GDPR Will Bring an Era of better Media and Marketing
The GDPR, or more commonly known as ‘General Data Protection Regulation’ will be rolled out in the EU in 2018 and the implications for media and advertisers are significant in the way we use data – and there’ll be more strict regulation and fines for especially the abuse of data.
We’ve asked two professionals in the data field to describe what the GDPR will mean for the data usage and the implications for the players.
Comment by Anna-Riitta Vuorenmaa, partner at Privago:
While it is bad form to rely on acronyms, General Data Protection Regulation does not roll smoothly off the tongue and will be referred to as GDPR from now on.
Much has been said about the GDPR. In a nutshell, it is a regulation from the European Commission that replaces the old data protection regulation and will, in equal measure, expand the existing policies. The many privacy rights provided by the GDPR mean that any person becomes the owner of any data collected about him or her. Should the individual choose to exercise those rights, the data collector or processor must be able to comply.
On the ground level, GDPR is implemented by imposing a number of obligations on organisations dealing with data. The best ways to avoid trouble and embrace opportunities with GDPR are awareness, vigilance and pre-planning. Sure, that goes for practically everything, but nowhere does this ring more true than in the media and advertising.
Shortly, the GDPR won’t be the end of the world. Practically all of the changes to data-driven advertising take place under the hood of data-driven systems, and unless the consumer actually decides to take an active role in managing his digital footprint and information profile, very little will change. Advertising in 2018 will look quite a bit like it does now, technological innovations and platform changes notwithstanding.
That said, the devil is in the details. Modern digital marketing ecosystems collect data from several sources allowing companies to identify their consumers. In terms of privacy, it might be better to keep all this data separate but with the possibility to de-anonymize data, issues like consent management and restrictions concerning data collection on minors will come back to haunt us. Data security requirements will impose restrictions on how collected data can be accessed, maintained and shared, even within the organization. Also, the exact effects of GDPR on contracts between third-party data providers and their client organisations is still being defined. What is already clear is that compliance runs both ways.
But enough about threats, let’s explore the opportunities. For example, with GDPR, the private individual has the right to A) find out if the organization is keeping a data profile of her, B) see how that profile is defined, C) learn how the organization came up with these definitions, and D) to edit or erase those definitions in whole or in part. They will also have some say in how, or rather where, that profile data can be made available. And – and this is very important – it also introduces a new regime, where data controllers will be in possession of personal consent. With this kind of data, target and interest group profiling can finally be done right down to the individual. This alone brings about a whole new age of targeted advertising. Furthermore, it will also be possible to analyze social networks in much greater detail and identify viral hubs, bridges and dead ends. Even with the option to edit your digital footprint and the right to be forgotten, the volume of data is likely to increase, not decrease. Individually targeted advertising will have a much higher response rate and real, or at least perceived, value to the consumer. Something experienced as a service will not be blocked.
I see the GDPR as an opportunity that no one can afford to miss even though, the odds are that it is hiding more than a few cans of worms. I believe that those who grab the bull by the horns and embrace the early challenges will have a say in how GDPR is to be applied in the long run. Thus, while the changes and challenges might be the same for everybody, the opportunities might not. Advertisers have better things to do than to shift through EU legalese with an army of lawyers, so my recommendation would be to partner with somebody who can help you navigate the treacherous waters of the GDPR. The goal should be to turn legal must-haves into brand assets. Fortune favours the bold, or in some cases, early adopters.
Read more: Privago’s home page
Comment by Allan Sørensen, Chair of IAB Europe’s Policy Committee:
While it is still somewhat unclear what the full implementation of the GDPR will bring to the digital media and advertising industry in every detail, there is no doubt in my mind that all major stakeholders in the data game will be wise to embrace and adapt early to the new legal requirements.
The coming European Data Protection Board will consist of members of the current WP29 group and the secretariat will be provided by the EU Data Protection Supervisor (EDPS), which will play an important role in administering the regulation. Both are well known hardliners on data protection, and will be heavily armored with the legal instruments of being able to issue administrative fines in a whole new league than what is currently the case.
It is safe to expect, that the GDPR will make data even more valuable than now. And any valuable commodity means great business opportunities for those in possession of such.