The GDPR deadline is quickly approaching and will change the way personal data, “the world’s most valuable resource,” according to The Economist, is collected digitally. This will reshape online marketing and the Internet in the EU and internationally. General Data Protection Regulation, commonly abbreviated as GDPR, is the European Union’s new online privacy law and will create greater personal data access and transparency, as well as the potential for data erasure among EU citizens. Organizations that do not comply with these regulations can face a fine of €20 million or 4% of the organization’s annual worldwide turnover–whichever is greater.  This means businesses in the United States, particularly in hospitality, travel, software services, and eCommerce companies, will have to take a closer look at their online marketing practices before the GDPR deadline.

The new regulation hopes to create more comprehensive “digital rights” for its citizens and will unify the regulatory environment international companies. Because of the interconnected nature of the Internet, this change to European legislation will affect citizens around the world.

Here are 4 points to help marketers prepare for the looming GDPR deadline on May 25th.

1. What constitutes as personal data? Basic ID information, web history, cookie data, health and genetic information, demographics, political opinions, and sexual orientation are all forms of personal data that are used daily in targeted advertising and messaging. Knowing your current data and collecting practices is necessary in order to compare it with the GDPR standards. Create an audit that allows you to look at your data, evaluate why it’s needed, how its obtained and who has access to it. Compiling all this information will allow you to evaluate your GDPR readiness and create an action plan to make necessary changes.

2. GDPR raises the bar for collecting said personal data. It takes agency away from online marketers and gives it back to the individuals. Marketers will need explicit consent from that user before obtaining any data. This will call for more pop up boxes asking for the consent of data collection. Users can also revoke said consent, meaning that ongoing and continuous monitoring of which users are allowing you what specific information is critical in avoiding fines. Individuals will be able to download all the data a specific company has on them, why this information is being collected and how it is being collected, increasing data transparency between company and consumer.

3. There will need to be a lot of cooperation and collaboration with the IT department and legal counsel in order to effectively transition your online platform to be GDPR-compliant. Be prepared to invest a considerable amount of finances into these departments for the change. It is predicted that larger organizations will have to invest an average estimate of €100,000 to makes the necessary changes. Also consider appointing someone to be a point person for all things GDPR-related, as transition periods need expert authority in order to be smoothly implemented.

4. GDPR will affect marketing departments the most through analytics and targeted advertising.  It will become more expensive to share user data with third-party advertisers and organizations.  Marketers should worry about first obtaining clear permission to gather any information on individuals. Second, marketers will have the responsibility of making user’s collected data accessible for them to download and easy for them to revoke consent.  The last step marketing professionals should take to prepare for GDPR is decide which data is necessary versus which data is “nice to have.” Marketers must justify all the data they collect on users to a regulatory body. Being able to explain why your company needs to collect that specific data—if consent is given—will be necessary.

Surveys show that only 7% of organizations affected by this change are currently fully compliant and an estimated 60% of organizations will miss the compliance date, especially non-EU based organizations. As the end of May approaches, organizations across the European marketplace, or those that work with or sell to the European market, will need to make large, mandated changes to their back-end systems, management styles, and marketing tactics.

Co-author and contributions by Emily Brice.