Until recently, most discussions about the General Data Protection Regulation (GDPR) have been about the possibility of chaos; or more specifically, concerns global businesses won’t be ready in time. But, with less than eight months left on the clock, that’s starting to change says Ally Stuart, managing director EMEA, Sharethrough.
Governments are starting to update their policies to ensure stringent privacy procedures, such as new data bills in the UK and Germany. Companies are also responding and over the last few months Google, Lloyds Banking Group and Uber have made significant adjustments to their data practices to help better protect consumer data.
So could it be that for some companies at least GDPR has already arrived? And now that it’s started to take hold, how can we see the spector of these new laws impacting the wider digital marketing industry?
A two-minute GDPR overview
GDPR is an update of the 1995 Data Protection Directive (passed in May 2016, to go into effect next year) that applies to any business processing the data of EU citizens. There’s still some ambiguity over the fine print, but the essential requirements are for companies to gain consent to access personal data (insight that makes individuals identifiable), provide a copy of data, and delete information they cannot prove is necessary to core services. The GDPR will transform relationships between companies and consumers, and it is not just a recommendation, it is the law; non-adherence can incur fees equal to 4% of annual revenue or €20 million.
Preparatory steps: the action so far
The start of this year brought the GDPR implementation date tangibly close — 25 May 2018 — and business preparations have moved up a gear as a result.
At first the compliance outlook wasn’t especially promising with several companies so keen to ensure data validity they unwittingly breached existing laws. Both Flybe and Honda sent emails to vast databases in a bid to check user details and preferences. But, the emails reached users who hadn’t opted in to receive marketing and contravened Privacy and Electronic Communications Regulations (PECR). As a result both companies were served sizeable fines by the Information Commissioner’s Office (ICO).
Lately, however, data readiness strategies have begun to move in a more promising direction with many companies adapting internal procedures and systems instead of actively pursuing customer data.
In June, for instance, Google announced that it would stop using the content of Gmail users’ private messages for ad personalisation. While the move was positioned as an attempt to align free accounts with Gsuite business services the focus on safeguarding confidential information represented a positive step towards GDPR adherence. Just a few weeks later UK pub chain Wetherspoons also made a surprising data revelation: it announced that it had deleted its entire email database. Instead of emailing offers, Wetherspoons said it would exclusively contact consumers on social media. It was a decision some industry spectators attributed to uncertainty about user consent and commended as an effective way of clearing the data slate.
In the last two months there has been a growing focus on transparent communications. For example Lloyds Banking Group is set to change its entire marketing approach. Almost as soon as the laws were passed, the international organisation assigned a task force to bring its processes into line — covering data privacy, usage, and consumer rights — in addition to assessing perceptions of its marketing. Now the results will be used to give consumers what they want: content about how to manage banking issues such as fraud and identity theft, not product offers.
What does this mean for the industry?
By putting power back into the hands of consumers GDPR will propel the industry to raise its standards, both in terms of data protection, content quality, and ad relevance. With consumers able to demand full disclosure into how their data is used and withdraw consent at any time, the onus will be on marketers to secure personal insight and produce content engaging enough for users to feel that granting continued access is worthwhile. As a result, there will inevitably be an increase in the use of alternative targeting strategies. For example, big players such as Apple are already pushing for more user friendly data retrieval. With the launch of its new ‘intelligent Tracking Prevention’ initiative earlier this year, the tech giant has taken steps to limit how third parties can capture consumer data. Instead of reaching target audiences via tracking cookies, marketers will need to base their activities on consumer interactions with content – thereby increasing contextual relevance.
Through closer data scrutiny marketers will inevitably gain more granular audience comprehension, allowing them to build messages that resonate with, rather than irritate, individuals. Moreover, by refining targeting and clearly conveying the exact terms of data usage and storage to their audiences, marketers can also regain the trust that has been diminished over the years due to data breaches and irrelevant ads.
GDPR presents an opportunity to forge stronger consumer connections and enhance the effectiveness of marketing efforts. And, as a regulation that will apply to most marketers —with fees that could put a fifth of them out of business — it is crucial to stop treating the regulation as an imminent shift, and start preparing as though it’s already here; because it soon will be.