GDPR: What’s the big whoop?

This past week, the European Union’s General Data Protection Regulation (GDPR) initiative kicked in. But what does it mean for businesses that operate in the EU region?

And what are the prospects for GDPR-like privacy coming to the USA anytime soon?

First off, let’s review what’s covered by the GDPR initiative. The GDPR includes the following rights for individuals:

The right to be informed
The right of access
The right to rectification
The right to be forgotten
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling

The “right to be forgotten” means data subjects can request their information to be erased. The right to “data portability” is also a new factor. Data subjects now have the right to have data transferred to a third-party service provider in machine-readable format. However, this right arises only when personal data is provided and processed on the basis of consent, or when necessary to perform a contract.

Privacy impact assessments and “privacy by design” are now legally required in certain circumstances under GDPR, too. Businesses are obliged to carry out data protection impact assessments for new technologies. “Privacy by design” involves accounting for privacy risk when designing a new product or service, rather than treating it as an afterthought.

Implications for Marketers

A recent study investigated how much customer data will still be usable after GDPR provisions are implemented. Research was done involving more than 30 companies that have already gone through the process of making their data completely GDPR-compliant.

The sobering finding: Nearly 45% of EU audience data is being lost due to GDPR provisions. One of the biggest changes is that cookie IDs disappear, which is the basis behind so much programmatic and other data-driven advertising both in Europe and in the United States.

Doug Stevenson, CEO of Vibrant Media, the contextual advertising agency that conducted the study, had this to say about the implications:

“Publishers will need to rapidly fill their inventory with ‘pro-privacy’ solutions that do not require consent, such as contextual advertising, native [advertising] opportunities and non-personalized ads.”

New platforms are emerging to help publishers manage customer consent for “privacy by design,” but the situation is sure to become more challenging in the ensuing months and years as compliance tracking the regulatory authorities ramps up.

It appears that some companies are being a little less proactive than is advisable. A recent study by compliance consulting firm CompliancePoint shows that a large contingent of companies, simply put, aren’t ready for GDPR.

As for why they aren’t, nearly half report that they’re taking a “wait and see” attitude to determine what sorts of enforcement actions ensue against scofflaws. Some marketers admit that their companies aren’t ready due to their own lack of understanding of GDPR issues, while quite a few others claim simply that they’re unconcerned.

I suspect we’re going to get a much better understanding of the implications of GDPR over the coming year or so. It’ll be good to check back on the status of implementation and enforcement measure by this time next year.

2 thoughts on “GDPR: What’s the big whoop?”

I keep getting daily requests, but no one really explains what it is about.

In fact, I suspect that, since many of the companies I have never heard of, the GDPR may be abused for data harvesting.

I work for a global company and this is a big deal in Europe. In order to create best practices and policies that are global, however, we have to start complying in North America as well.

I sent out 1,800 requests for consent (opt-in) to Canada when the CASL law went into effect. I got 1,600 opt-outs. I expect this will have similar results. I read recently that California is implementing their own version of GDPR in the next couple years.

As the receiver of too much spam email, I’m happy about this trend. As a marketer, this is very complicated.

I believe this is the beginning of the end of email marketing. And you know what? That’s fine.

Our email marketing campaigns for B2B aren’t very successful, yet we still spend a lot of time on them. I honestly think that direct mail might make a comeback. I never read email newsletters and offers anymore. But I still enthusiastically open a padded envelope that lands on my desk.

Wolfgang Nebmaier says:

May 28, 2018 at 9:43 pm

I keep getting daily requests, but no one really explains what it is about.

In fact, I suspect that, since many of the companies I have never heard of, the GDPR may be abused for data harvesting.

Joanna says:

July 16, 2018 at 4:11 pm

I work for a global company and this is a big deal in Europe. In order to create best practices and policies that are global, however, we have to start complying in North America as well.

I sent out 1,800 requests for consent (opt-in) to Canada when the CASL law went into effect. I got 1,600 opt-outs. I expect this will have similar results. I read recently that California is implementing their own version of GDPR in the next couple years.

As the receiver of too much spam email, I’m happy about this trend. As a marketer, this is very complicated.

I believe this is the beginning of the end of email marketing. And you know what? That’s fine.

Our email marketing campaigns for B2B aren’t very successful, yet we still spend a lot of time on them. I honestly think that direct mail might make a comeback. I never read email newsletters and offers anymore. But I still enthusiastically open a padded envelope that lands on my desk.