The General Data Protection Regulation has 99 articles. The marketing-relevant subset is narrow: how you collect consent for email, how you let people withdraw it, and what counts as automated decision-making in your growth stack. Most violations cluster in three articles.
Two articles cover the bulk of marketing-relevant GDPR risk: Article 7 (consent) and Article 22 (automated decision-making). Together with the ePrivacy Directive’s rules on electronic communications, they define what a compliant signup form, marketing email, and segmentation engine look like. This batch covers the two highest-frequency violations on Launch Audits.
What “freely given, specific, informed, and unambiguous” actually requires in a signup form. The bar is higher than most growth teams build for — pre-ticked boxes, bundled consents, and consent-as-service-condition all fail here.
When your segmentation engine decides who gets the airdrop, the bonus, the campaign, it’s automated decision-making with legal effect. Most growth stacks are inside this article without realising. Article 22 requires a lawful basis, transparency, and the right to human review.
Paste any signup form, marketing email, or cookie banner. Verdict against GDPR + ePrivacy in seconds.
A signed audit across MiCA, FCA, and GDPR. Five business days. From €4,950.