A marketer’s guide to the looming EU Global Data Protection Regulation
The enforcement of the new European data privacy laws, which prevent brands from using a person’s data unless they have explicit permission, is less than a year away, and it seems advertisers are none the wiser to the risks and rewards the General Data Protection Regulation brings.
Not even the threat of an eye-bulging fine that could inflate to as much as 4 percent of a company’s global revenues for flouting the law has jostled many brands into getting up to speed on the changes. Still, nearly half of businesses will be unprepared next May, according to the Data & Marketing Association’s study of 250 respondents.
The key takeaways
- The deadline for compliance with the GDPR is May 25, 2018. The GDPR is already in effect, but there is a two-year period for adapting it.
- The highest fines for breaching the GDPR are €20 million ($22.5 million), or 4 percent of global turnover, whichever is higher. EU regulators have made it clear they intend to go after high-profile brands as a way of forcing businesses to comply.
- The definition of personal data has been broadened to include online identifiers such as IP addresses and cookies. This could cause problems for digital marketing, given cookies are not gathered with an individual’s consent.
- Under the GDPR, advertisers must get explicit and informed consent from EU residents. This means no more of the so-called “clickwrap” forms, those lengthy contracts that millions of people sign off on without reading each day. Instead, brands must find a way to get user consent, devoid of pre-checked boxes, or attempt to get implied consent.
- The GDPR won’t just affect organizations across Europe. Any business anywhere with personal data from EU residents must abide by the reforms.
- The fragmented media supply chain presents its own challenges in terms of identifying which players have which obligations under the GDPR — that is, which stakeholders are data controllers and which are data processors.
- There are going to be some rich lawyers, and many businesses will struggle.
What GDPR means for marketers
Marketers will need to take greater responsibility when processing personal data. From weeding out possible risks to privacy in marketing campaigns to accepting that non-compliant databases will have to be scrapped, that heightened responsibility comes with a lot of headache.
“Reconnecting with your database is the most important single consideration in the run-up to GDPR,” advised Zach Thornton, the DMA’s public affairs manager. “Marketers will need to reconnect with their customers and ensure that their consent statements or other ways they have collected personal data will be compliant under GDPR.”
That could lead to a greater reliance on the likes of Facebook and Google for targeting and tracking, given marketers may have less data to do so themselves. Plus, the investments needed to shape GDPR-compliant systems are costly, and the threat of non-compliance could give executives another reason to pare back on funding new data-led innovations.
“We have noticed a significant uptick in GDPR-related inquiries this year, but many companies are reluctant to allocate sufficient budgets to their legal, compliance and IT teams to ensure that they are ready for the changes when they apply next May,” said Simon Morrissey, partner and head of the data and privacy practice group at Lewis Silkin.
“This is resulting in significantly scaled-down GDPR compliance projects that are quite limited in scope and therefore increasing the risk of missing key gaps in an organization’s ability to comply with and demonstrate compliance with the GDPR,” he said.
Changes must also be made to the contracts in the media supply chain to clearly lay out who has the obligation to obtain consent — generally the first-party publisher — and who has the obligation to provide transparent information about how the data is used — the ad-serving provider.
Unilever and John Lewis have spoken about how this might impact the way they adapt to personal data becoming more of a personal asset. After all, anyone with a garage can effectively do what a fast-moving consumer goods company does when it comes to distribution and advertising, meaning the right customer data becomes the new competitive edge — rather than scale.
‘Clever about how we rest’: As uncertainties drag into fall, agencies are facing a burnt out and fearful workforce
Agency employees and executives say that a feeling of fatigue due to the on-going uncertainty and the need to be always on has set in.
‘A credible voice’: Why Honda is doubling down on esports
Honda has struck deals with Riot Games, pro esports team Team Liquid and Twitch as it looks to maintain its appeal among first-time car buyers.
Member Exclusive‘2020 has been the year of contingency plans’: The new norms of marketing
Six months into a paradigm shift in marketing due to on-going crises, marketing leaders say that many of the coping changes put in place are here to stay.
SponsoredThe race to frictionless consumer journeys is expanding beyond marketplaces
Compressing consumers’ path-to-purchase is the holy grail of advertising and marketing. When Jeff Bezos authored 1-Click in 2011, advertisers began to realize that in some cases — especially for consumables — awareness, consideration and purchase can all happen in seconds. Since then the rise of e-commerce marketplaces has forced a major shift in the design […]
Snap is exploring bringing ads to Minis
Snap launched Minis, lightweight third-party applications that sit within the Snapchat app, in July. Now it's looking to monetize them.
Deep Dive: How the Summer of 2020 forced brand marketing to change for the better
The coronavirus crisis upended the world for brands and marketers, but as it turned out, the pandemic only marked the beginning of a wave of technological and social changes that would sweep the nation. A summer of protests ignited calls for change from the street to the boardroom, prompting brands to examine their values and […]