A marketer’s guide to the looming EU Global Data Protection Regulation
The enforcement of the new European data privacy laws, which prevent brands from using a person’s data unless they have explicit permission, is less than a year away, and it seems advertisers are none the wiser to the risks and rewards the General Data Protection Regulation brings.
Not even the threat of an eye-bulging fine that could inflate to as much as 4 percent of a company’s global revenues for flouting the law has jostled many brands into getting up to speed on the changes. Still, nearly half of businesses will be unprepared next May, according to the Data & Marketing Association’s study of 250 respondents.
The key takeaways
- The deadline for compliance with the GDPR is May 25, 2018. The GDPR is already in effect, but there is a two-year period for adapting it.
- The highest fines for breaching the GDPR are €20 million ($22.5 million), or 4 percent of global turnover, whichever is higher. EU regulators have made it clear they intend to go after high-profile brands as a way of forcing businesses to comply.
- The definition of personal data has been broadened to include online identifiers such as IP addresses and cookies. This could cause problems for digital marketing, given cookies are not gathered with an individual’s consent.
- Under the GDPR, advertisers must get explicit and informed consent from EU residents. This means no more of the so-called “clickwrap” forms, those lengthy contracts that millions of people sign off on without reading each day. Instead, brands must find a way to get user consent, devoid of pre-checked boxes, or attempt to get implied consent.
- The GDPR won’t just affect organizations across Europe. Any business anywhere with personal data from EU residents must abide by the reforms.
- The fragmented media supply chain presents its own challenges in terms of identifying which players have which obligations under the GDPR — that is, which stakeholders are data controllers and which are data processors.
- There are going to be some rich lawyers, and many businesses will struggle.
What GDPR means for marketers
Marketers will need to take greater responsibility when processing personal data. From weeding out possible risks to privacy in marketing campaigns to accepting that non-compliant databases will have to be scrapped, that heightened responsibility comes with a lot of headache.
“Reconnecting with your database is the most important single consideration in the run-up to GDPR,” advised Zach Thornton, the DMA’s public affairs manager. “Marketers will need to reconnect with their customers and ensure that their consent statements or other ways they have collected personal data will be compliant under GDPR.”
That could lead to a greater reliance on the likes of Facebook and Google for targeting and tracking, given marketers may have less data to do so themselves. Plus, the investments needed to shape GDPR-compliant systems are costly, and the threat of non-compliance could give executives another reason to pare back on funding new data-led innovations.
“We have noticed a significant uptick in GDPR-related inquiries this year, but many companies are reluctant to allocate sufficient budgets to their legal, compliance and IT teams to ensure that they are ready for the changes when they apply next May,” said Simon Morrissey, partner and head of the data and privacy practice group at Lewis Silkin.
“This is resulting in significantly scaled-down GDPR compliance projects that are quite limited in scope and therefore increasing the risk of missing key gaps in an organization’s ability to comply with and demonstrate compliance with the GDPR,” he said.
Changes must also be made to the contracts in the media supply chain to clearly lay out who has the obligation to obtain consent — generally the first-party publisher — and who has the obligation to provide transparent information about how the data is used — the ad-serving provider.
Unilever and John Lewis have spoken about how this might impact the way they adapt to personal data becoming more of a personal asset. After all, anyone with a garage can effectively do what a fast-moving consumer goods company does when it comes to distribution and advertising, meaning the right customer data becomes the new competitive edge — rather than scale.
‘The biggest theme is uncertainty’: How coronavirus has changed the wedding industry
Over the last five months, couples and wedding vendors alike have set up new ways of working together.
The end of schmooze: How coronavirus has upended the time-honored practice of industry networking
Schmooze, integral to tentpole industry events, is largely on hold this year. Was it really necessary to do business after all?
‘The most influential people aren’t on social’: Why amplification is not key to Team Epiphany’s influencer strategy
In the latest episode of Digiday's weekly show The New Normal, Coltrane Curtis talks about his company's unique influencer marketing strategy.
SponsoredFrom pop-up to permanent: Three trends driving digital transformation in 2020
By Dries Buytaert Brands have displayed rapid innovation over the past few years, building pop-up stores seemingly overnight to test new retail, product and marketing concepts. Now, as a result of COVID-19, something similar is happening digitally, with brands operating on compressed timelines to launch digital-first “pop-up” businesses — except unlike typical pop-ups these are […]
‘We’re letting Facebook grade their own homework’: Here’s how advertisers’ desired changes differ from overall boycott
The overall goals of civil rights advocates organizing the boycott differ slightly from those of advertisers.
How Facebook’s brand safety audit with the Media Rating Council will work
The MRC audit will determine whether Facebook has applied an advertising adjacency standard into its brand safety protections.