GDPR: When Challenge Becomes Opportunity
The GDPR isn’t some former East European Communist State. It’s an extensive piece of legislation affecting all EU members, anyone who interacts with EU consumers, and anyone who employs people in the EU…And the UK government has already committed to keeping GDPR post-Brexit.
But the point of this post is to show some appreciation for the EU’s General Data Protection Regulation (GDPR) which will be enforceable within the next 12 months. It will have significant implications for digital marketing within the EU and quite possibly the rest of the world, eventually.
Threat or opportunity?
Nevertheless, the lack of understanding and misconceptions of the scale and full impact of GDPR is hampering efforts to comply. A recent article in The Drum, referencing a YouGov survey commissioned by law firm Irwin Mitchell, reported that almost a fifth of companies in the marketing and advertising sector would go out of business if they were to be hit by a fine for non-compliance of the new GDPR legislation. Failure in being capable of detecting a data breach, either internally or from a supplier was the main reason so many businesses would at risk of prosecution.
Now, there are some horror stories doing the rounds about GDPR: the Information Commissioner’s Office (ICO) hiring “hundreds” of extra staff in preparation for a massive increase in cases to prosecute (sent to me by a privacy vendor, no doubt in the hope I would engage their services); that GDPR will be the death of adtech; that there is an arms race for consumer data now to grandfather the consent for when GDPR comes into force… and so on.
Will technocrats based in Brussels really understand the details of algorithms created by Facebook, Google et al, to be able to regulate effectively? That’s debateable. What’s not up for debate and requires no understanding of profiling algos, is that the meaning of “privacy” in GDPR really relates to the ‘right to be forgotten’ – and that’s just plain and simple.
It’s true that much of the guidance offered by the ICO is pretty ambiguous. However, marketers that actually understand their customers shouldn’t panic. There are already well-established best practices and policies, which any responsible business should already have in place, that are most likely sufficient for marketing companies to remain safe, albeit with making one or two additional changes to their data strategy.
Drain the swamp
Any organisation that is living in fear of GDPR probably shouldn’t exist for much longer. The best way to look at GDPR is that for the first time European companies have a single set of principles by which to operate. No more ambiguity, no more implicit/explicit consent conundrums to deal with. This can only be good for adtech, as ultimately without data these businesses just become ad networks ‘spraying and praying’.
Safe Harbor / Privacy Shield are admirable attempts to put some order into chaos for US companies transacting in the EU. And hopefully an understanding of GDPR will give EU companies transacting in the USA and edge.
The dust needs to settle before we can can really work out the differences between EU and USA data protection regulations, but we will paying close attention to developments. Wider afield, in Latam, Asia and Africa, any regulations around data privacy are pretty relaxed right now.
Australian regulators have already imposed some fairly exacting responsibilities on marketers around requirements for opt-in consumer consent, before using their data, and it’s more than likely the government there will go in the same direction as Europe with data protection laws.
Location data comes in many forms but from our perspective, mobile location data used for commercial purposes is already compliant with applicable regulations, and we’ve begun working with all relevant partners to be ready for GDPR next year.
We are already registered with the ICO. We did this in advance of any need to do it and this supports our position on ensuring we are always trying to stay ahead of the most current legislation. Blis has also begun a certification procedure with Truste (now known as TrustArc) on our data collection and data usage policies. We believe this investment will provide additional reassurance to our partners that Blis continues to adhere to the regulatory framework.
As one of the first companies that has location data as its primary focus, Blis has a significant role in helping to shape the ‘why?’ and ‘how?’ where geo-data is being used in advertising. We are actively engaged with all relevant industry trade association policy initiatives in the markets we operate in to ensure our voice is heard.
Blis will clearly continue to demonstrate our commitment to protecting consumer privacy and data and we would be delighted to discuss our efforts in more detail with you at any time.
Clients can rest assured that privacy and data protection is at the heart of our ecosystem and as such, anonymous and fully opted-in data will become the foundation of the tech underpinning adtech.