If you don’t have a plan for General Data Protection Regulation (GDPR) then hurry up – the clock is ticking. And if you have no clue as to what I’m talking about either then read on, quickly! It’s probably the biggest change to personal data regulation for a generation in Europe. When GDPR comes into effect not only will it affect online advertisers but all organisations who use and store data.
What is General Data Protection Regulation (GDPR)?
GDPR is a piece of legislation by the European Union (EU) that affects all EU citizens. It sets the rules governing the processing of personal data for the foreseeable future within EU member states. Including “the right to be forgotten”.
GDPR will apply to organisations both within the EU but also apply to those located outside of the EU too. If an organisation either processes, or holds, the personal data of subjects residing in the European Union – regardless of location – they will be subject to GDPR.
Basically, its job is to return to EU citizens full control of their personal data. And what is this personal information? It can include a name, home address, photo, email address, bank details, social networking posts, medical information, and even a computer’s IP address.
Think you’ve got this covered? Well you better hope so, under GDPR those organisations in breach of the rules will either be fined up to 4% of annual global turnover or €20 Million (whichever is greater). Think I’m joking? Sit down with your lawyers, or better yet hire someone to oversee how you use data in your organisation. GDPR is backed up by significant financial penalties.
When does GDPR become active?
GDPR was approved and adopted by the European Parliament in April 2016. The regulation comes into force on 25th May 2018. It will cover all EU citizens, across all current 28 states – including the UK. The UK has stated in the event of Brexit (expected March 2019) it will continue to adopt the EU legislation.
The reasons for GDPR
The EU wants to give its citizens more control over how their personal data is used and stored. Current legislation does not take into effect how today’s internet works, nor how cloud technology makes data a commodity. Think how companies like Facebook and Google request use of an individual’s data for access to services. Or how businesses use customer details for targeted advertising.
Through GDPR the EU seeks to strengthen data protection legislation, introduce enforcement measures, and improve user trust. The EU provides an insightful breakdown of regulatory events leading up to GDPR here.
Another reason as to why the EU is implementing GDPR is to improve how consumers access and interact within the digital economy. The EU is providing businesses with a far simpler, and clearer legal environment in which both business, and consumers, operate. According to one report, by making data protection law identical throughout the single market, the EU estimates this will save EU businesses a collective €2.3 billion a year.
A profound change in controlling data
For many GDPR is a profound change. GDPR means the data an organisation controls, on any user located in the EU, is about to get that much harder to access and store.
One thing to note is that online advertisers will eventually face stricter rules on how they track people across the web and target too. As well as GDPR, EU ePrivacy (ePR) regulations are set to be updated – though now not at the same time as GDPR. In particular, ePR will focus on unsolicited marketing, cookies and confidentiality in a more specific context.
It’s likely it’ll require all web browsers to request users to opt in to tracking. Today browsers are automatically set to allow tracking, with users having to opt out. There is concern that when given the option, most users will choose to opt out. Thus making it much more difficult to target with advertising.
According to Marketing Week, the IAB claims the EU’s legislation could “effectively put the future of the web as we know it in danger” and raises concerns that it could “seriously disrupt” people’s browsing experience. Google is also set to roll out GDPR inspired changes to the way it works globally, meaning others will no doubt follow.
However, once GDPR is in effect, experts believe that empowered consumers will seek to assert more control over their personal information. Mark Dolliver, of eMarkter, predicts that “there will be new models for portable personal data and new products that give consumers more control over their data.”. This is already happening, with companies such as PageFair and AppNexus launching products aimed at helping organisations comply with the new regulations. A profound change to the current digital advertising eco-system is already underway.
The potential positive impact of GDPR
However, there is scope for a positive outcome in the long term for digital advertising. Daniel Gilbert, of econsultancy, sees the new regulation as having “a positive impact on the quality of the data used for targeting, the relevance of ads, and the attitude towards those ads on behalf of the consumer”. He believes that rather than sink under the weight of GDPR, it will instead enhance the performance of digital marketing. Those who wish to be targeted are, and those who aren’t interested, well, ignoring them is easy.
Some also believe GDPR will turn personal data into a commodity – as valuable as oil. EU citizens could share, and indeed sell, their personal data for their own benefit…and it’s already happening. You might not know this but through your credit card you’re already sharing data for additional benefits. Expect this to get even more explicit with companies such as Uber disrupting the credit card industry via the use of customers data. Currently, the majority of internet users don’t believe in the benefits sharing data, but GDPR could help to make the benefits clearer.
Certainly, within digital advertising, better data means greater personalisation. Potentially, this could mean the death of irrelevant advertising. As we’ve seen with ad blocking, bombard the consumer with poor messages and you reap zero reward. With GDPR the stakes are even higher!
For Bannerflow CEO, Nicholas Högberg: “GDPR is removing another layer of mystery in digital advertising, by empowering consumers, it forces brands to be more creative and thoughtful with their display advertising”. Put simply, advertisers will raise their game, produce better ads, and everyone in the advertising chain will benefit.
GDPR is not the end of digital advertising as we know it – as some believe.
Rather the regulation of data will allow users to make informed decisions on whether they want to opt in for higher, or lower levels, of privacy. It promotes a positive relationship between users and brands, rather than the one-sided union we have at present. Responsible advertisers’ value transparency, as do users, and GDPR will boost trust between advertisers and internet users.
Amanda Storey, director of EMEA partnerships solutions at Google hits the nail on the head. “The good thing about GDPR is that it requires cleaning house. It turns the screws on the whole industry to just tighten up on how it’s handling data, retaining data and how it’s explaining that use to the end user. That transparency is good for the industry in terms of raising user trust, ultimately”.
Today you cannot underestimate the value of privacy. The clock is ticking on making sure your organisation is GDPR compliant. If you do business in Europe, then GDPR will have a massive impact on how you advertise online. The question is: will you thrive, or will you fail under the new regulations?