A marketer’s guide to the looming EU Global Data Protection Regulation
The enforcement of the new European data privacy laws, which prevent brands from using a person’s data unless they have explicit permission, is less than a year away, and it seems advertisers are none the wiser to the risks and rewards the General Data Protection Regulation brings.
Not even the threat of an eye-bulging fine that could inflate to as much as 4 percent of a company’s global revenues for flouting the law has jostled many brands into getting up to speed on the changes. Still, nearly half of businesses will be unprepared next May, according to the Data & Marketing Association’s study of 250 respondents.
The key takeaways
- The deadline for compliance with the GDPR is May 25, 2018. The GDPR is already in effect, but there is a two-year period for adapting it.
- The highest fines for breaching the GDPR are €20 million ($22.5 million), or 4 percent of global turnover, whichever is higher. EU regulators have made it clear they intend to go after high-profile brands as a way of forcing businesses to comply.
- The definition of personal data has been broadened to include online identifiers such as IP addresses and cookies. This could cause problems for digital marketing, given cookies are not gathered with an individual’s consent.
- Under the GDPR, advertisers must get explicit and informed consent from EU residents. This means no more of the so-called “clickwrap” forms, those lengthy contracts that millions of people sign off on without reading each day. Instead, brands must find a way to get user consent, devoid of pre-checked boxes, or attempt to get implied consent.
- The GDPR won’t just affect organizations across Europe. Any business anywhere with personal data from EU residents must abide by the reforms.
- The fragmented media supply chain presents its own challenges in terms of identifying which players have which obligations under the GDPR — that is, which stakeholders are data controllers and which are data processors.
- There are going to be some rich lawyers, and many businesses will struggle.
What GDPR means for marketers
Marketers will need to take greater responsibility when processing personal data. From weeding out possible risks to privacy in marketing campaigns to accepting that non-compliant databases will have to be scrapped, that heightened responsibility comes with a lot of headache.
“Reconnecting with your database is the most important single consideration in the run-up to GDPR,” advised Zach Thornton, the DMA’s public affairs manager. “Marketers will need to reconnect with their customers and ensure that their consent statements or other ways they have collected personal data will be compliant under GDPR.”
That could lead to a greater reliance on the likes of Facebook and Google for targeting and tracking, given marketers may have less data to do so themselves. Plus, the investments needed to shape GDPR-compliant systems are costly, and the threat of non-compliance could give executives another reason to pare back on funding new data-led innovations.
“We have noticed a significant uptick in GDPR-related inquiries this year, but many companies are reluctant to allocate sufficient budgets to their legal, compliance and IT teams to ensure that they are ready for the changes when they apply next May,” said Simon Morrissey, partner and head of the data and privacy practice group at Lewis Silkin.
“This is resulting in significantly scaled-down GDPR compliance projects that are quite limited in scope and therefore increasing the risk of missing key gaps in an organization’s ability to comply with and demonstrate compliance with the GDPR,” he said.
Changes must also be made to the contracts in the media supply chain to clearly lay out who has the obligation to obtain consent — generally the first-party publisher — and who has the obligation to provide transparent information about how the data is used — the ad-serving provider.
Unilever and John Lewis have spoken about how this might impact the way they adapt to personal data becoming more of a personal asset. After all, anyone with a garage can effectively do what a fast-moving consumer goods company does when it comes to distribution and advertising, meaning the right customer data becomes the new competitive edge — rather than scale.
‘We don’t post much organic content’: Pepsi sees TikTok as a pay-to-play platform
PepsiCo is seeing success on TikTok as a pay-to-play platform, which is using the platform to release popular challenges for users.
Member ExclusiveCase Study: How BMW Group broke into the esports market
After successful gaming activations, BMW Group is leaning even further into the space as the pandemic pushed new players online.
How eos skincare rode a TikTok trend to sales increases
Eos skincare is the latest brand to benefit from a viral TikTok video after its product was touted by a user advising on best shaving practices.
SponsoredHow audio programmatic is unlocking ‘screen-free’ campaigns
In recent years there has been rapid growth in audio content available for streaming. Last year, 2020 was a particularly big moment for audio growth, one characterized by a massive shift in lifestyle. Many adults went from commuting to an office to working from home. As a result, they developed new habits and preferences. One […]
‘Still don’t have an answer’: For some media buyers, unresponsive Facebook ad reps are causing frustration
Media buyers say unresponsive Facebook ad reps aren’t a new problem, but some say the issue has gotten worse with the looming iOS 14 update from Apple.
‘I felt like I was pushed into being a stay-at-home mom’: Confessions of a former ad exec on being fired after becoming a mother
In this edition of our Confessions series, where we exchange anonymity for candor, we hear from a former agency director about getting fired and struggling to find a job amidst navigating motherhood and launching a new project.