The enforcement of the new European data privacy laws, which prevent brands from using a person’s data unless they have explicit permission, is less than a year away, and it seems advertisers are none the wiser to the risks and rewards the General Data Protection Regulation brings.
Not even the threat of an eye-bulging fine that could inflate to as much as 4 percent of a company’s global revenues for flouting the law has jostled many brands into getting up to speed on the changes. Still, nearly half of businesses will be unprepared next May, according to the Data & Marketing Association’s study of 250 respondents.
The key takeaways
- The deadline for compliance with the GDPR is May 25, 2018. The GDPR is already in effect, but there is a two-year period for adapting it.
- The highest fines for breaching the GDPR are €20 million ($22.5 million), or 4 percent of global turnover, whichever is higher. EU regulators have made it clear they intend to go after high-profile brands as a way of forcing businesses to comply.
- The definition of personal data has been broadened to include online identifiers such as IP addresses and cookies. This could cause problems for digital marketing, given cookies are not gathered with an individual’s consent.
- Under the GDPR, advertisers must get explicit and informed consent from EU residents. This means no more of the so-called “clickwrap” forms, those lengthy contracts that millions of people sign off on without reading each day. Instead, brands must find a way to get user consent, devoid of pre-checked boxes, or attempt to get implied consent.
- The GDPR won’t just affect organizations across Europe. Any business anywhere with personal data from EU residents must abide by the reforms.
- The fragmented media supply chain presents its own challenges in terms of identifying which players have which obligations under the GDPR — that is, which stakeholders are data controllers and which are data processors.
- There are going to be some rich lawyers, and many businesses will struggle.
What GDPR means for marketers
Marketers will need to take greater responsibility when processing personal data. From weeding out possible risks to privacy in marketing campaigns to accepting that non-compliant databases will have to be scrapped, that heightened responsibility comes with a lot of headache.
“Reconnecting with your database is the most important single consideration in the run-up to GDPR,” advised Zach Thornton, the DMA’s public affairs manager. “Marketers will need to reconnect with their customers and ensure that their consent statements or other ways they have collected personal data will be compliant under GDPR.”
That could lead to a greater reliance on the likes of Facebook and Google for targeting and tracking, given marketers may have less data to do so themselves. Plus, the investments needed to shape GDPR-compliant systems are costly, and the threat of non-compliance could give executives another reason to pare back on funding new data-led innovations.
“We have noticed a significant uptick in GDPR-related inquiries this year, but many companies are reluctant to allocate sufficient budgets to their legal, compliance and IT teams to ensure that they are ready for the changes when they apply next May,” said Simon Morrissey, partner and head of the data and privacy practice group at Lewis Silkin.
“This is resulting in significantly scaled-down GDPR compliance projects that are quite limited in scope and therefore increasing the risk of missing key gaps in an organization’s ability to comply with and demonstrate compliance with the GDPR,” he said.
Changes must also be made to the contracts in the media supply chain to clearly lay out who has the obligation to obtain consent — generally the first-party publisher — and who has the obligation to provide transparent information about how the data is used — the ad-serving provider.
Unilever and John Lewis have spoken about how this might impact the way they adapt to personal data becoming more of a personal asset. After all, anyone with a garage can effectively do what a fast-moving consumer goods company does when it comes to distribution and advertising, meaning the right customer data becomes the new competitive edge — rather than scale.
How Yeti is marketing like a DTC brand on social media and in the outdoors
Known for being a brand of indestructible coolers, cups and increasingly lifestyle apparel, Yeti has been evolving from a wholesale company to one that markets more like a direct-to-consumer company as it experiments on platforms like TikTok, Pinterest and its own media properties.
How Zola is boosting its OOH spending in New York for ‘engagement season’
OOH ads for the startup, best known for offering wedding registries, will not only be in the Rockefeller Center subway station (where they are hoping to capture the attention of couples going to visit the Christmas tree) but also with subway digital ads, billboards near Bryant Park as well as downtown in Soho and with wild postings throughout the city.
Inside the tensions countering advertisers’ latest quest for programmatic transparency
Brands such as P&G and Unilever have cooled on auditors' proposals in a study led by the ANA.
SponsoredHow premium programmatic video is evolving
Leo O’Connor, senior vice president, advertising, Paramount Change in the advertising and media industry often feels slow and chaotic — but when viewed with perspective, change happens relatively fast and follows a logical path. This is certainly the case with programmatic advertising and the rise of streaming. Audiences want the freedom to watch content however […]
Acxiom’s CEO on why everything’s an ad network now, and what that means
Chad Engelgau talks about how Acxiom will harness retail media networks and the metaverse -- as well as the need for marketers to connect internal data to be more effective.
Florist brand uses video to connect with families during the holiday season
FTD LLC, also known as Florists' Transworld Delivery, is looking to stand out during the holiday season through connected TV with the goal to drive brand recognition and incremental traffic.