In a nutshell:

• It won’t affect your accounts at all, if you’re only using Google and Facebook’s data to show your ads to people.
• You will need to get consent if you’re using any conversion tracking (Facebook Pixel, Google Tag Manager), if you upload customer data or if run remarketing campaigns.

In other words: the devil is not as black as he is painted. 

 Here’s what you need to know about Facebook Ads under GDPR rules:

• If you’re using Facebook’s pre-made targeting options, you’ve got nothing to worry about. Facebook is the one acquiring the data and is therefore liable, should anything happen. Carry on as normal. 
• If you’re using a Facebook Pixel to measure conversions or retarget people on Facebook, you now need to get consent from customers. Facebook will not be liable, nor will any agency you employ to advertise on your behalf. In simple terms, you need to clearly tell customers what you’re going to do with their data. The easiest way to do this is with website cookies.
• If you upload your customer database on Facebook to retarget existing customers, you now need to get consent from customers. See point above.

Here’s what you need to know about Google Adwords under GDPR rules:

• Adwords target people based on searches. There is no personal information involved at this point, so happy days! No changes to make.
•  If you’re using other Google products, such as Google Analytics, Google Tag Manager or AdWords Remarketing, you now need to get consent from customers. The reason being, you are tracking people’s actions in order to figure out which ads to show them and which ones not to show. Google will not be liable, nor will any agency you employ to advertise on your behalf.
• If you upload customer data on Adwords to retarget existing customers, you now need to get consent from customers.

That wasn’t so bad, was it?

Now you can advertise away with complete peace of mind (or get us to do that for you by choosing one or more of our products… we’re cool with either).