The EU’s General Data Protection Regulation (GDPR) is going to make marketers earn their customer’s attention in a way they’ve rarely had to before.

Companies will have to collect EU residents’ consent to use personally identifiable information (PII)—such as email addresses, birth dates, government-issued identity numbers, FIfth Third credit card, IP addresses, mobile device numbers, and biometrics—for explicit purposes.

No more mass emailing customers and prospects and leaving it up to them to opt out. You will need their express consent to email them discount offers, use their social media data, or deliver newsletters, among many other interactions.

Moreover, you will have to work just as hard to maintain the right to communicate in this fashion: GDPR mandates that customers be able to access and change their preferences at any time.

If you listen closely, you might hear the collective groan from marketers all over the world who do business in the EU. Mass email blasts and ubiquitous ads are easy tools to use; however, it’s worthwhile to question their effectiveness. A major motivation behind the EU’s and other nations’ decisions to consider or adopt such legislation is consumers’ growing desire for greater control over how brands connect with them digitally. This trend is evidenced by the rise of ad blocking and the increasing creepiness that results from careless data handling, particularly in an age of emerging IoT devices and services.

In the end, though, these new consent standards just force marketers to do what they need to be doing anyway: get to know their customers better, figure out what they want, and harness those desires for mutually beneficial outcomes.

Here are some ways to transform restrictive tools and processes, such as consent, paywalls, and gated content, into strategic customer-relationship opportunities.

1. Use a known need to ask for and deliver more

When you know a customer wants something in particular, that could be a great opportunity to exceed their expectations. The key is to determine which extra benefits to give the customer in exchange for broader consents that go beyond his or her immediate needs.

For example, pizza-delivery customers want to avoid the phone and simply push an Internet button to place their orders. Although these folks are downloading Domino’s, Papa John’s, and Pizza Hut delivery apps, perhaps they can be convinced to permit these chains to use their order history and customer-profile data to present discounts for special deals.

If customers know they will see special deals on their most-ordered specialty pies or on the day of the week they most often hold “pizza night,” they might be more amenable to letting brands send them more information.

2. Stoke FOMO

Companies can do a lot when they know customers’ general interests and the specific products or services those customers are looking at. Thus, it’s imperative to illustrate the potential value you can deliver if shoppers were to grant consent to use PII. Did that customer know that blender was 60% off last week? Wouldn’t it have been nice if the brand were permitted to alert the customer about flash sales for appliances?

This approach could be very useful in getting customers acquainted with the new consent and preference settings that GDPR requires. Brands could preview a dialogue box that illustrates what a customer’s experience could look like if the brand were allowed to use certain data and settings. The bigger objective: show people what they’re missing out on.

3. Leverage the porous paywall

Companies, particularly in the media industry, have struggled to compete with free-content models on the Web since long before GDPR, but the new consent standards might create an avenue to “componentize” subscriptions to very fine-grain consumer interests.

Instead of austere messages demanding payment for a full or partial subscription upon readers’ reaching a free-article limit, perhaps brands could entice readers to browse creative offerings that package articles by topics (e.g., North Korea, cyberhacks), author, or region. The high-quality niche approach has traditionally worked for blogs, but it could be an effective way to incrementalize value exchange under GDPR.

4. Target narrowly, but think broad, with your communication

Your finely targeted communication can reflect broader customer research. For example, a pharmaceutical company can help doctors understand patients before they’re even patients. If it sees a consumer researching one of its drugs, it can offer to package research, the patient’s symptoms, and a fact sheet in an effort to earn the customer’s consent to bring the primary care physician into the discussion.

Whether B2B or B2C, companies can still use retargeting to get a larger perspective on customer segments. Although they can no longer, without permission, shove ads in front of a consumer who left their site long ago, they can still purchase data on larger demographic segments, such as millennials or 35-45-year-old female professionals, from an ad exchange for more clues.

* * *

These are not the only methods for turning GDPR’s privacy standards into creative marketing initiatives, but there is a commonality between them that can instruct marketers on how to communicate to EU consumers: Use what you know about the customer to deliver additional value. Doing so may require more steps than marketers are used to: Brands will likely have to rely on “progressive consents” to get customers to expand their permissions in increments.

Ultimately, customers and brands will be sure that the latter is delivering what the former want, and everybody will be a winner.

Bryta Schulz leads customer identity and access management firm Janrain‘s global marketing initiatives. She brings 20+ years of experience marketing innovative enterprise, software as a service (SaaS), security, and payments solutions.