What is GDPR and how will it affect marketers?
Data now lies at the heart of the majority of marketing campaigns. Whether generating market insights, investing in programmatic advertising or mapping the customer journey, data is highly valuable and a key focus of many marketers seeking to focus their strategies.
Yet becoming reliant on data brings new challenges for marketers, particularly in the field of data protection and legislative compliance. While it may sound dull, such legal frameworks and obligations are of course important considerations that any brand or marketing agency, large or small, needs to be aware of when implementing their new ideas.
What is GDPR?
Cue, GDPR, or General Data Protection Regulation. Due to come into effect in May 2018, only a mere 9 months from now, the GDPR is a piece of EU regulation designed to ‘harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy.’ Given that the technology and data landscape has changed significantly since the original directive was established in 1995, it was deemed necessary to update the relevant laws that deal with data protection.
The changes to the current legislation are extensive, and so the EU’s helpful summary of the key upcoming changes is a helpful place to start for those new to the topic. Among the biggest impacts on businesses are:
- GDPR ‘applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.’ This means even those companies based in the USA (or Britain after Brexit), who do not answer directly to EU law, will need to comply if their clients reside in the EU.
- ‘Organisations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).’ A substantial figure, most organisations cannot afford to be subjected to a fine.
- ‘The request for consent [for using an individual’s data] must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.’ Gone are the days of illegible terms and conditions that often feel like they are designed to trick the individual, with transparency a key component of the company’s obligation going forward.
Why should marketers care?
As the self-proclaimed ‘most important change in data privacy regulation in 20 years’, the ramifications of the GDPR are wide reaching for marketers.
Yet according to an article by Marketing Week, recent research has found that ‘70% of brand owners do not feel marketers in their organisation are fully aware of the extent of the GDPR and just 65% expect to be fully compliant when it comes into force in May 2018.’ Furthermore, ‘one in four organisations admitted they are still in the “initial planning stages”, while only 41% have a framework or strategy in place to ensure they comply with the new laws.’
This apparent lack of concern for the implications of GDPR could present major problems for the industry if the pace of change is not quickened. An article by City AM argues that right now, marketers should be asking themselves the following questions:
- What data you are collecting?
- How do you collect it?
- Where do you store it?
- Why do you hold it?
- What you do with it?
- How long you keep it?
- How securely is it being kept?
By asking these questions marketers and brands can begin to see which parts of the GDPR will apply to them, which will not, and which could be potentially problematic. Digiday UK argues that talk of fines and the constant need for consent has caused panic among many advertisers, but that ‘as with most things, there are more ways to skin a cat.’ For some organisations the best and necessary way forward may be to appoint a Data Protection Officer who is literate in the requirements needed to comply with the GDPR, but again this may not apply to organisations of all shapes and sizes.
Forbes suggests that if you are a SaaS (or Software-as-a-Service)-focused organisation, you may be more heavily impacted by GDPR. Organisations that rely on subscription services and cloud platforms like Salesforce and Netflix would be particularly affected because it is difficult to ‘pinpoint the location of every license, application, and piece of data’ to the degree required by the new laws.
Programmatic advertising is also likely to be affected, with Ad Exchanger explaining that programmatic is unlikely to ‘ever be GDPR-compliant unless it is limited to a small number of organisations, rather like a prospect pool.’ The very nature of programmatic relies on large volumes of data being easily accessible to multiple organisations at any one time, which could prove very difficult for marketers once the GDPR comes into effect.
Although there are bound to be conundrums and speculations in the coming months until the GDPR comes into effect in May, this does not mean that marketers shouldn’t take the necessary steps now to make sure they are ready to meet its requirements when it does. While there are always ways to adapt to changes in legislation, burying your head in the sand isn’t one, meaning marketers need to sit up and take note of the potential impact on their individual brand or business.
Try this Wired article as a useful place to start.