the GDPR.

Each of the social media platforms are reviewing and clarifying their position as data processors and data controllers. These are two important distinctions within the GDPR rules.

In the most part though, GDPR is likely to have less of a direct effect on social media marketing than other marketing avenues.

People who follow your social media platforms are actively saying that they want to see your content. If that changes, they understand that they can unfollow at any time. In the meantime, you can ‘speak’ to them via advertising and/or your business profiles without ever holding personal details beyond their names.

A bonus is that social media marketing can have many positive effects on your SEO and vice versa.

Of course, because every business will be looking for GDPR-compliant marketing options, social media marketing may become a lot more competitive.

My advice, as with every other form of marketing and SEO, is to focus on creating relevant and quality content for your audience. Think about how you can give value, be engaged with conversations and genuinely invested in building a relationship with your customers. This is how you will stand out in the marketplace.

Content marketing

With GDPR coming into force, content marketing is also an important weapon in your marketing arsenal and great for SEO too.

Content marketing is not reliant on data collection. Instead, your focus should be on creating fresh, informative and relevant content that is targeted to your key audience.

This is a fantastic opportunity to demonstrate that you’re an expert in your field. If you can get people to read your blogs and share your content, you can build your credibility in three ways: with your audience, with influencers and with Google.

Content marketing is also essential to attract backlinks to your website. Each backlink acts like a vote of confidence from a third party, and the greater the authority of the backlinking sites, the better for your rankings.

Good quality, relevant articles usually encourage people to stay on a website for longer (increasing dwell time) and read deeper into a website via internal links (decreasing bounce rates). Again, these are two important signals to Google about the quality of your content compared to that offered by other sites.

If you can create content that supports the products and services that you offer, you should find that you attract more enquiries by being seen as an expert and, in turn, make more sales.

Your mailing list still matters

I’m not suggesting for a second that you should ditch your mailing list and forget about lead capture mechanisms such as your newsletter or a free ebook. These are the lifeblood of most businesses.

What GDPR means is that businesses may need to revise, diversify or clean up their marketing strategies.

SEO, social media marketing and content marketing are all areas that are great for boosting visibility and creating customer loyalty without being reliant on capturing data. You may want to develop your activities in these areas while tightening up your data processes.


As an SEO professional, I know that websites are rewarded with higher rankings and greater visibility when they focus on giving value to visitors, creating a great UX, and being ethical.

I believe the GDPR will drive more businesses to build relevant and value relationships with their customers and that this can only be a good thing.

The outcome will be connecting with potential customers who are actively interested in the products and/or services that you offer.

Are you ready for the GDPR? How will the new regulations affect your business, especially your marketing activities? Will you be investing more in SEO as a way to bring in new customers? I’d love to hear your thoughts in the Comments below.

16 thoughts on “SEO and GDPR: Why SEO will be your best marketing tool in the GDPR world”

  1. Thanks for putting this together. A lot of work went into this.

    It’s a very helpful breakdown – as we marketers on the other side of the Atlantic are trying figure this out.

    • No problem Jason. Yes, it was a huge amount of work but great to provide some help on GDPR and marketing. I think many marketers are still trying to figure it all out!

  2. Wow Hazel,

    This is my first visit to your web site. What a detailed and important explanation of the GDPR and what we might expect. My concern, right now, is whether I will be able to continue to send newsletters and offers to my long-established lists that have developed over many years. I will have to check back at your site for more updated information. Thank your for sharing so clearly about this new regulation.


    Dr. Erica

    • Thank you for visiting Dr. Erica. Yes, you can still send newsletters and offers to your lists but you will need to ensure that you have consent. I recommend watching Suzanne’s Mythbuster Webinar and joining her free Facebook group – she has all the info you need in there.

  3. Thanks for this, it still seems to be a topic people are unsure about. I’ll be reading it again!

    • Yes, there is still a lot of confusion around GDPR, which was the reason for this post. Hope you find it helpful

  4. Hi Hazel,

    This is the first time I’ve heard anything about “GDPR.” I guess it’s called progress but so many things change and so fast.

    I’ll keep checking back to see what updates you have on this.

    Thank you for the education.

  5. Hi Hazel,
    Thanks for your very informative post on GDPR. A lot of people do not know about it. It was bound to happen in light of “The joint class action against Facebook, Cambridge Analytica and two other companies for allegedly misusing the personal data of more than 71 million people to develop ‘political propaganda campaigns’ highlights that data protection isn’t just about cyber-attacks, fraud or identity theft – it may also be used to influence opinions and shape the very fabric of modern societies.”
    Things will need to change about how business is conducted on the net.
    Hopefully GDPR will make more businesses build relevant and valueable relationships with their customers.
    Very informative post! Will share it!

    • I’m with you there Kathryn in hoping that GDPR will result in businesses building relevant and valuable relationships with their customers. Thanks for commenting and for sharing – appreciated.

  6. Hi Hazel,

    What a remarkable post. Many marketers are not aware, it are confused about GDPR. Many have complained about the constant change in search engine algorithms, and now GDPR? However, some marketers who are aware of it saw it come after the Facebook saga. Your explanation is a great helps.

    Great content Hazel.

  7. Hello, Hazel, it is very helpful information you would be shared with us. Thank yours for sharing so clearly about this.

  8. Hi Hazel, useful to read as always. No doubt once the dust settles everyone will look at GDPR as a good step forward.

    We both already are used to having Cookie Statements on our sites. GDPR is really just an extension of the cookie law that now brings every webmaster into the frame.

    I have recently written an article asking the question is GDPR bad for your SEO? Reading your article we are very much on the same page.

    I think the future of SEO more than likely will include GDPR as a ranking factor in some way. Google is already pushing security certificates on us and has been looking for Privacy Policy and Terms pages as signs of a quality site.

    GDPR is just the next phase.

    Did a whole bunch of shares for you.

    • Hey Dexter, it’s great to hear that we’re on the same page with regards to GDPR and SEO! I agree with you about the possibility of Google using this as some kind of ranking factor. Thanks for the shares – very much appreciated.

  9. I am still struggling to understand why suddenly the traffic has dropped after GDPR came into the picture. Both direct and referral traffic has gone down after the GDPR.

  10. Thank you for this valuable info, well articulated and easy to digest.


Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.