Designing The Customer Journey To Be GDPR Compliant

Designing The Customer Journey To Be GDPR Compliant

How do the General Data Protection Regulations (GDPR) influence customers' travel as they surf the web? A closer look reveals that without Consent, the...
by Usercentrics
Nov 13, 2019
Table of contents
Show more Show less

How do the General Data Protection Regulations (GDPR) influence customers’ travel as they surf the web? A closer look reveals that without Consent, the brand cannot go on – no matter at which point of the customer journey. Therefore, smart Consent Management can make a decisive difference here.

Usercentrics - GDPR-compliant Customer Journey

The General Data Protection Regulation (GDPR), which came into effect in May of 2018, provides clear rules for how website operators should go about dealing with their website visitors. One of the most important and most discussed points is that the processing of personal data may occur only after the user has given his/her consent. According to the ruling of the European Court of Justice on October 1st, the user’s active consent must even be obtained for the use of each cookie- stated separately. Even if the majority of marketers are displeased by this and regard it as a danger to their day-to-day business, obtaining this consent plays a key role in the modern customer journey. Without consent, the visible customer journey ends with the initial website visit.

To illustrate why you need solid Consent Management to shape your customers’ journey according to today’s requirements, we would like to use the following online shop as an example to show what such a customer journey can look like and where GDPR-compliant consent must be obtained. We will proceed in four steps beginning at the 1) Upper Funnel, the 2) Awareness Phase, through the 3) Conversion to the 4) Customer Care section.

GDPR-Relevant Touch-Points Throughout The Customer Journey

Contact Point 1: An Advertisement Leads The User To The Website

Let’s say a user sees one of your banners on and clicks on it to view your offer. To even be able to follow this interaction, using a tool like Google Analytics, for example, you will need the user’s consent. Even if he or she remains anonymous, the collection of data is only possible with an opt-in.

If your content is to be personalized, either by the structure of the website itself or based on individual recommendations (as everyone expects today), obtaining the user’s consent also remains mandatory.

Contact Point 2: Retargeting Brings The User Back To The Website

The user ends his/her journey into the e-commerce world and is approached again afterward via retargeting. To be able to read the cookie that identifies the user as a visitor to your website, the user’s consent must have been given in advance. Retargeting is a classic element in the customer journey can therefore only be achieved via opt-in.

Contact Point 3: Registration As a Customer

Let’s also assume that the user is interested in purchasing an item after the retargeting ad and logs in to your shop to buy something. Here, the user’s consent must also be obtained before this data can be recorded and, of course, processed for further use.

Contact point 4: Newsletter For Existing Customers

No brand nowadays does without a newsletter via email as the oldest and at the same time very personal link between company and customer. If you would like to send your existing customers a newsletter, it is necessary to receive the recipient’s opt-in. In the specific case of email marketing, even the double opt-in is necessary.

At this point, we would like to stress that the legal situation with regards to the processing of data – including data already collected – can change at any time. The upcoming ePrivacy policy guideline, with which each EU country will define the interpretation of the principles set by GDPR even clearer and on a national level, may necessitate a reorientation of consensus collection and administration. The recent ECJ ruling alone has demonstrated that grey zones will prove to be tighter or disappear completely.

Anticipatory consent management and the use of a Consent Management Platform (CMP) will minimize the resulting costs considerably. As a result, the user can be clearly informed about the intended use at the first point of contact. This will allow for the obtaining of comprehensive consent, which will also legally secure all further steps. If necessary, this process can be adapted accordingly with little effort.


  • Even the observation of anonymous users in the first step of the customer journey requires their consent.
  • Without Consent, your website will remain blind for the entire customer journey.
  • Successful customer care requires appropriate consent.
  • With a Consent Management Platform (CMP), you maintain an overview, act in a legally compliant manner and can make adjustments at any time.
Home Resources Article Designing The Customer Journey To Be GDPR Compliant

Related Articles