Collection and consent of collection of data

This blog post will be all about data collection, and how GDPR works in relation to marketing information systems!

To start, I am going to discuss what data collection is, and when and how companies can use it. Data collection is exactly what it says on the tin, it is when companies collect personal data from us (consumers). In terms of personal data, companies can request personal data from you, the consumer. Once a company requests personal data, your data protection rights must be respected. (Europa, 2018)

So, this begs the question:

When can companies collect data from you?

The EU data protection rules define the circumstances under which a company can legally collect data from you without consent:

  • when they have a contract with you — for example, a contract to supply goods, e.g. buying something on Ebay
  • when they are complying with a legal obligation — for example, when processing your data is a legal requirement, for example your employer is required to give information on your wages to the social security authority, so they can ask for your PPS number
  • when data processing is in your vital interests — for example, when the collection of your Dta could protect your life
  • to complete a public task — mostly relating to the tasks of public administrations such as schools, hospitals, and municipalities
  • when there are legitimate interests — for example, banks check personal data to decide whether you qualify for a loan etc

In all other circumstances, companies must request consent before collecting your data. (Europa, 2018)

This naturally leads us on to the topic of:

How does consent works online?

It is stated in the GDPR that when a company requests consent from you, it must be clear and obvious that you are consenting to the collection of your data. This must be done via a clear action for example, ticking a box saying yes, I consent. (Europa, 2018) (MacDonald, 2021)

I was surprised to find out that it is not acceptable to simply have a box at the bottom of a webpage saying, “tick if you don’t want to receive emails from us”. This is a breach of the GDPR. After reflecting on this point, I realised that I have had countless experiences at a checkout on an online shop where I was presented with a similar box to tick to opt out of marketing junk mail.

Now moving on to how all this applies to digital marketing information systems:

How does all this apply to marketing?

The importance of GDPR for digital marketing can be best examined through three titles, data permission, data access and data focus. (MacDonald, 2021)

1. Data permission

Data permission relates to how companies can acquire data from you. This heavily relates back to consent as discussed above. It essentially means that according to GDPR, companies must make it clear and obvious that you are consenting to collection and use of your data via an appropriate action (ticking a box that says yes, I consent). It is the responsibility of the company to ensure they have the correct format on their webpages etc to comply with this law.

A lot of household name companies have already been fined huge amounts for breach of this. For example, British Airways faced a fine of €200m for a breach of the data protection laws in 2018. (MacDonald, 2021)

2. Data access

Data access is essentially the right to removal of your data from a companies database. This means that at any point should you wish to have your data removed from a companies in house database, the company are legally obliged to do so. This is something that I feel not enough people know about. It is all too often you hear conversations pertaining to worries about data trails and the like, I think this law should be campaigned for to raise awareness of the capability that the individual has, to control their data. (MacDonald, 2021)

3. Data focus

Data focus is about the necessity of data to a company. It forces companies to focus on data that they need. Marketing companies prior to 2018 collected an abundance pf unnecessary data, this has been stopped because it was decided that companies should not have free reign to gather as much data as possible.

I actually find it unsettling to think that without this, marketing companies would be even bigger vultures for your data than they are now. (MacDonald, 2021)

Rounding it all up:

So, we have discussed how the laws of the collection and use of data works in a general sense. An overview of the GDPR was given and also how it all relates to marketing information systems!

I would like to thank you very much for reading, I hope you found it informative at least!


Europa, 2018. Data protection and online privacy. [Online]
Available at:
[Accessed 9 April 2021].

MacDonald, S., 2021. GDPR for marketing: The ultimate guide for 2021. [Online]
Available at:
[Accessed 9 April 2021].

A series of blogs to delve into the topic of marketing information systems.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store