A marketer’s guide to the looming EU Global Data Protection Regulation
The enforcement of the new European data privacy laws, which prevent brands from using a person’s data unless they have explicit permission, is less than a year away, and it seems advertisers are none the wiser to the risks and rewards the General Data Protection Regulation brings.
Not even the threat of an eye-bulging fine that could inflate to as much as 4 percent of a company’s global revenues for flouting the law has jostled many brands into getting up to speed on the changes. Still, nearly half of businesses will be unprepared next May, according to the Data & Marketing Association’s study of 250 respondents.
The key takeaways
- The deadline for compliance with the GDPR is May 25, 2018. The GDPR is already in effect, but there is a two-year period for adapting it.
- The highest fines for breaching the GDPR are €20 million ($22.5 million), or 4 percent of global turnover, whichever is higher. EU regulators have made it clear they intend to go after high-profile brands as a way of forcing businesses to comply.
- The definition of personal data has been broadened to include online identifiers such as IP addresses and cookies. This could cause problems for digital marketing, given cookies are not gathered with an individual’s consent.
- Under the GDPR, advertisers must get explicit and informed consent from EU residents. This means no more of the so-called “clickwrap” forms, those lengthy contracts that millions of people sign off on without reading each day. Instead, brands must find a way to get user consent, devoid of pre-checked boxes, or attempt to get implied consent.
- The GDPR won’t just affect organizations across Europe. Any business anywhere with personal data from EU residents must abide by the reforms.
- The fragmented media supply chain presents its own challenges in terms of identifying which players have which obligations under the GDPR — that is, which stakeholders are data controllers and which are data processors.
- There are going to be some rich lawyers, and many businesses will struggle.
What GDPR means for marketers
Marketers will need to take greater responsibility when processing personal data. From weeding out possible risks to privacy in marketing campaigns to accepting that non-compliant databases will have to be scrapped, that heightened responsibility comes with a lot of headache.
“Reconnecting with your database is the most important single consideration in the run-up to GDPR,” advised Zach Thornton, the DMA’s public affairs manager. “Marketers will need to reconnect with their customers and ensure that their consent statements or other ways they have collected personal data will be compliant under GDPR.”
That could lead to a greater reliance on the likes of Facebook and Google for targeting and tracking, given marketers may have less data to do so themselves. Plus, the investments needed to shape GDPR-compliant systems are costly, and the threat of non-compliance could give executives another reason to pare back on funding new data-led innovations.
“We have noticed a significant uptick in GDPR-related inquiries this year, but many companies are reluctant to allocate sufficient budgets to their legal, compliance and IT teams to ensure that they are ready for the changes when they apply next May,” said Simon Morrissey, partner and head of the data and privacy practice group at Lewis Silkin.
“This is resulting in significantly scaled-down GDPR compliance projects that are quite limited in scope and therefore increasing the risk of missing key gaps in an organization’s ability to comply with and demonstrate compliance with the GDPR,” he said.
Changes must also be made to the contracts in the media supply chain to clearly lay out who has the obligation to obtain consent — generally the first-party publisher — and who has the obligation to provide transparent information about how the data is used — the ad-serving provider.
Unilever and John Lewis have spoken about how this might impact the way they adapt to personal data becoming more of a personal asset. After all, anyone with a garage can effectively do what a fast-moving consumer goods company does when it comes to distribution and advertising, meaning the right customer data becomes the new competitive edge — rather than scale.
‘Going above and beyond usual benefit norms’: Companies are starting to give employees time off for pregnancy loss
In an effort to better support working parents, companies across the industry are ramping up family leave policies for everything from miscarriage to adoption.
How (and why) agencies are adapting to stay relevant in the metaverse
To get more comfortable in this new environment, some agencies are getting involved in experimental projects to stake their claim to the metaverse.
‘Reach a totally different audience’: With Sundance virtual once again, marketers pivot to online experiences
Until earlier this month, this year’s Sundance was meant to be a hybrid festival with attendees returning to Park City to participate in-person as well as virtual elements for attendees to tune-in online.
SponsoredHow the relationship between live events and mobile devices is evolving in 2022
Sponsored by AdColony The pandemic has accelerated changes in the way people consume content — and live events are part of that transformation. For advertisers, the questions are the kind on which campaign success depends: In what ways (and numbers) have people returned to watching sports, e-sports and events such as the Grammys? Are they […]
Pepsi launches app and short ‘trailer’ to hype Super Bowl halftime show
The soft-drink giant will promote its Super Bowl Halftime show with a newly launched app and a short film directed by F. Gary Gray.
‘The business is at a level of scale now’: The Brandtech Group CEO David Jones on building a business for the ‘post-advertising’ world
Not only is the holding group past the hype cycle peak these businesses usually encounter, it’s skipped right over the trough of disillusionment that tends to follow and is straight into growth mode.