Much uncertainty swirls around the General Data Protection Regulation, with enforcement looming on May 25. While marketers understandably fret over the vagueness of the regulation and what level of consent they need, marketers are beginning to adopt something of a nuanced approach to GDPR, seeing it as neither a nothing burger nor a revolution.
The prevailing wisdom among many marketers seems to be that legitimate interests could be a temporary solution, one that gets them over the GDPR hump. Those same marketers accept it will take some time to balance their motives for gaining consent to process personal data with customer needs.
“It’s not the technology. … It’s the motive behind why we’re using them,” said Simon Hall, data privacy officer at Asda, at a Data & Marketing Association event on Feb. 23. “If it’s for the company’s benefit, then it’s not going to work.” Hall said advertisers don’t trust customers enough to go, “’Here’s everything we’re doing [with your data], and you can ask us to stop.’ We have to be able to trust that they [customers] won’t start withdrawing consent.” He added that, “after a blip,” consent rates will rise.
Preference centers on brands’ websites are emerging as one reprieve for advertisers. Brands like Adidas are allowing customers to select the parts of the business they are willingly sharing their data with, and then customers can opt out of sharing for parts they are not interested in. It’s like an on/off switch for consent that consumers can use to regulate the amount of targeted emails or texts they receive, and it could also allay marketers’ fears that the GDPR will cause many people to invoke the “right to be forgotten” permanently.
At recent industry events and during interviews with Digiday, more marketers are treating the GDPR as an evolution of existing data-privacy law, and not as a revolution. The legal basis for processing personal data under the data protection act in the U.K. and the pan-European GDPR has not changed, experts such as Robert Streeter, News UK’s data protection and privacy officer, have previously confirmed. Yes, the threshold for consent has changed, but it was always a necessity to an extent.
There may be a calmness among big brands toward the GDPR that wasn’t there a year ago, but there is still work to do.
Dominic Chambers, Jaguar Land Rover’s head of digital marketing, said at a recent Mediatel event that his team’s preparations were on track but added there were things it is still working out. “Being a legacy business, we have many old systems across Europe that are difficult to talk to one another,” he said. “There’s going to be a manual process if someone asks to be forgotten. That’s not going to be easy, and it’s certainly not going to be automated.”
Elsewhere, eBay has introduced privacy champions, who Ben Westwood, eBay’s senior privacy manager and data protection officer, said “live and breathe data” to instill an understanding of privacy and data protection across all its businesses such as Gumtree and StubHub. Furthermore, all “new vendors,” such as ad tech partners, are put through a GDPR risk assessment audit before being onboarded, Westwood added.
More reviews are expected. According to a recent survey of 28 companies spending in excess of $50 billion (£35.8 billion) globally on marketing communications, just 10 percent said they have already ensured their programmatic activity is compliant after GDPR enforcement.
“It seems to me that a lot of energy and effort is being spent trying to find a way to avoid consent,” said U.K. Information Commissioner Elizabeth Denham, at the DMA event . “That energy and effort would be much better spent establishing informed, active, unambiguous consent.”
Are you ready for GDPR? Find out by downloading our new guide.