Starting on May 25th of this year, for those companies whose activities highly rely on data, collecting or buying it has apparently become an ever-lasting nightmare.

Within your business, you had scrupulously planned your marketing activities, split your budget to make the right marketing investments and elaborated a series of actions to reach your final yearly goal.

But now, it seems that GDPR is getting in the way and ruining ambitious objectives. Especially, considering that the new EU regulation presents various uncertainties and there are no clear answers to all the doubts arisen when GDPR came into force.

Here in this page, we would like to shed light on these doubts and show you that there is a way for you to keep doing business the very same way you have always done. Don’t worry, none of your marketing investment is lost.


There are two main steps you need to take.

STEP 1:  Perform a Data Gap Analysis


In order to change your direction towards the land of GDPR-compliant businesses, the very first thing that you need to do is to see in which sea you are currently navigating.

You need to review your data and, ideally, check one by one all your contacts. This will allow you to identify which data you can keep, which you shouldn’t and which you definitely can’t store any longer. It will also allow you to assess the market in which you are currently operating and take into account the possibility to change a few things: your marketing strategy, expanding your territory, targeting new sectors and so forth.

The regulation requires you to store data that is necessary for a purpose. This means that you are advised to start to make a distinction between what is needed and what I superfluous.

For what remains you might want to cluster them into three main categories:


If your contacts opted-out the question to answer is: Why do you still have them in your database?

You should take actions in depending on the specific requests that your contacts have made, ensuring the exercise of their rights.


Identifies an individual giving his/her consent to receiving marketing materials.

As the definition suggests, you can reach out to those individuals who opted-in using the legal ground of Consent.

However, it is not as simple as it seems: for those of your contacts that appear to fall under the category of “Opted-in”, you still need to check and validate the process that you previously used to obtain their consent. This is because, the latter will only be valid if the request was in line with the conditions of the new regulation.

   Neither opted-in nor opted-out

In this case, you can make use of the legal basis of legitimate interest.

By many marketers it might be considered the savior to this GDRP-condemn, and I would tend to agree on it. However, to make actual beneficial use of it, it is essential to have a clear idea of what it stands for, and how and when it can be used.

Legitimate interest is one of the six legal grounds that can be used to demonstrate that you have the right to process data under  the new regulation. It leverages mutual advantages for the two parties involved: a company can contact an individual who hasn’t opted-in to receive marketing communications using the legal ground of legitimate interest, based on the fact that both the company and the individual would benefit from this.

Regarding individuals’ benefits, you should have a clear idea of whom your product or solution would benefit.

To do so, you will need to assess your products against the potential market, which would include your territorial planning supported by your business cases. This process will allow you to find the fit between your product and the market, thus allowing you to understand what your ideal customer profile is, and which positions and roles within a company would most likely be interested in your offerings.

STEP 2: Build your GDPR-compliant Database.


With a process of data-purification, you have set the basis for a GDPR-compliant database.

The previous operation might have cost you the partial loss of your data. Nothing to be worried about. Now that you have a clear view of your current situation and more specifically of your data in relation to your needs, you are ready to build an AD HOC database which will allow you to perform your activities in a purely compliant manner.

Whether you need to send invitations to an event, organize a webinar, launch a campaign, generate leads or any other activity that requires your business to process data, you can still be compliant by generating a database suited for a specific purpose, leveraging the legal grounds that we mentioned earlier – consent and legitimate interest. 

S2M-group has developed a strict methodology, together with techniques and tools, that can help you build your own compliant database.

In this regard, we can support your marketing team providing consultancy and training sessions.

The transfer of expertise and knowledge to your teams, would empower your employees with effective methods to boost your pipeline in line with GDPR.

Or, you can rely on our in-house experts to build the database for you. As an extension of your marketing and sales team, S2M would lead your business to greater success with an efficient, reliable and compliant service.