The new European Data Protection Regulation takes effect on 25 May 2018. It will bring fundamental changes in the handling of personal data and introduce a number of new challenges for digital marketing.
Why GDPR?
If you are not yet sure what GDPR is, or if it will affect you, take a look at our GDPR blog post, or visit our Compliance Section. In all honesty, we as digital marketers have probably overdone it in the past decade in terms of digital data collection and making use of the technical possibilities. The current European e-Privacy Directive of 2002 is outdated and has long since been overtaken by technical advancements.
In today’s world of Big Data, more data than ever before is being collected on user behaviour for Optimization, Marketing and Advertising. Lots of users are unaware of what is being collected and are frightened when they receive retargeting, or when Google on their home PC knows what they searched for while at the office. This has led to a huge industry focused on the processing and exchange of personal data.
The new General Data Protection Regulation (EU-GDPR), which comes into effect as of 25 May 2018, is aimed at shifting the control of data collection processing back into the hands of individuals (the data subjects).
Additionally, we can expect that 2018 will also see a revision of the e-Privacy Directive being brought into effect, which should, amongst other things, add more clarity for the usage of cookies.
Impact on Digital Marketing
The following changes because of GDPR will have a significant change on digital marketing from 2018 (extract):
User (Data Subject):
- The right to withdraw consent at any time
- The right to see/inspect data collected about you
- The right to demand data relating to you be deleted
Website owner (Data Controller):
- Express consent is required from a user to collect or process personally identifiable data
- The obligation to inform users of how their data is used
- The obligation to keep data up to date
- Data minimization – only necessary data is collected
- Data can only be used for the purpose, for which consent was expressly given
The biggest hurdle for digital marketers is gaining consent for the use of personal data. Under GDPR, the following is also classified as personal information:
- Identifiers in Cookies
- IP-Addresses
This means that without consent, a user can for example no longer be shown retargeting ads. Additionally, the exchange of Client-IDs or profiles between different parties within an ad-network is also only possible with user consent.
Recent surveys (PageFair, SAS) conducted on this topic clearly show how users feel about granting consent about their data.
- 80% do not give consent for advertising purposes
- 21%-32% will request access to what data has been stored on them
- 21%-39% will demand that data to be deleted
This means that the large majority (80%) of online users will most probably fall into a group of users that can only be reached anonymously, or via targeted placements. It will be forbidden to show these users personalised ads based on their preferences, interests, previous visits to particular websites or clicks on previous ads without their express consent. The smaller group of visitors, to whom ads can be personalized based on preferences and interests, is expected to develop into a hotly contested premium market for advertisers.
We see these developments as an opportunity for the industry to change and further evolve. These challenges require new creative and technical solutions in the realm of online marketing. Who knows, this may also provide the space for new advertising models to become feasible, such as a model in which the user participates in the revenue derived from clicks.
Online marketing will undoubtedly change under GDPR, but how it changes and how these new laws are implemented, will only be seen after May 2018.
If you have any questions regarding the new data protection regulation, please send me an e-mail.