This week, on May 25, data protection rules across Europe will undergo the biggest change in the last two decades. It's a change two years in the making. In April 2016, after years of negotiations and legal tussling, officials agreed upon the European General Data Protection Regulation, commonly abbreviated to GDPR, an acronym you're probably all sick to death of by this point. However, whilst everyone with an internet connection has heard the term bandied around with gleeful abandon for the last few months, precious few actually understand GDPR and even fewer have any real notion of how it will affect them personally.
GDPR will fundamentally change the way businesses and public sector organisations can handle the information of their customers. In the most basic terms, however, all GDPR is really doing, is bringing outdated personal data rules up to speed with an increasingly and overwhelmingly digital era. The amount of data we now produce wasn't foreseeable when the current data protection laws were drawn up in the late 90s, which is why GDPR is, in my eyes, a necessary change. Whether or not it's a necessary 'evil', however, is open to debate.
To that end, I've reached once again into my rolodex to gauge the opinions ad land, with a more specific bias this time around towards digital marketers (for obvious reasons). The general consensus around GDPR is that it’s being put in place to protect the individual over the organisation, which is great for consumers who will (fingers crossed) no longer have to suffer cold calls, intrusive emails or creepily specific targeted Facebook ads. Unless they want to.
The opinions below are (surprisingly) largely optimistic, with most commentators believing that the rules will foster a greater need for transparency and honesty in all organisations that trade within the EU. Please note, however, that all opinions expressed below are those of the individuals and not of myself or Creativepool. With that disclaimer out of the way, let's dive in shall we?
Aaron McKenna, MD of the Digital Marketing Institute (DMI)
While cooperation with IT and legal is hugely important, there is still an onus on the marketing department to pull their weight in ensuring their practices are GDPR compliant. The head of the digital marketing department must educate themselves, their team and even the sales team as to the changes necessary to their marketing consent practices and the importance of those changes to the organisation. While there has been a lot of alarming headlines about GDPR, mainly that the fine for non-compliance with GDPR regulations is equal to 4% of annual global revenue or €20 million, remember that this is the maximum fine, and will likely be reserved for repeat offences. If you follow our guidelines and document your process, you can show you are doing the utmost to comply with the regulations. We also strongly recommend that you work in close collaboration with your IT team and legal team to ensure there are no loose ends regarding compliance.
Rachel Aldighieri, MD at the Direct Marketing Association
At its heart, GDPR is about transparency and honesty in how organisations collect and use customers’ data. This is essential to building and maintaining trust between businesses and consumers. The new laws offer an opportunity for organisations to put the consumer front and centre of their company’s culture. An essential part of that is talking to customers about their data and how the new laws benefit them in a way that they can understand.
Jed Mole, Vice-President of Marketing at Acxiom
We welcome GDPR as it increases the importance everyone must place on data and updates our data legislation for today’s world. We are delighted to again partner with the DMA on this important, independent research that shows us the majority of people want to see data drive a more personalised world as opposed to random. It also shows awareness and understanding are growing. This is pivotal as only with reasonable understanding can people form reasonable expectations. Increasingly, consumers accept data helps create better experiences and personalisation, something desired by consumers and marketers alike.
Allan McLaughlin, CEO of BD Network
As we sprint towards the GDPR deadline, the regulation could be a transformative experience for those who really get it right. It gives individuals more control of their inbox. I can ignore and delete email requests or click “keep in touch,” “don't miss out” with the IKEA Ad “Chuck out your chintz” playing merrily in my head. GDPR is a real opportunity for companies to rethink how they interact with prospects and customers – it’s a new beginning.
Data led agencies who have invested in the right tech and talent, who are smart and agile enough to adapt to new robust processes will win, and win quickly. When brand reputation is at stake, not to mention the risk of multi-million pound fines, there can be no appetite to take a punt without due diligence. The legal team make sure of it.
Clearly, there's a challenge for agencies in establishing best practices when building strategies to communicate with prospects. Will clients now be bombarded with physical newsletters, brochures, 'whacky' mailers and PR car park stunts, giving them more 'chintz' to chuck out? Hopefully, that will mean more diligent clients who look for agency partners at the right time and do it proactively and effectively. Either way, it puts the customer, whether that be as an employee or as a client back in control, and that’s a good thing.
Ashley Carr, Managing Director at Neo PR
On 25th May 2018, the world of digital direct marketing meets the proverbial cliff edge, which will undoubtedly have huge effects on the creative industry. The current noise surrounding GDPR and the effect it’ll have on the marketing industry collectively hasn’t been loud enough, as many brands and agencies have yet to realise what effect GDPR will have on how they reach out to their potential and existing customers. Although it might seem daunting, GDPR will - in the long term - be beneficial for the industry, although many will be sad to miss the quick returns that digital direct marketing can offer in terms of lead-generation and instead will have to focus more on playing the long game.
Both brands and agencies will need to become much more creative in the strategies they use to target their customers, utilising methods that don’t rely on permission or consent. With some marketing channels effectively dead, or at the least severely wounded after GDPR comes into force next week, other marketing mediums are set to become more crowded, potentially leaving fewer touch points available for brands and organisations to get their messages across.
GDPR is without a doubt the biggest change the marketing landscape has seen for a decade. Brands and agencies will not only need to become more creative, but this creativity will need to be harnessed in a different way. PR and social media will start to look like the shiny new tools in the marketing tool box, as the potential for brands and creatives to hit a targeted but wide-reaching audience and find their potential customers through these channels will become clear. Within this, trusted recommendations from the media and endorsements from well-known social channels will carry the most weight, but brands will need to be creative in how they ensure their messages are mirrored across each channel they use.
Adam Andrews, Head of Digital at KISS Communications
Once I understood GDPR properly, my initial stress turned to optimism as I saw the opportunities on offer, not just on a consumer level – where it will positively impact us all – but on a business level too. Not that you’d know it, judging from some of the scare stories in the media over the past year. You expect sensationalist headlines from The Sun, but even the BBC have been speculating whether the new data laws could “end up bankrupting your company”. The word “risk” crops up time and time again.
Some caution is understandable, of course: compliance isn’t going to be all sunshine and roses. But in a year when transparency and honesty are on the agenda more than ever before, GDPR is an opportunity to work with these principles in mind. Currently, there’s no standardised way that companies handle, manage and process data. Some companies do it really well, others not so well. Without a common framework, though, it’s impossible to know for certain. There’s little transparency, so there’s little trust. Ahead of us is a real opportunity for organisations to handle data with new, improved standards and establish industry best practice, becoming more customer-centric and starting to build trust for the future.
I think that can only be a good thing, because putting customer experience at the heart is something we at KISS have been doing for years. There’s no point wowing clients by building the most beautiful, advanced websites, for example, if they turn out to be impractical for the average user. GDPR is an extension of that idea. Companies will have to establish a new framework with the customer at the centre, changing how their data is collected and managed. Procedures will have to be drawn up, mailing lists cleansed and pre-ticked boxes removed. We have a responsibility for our customers’ data. But we also have an opportunity to think more creatively about content strategy and marketing activity. In other words, GDPR is about clarifying the complex – no wonder we’re on board with it.
Damian Ryan, Partner at Moore Stephens
Professionally, I believe GDPR is well over due and the regulation is set to put manners on “email-trigger-happy” businesses who seem to be convinced intrusion and repetition are smart things to encourage customer engagement. Personally and Professionally, I believe GDPR will reward innovators who enable customers to profit from the value of their personal data.
Moore Stephens conducted a Martech survey last year and this clearly showed an increasing emphasis towards “the value of customer experience” particularly in more challenged sectors such as retail. I consider GDPR is a reflection on the disregard businesses have had for customer experience and is perhaps a precursor to better value for money and time along with more protection on data.
Overall, I think that GDPR it’s good news for digital marketing. I anticipate higher emphasis on quality advertising and creativity. More invitational – less intrusive. Somebody once said that if you spoke to your friends like most advertisers speak to you then you’d probably punch them in the face or at least try!
Rick Madigan, Digital Marketing Strategist at design & build agency MMT Digital
If the last-minute flurry of panic emails cluttering up our inboxes are anything to go by, with a week to go before GDPR comes into force, I'd urge marketers to think hard about legitimate interest. The good news is that GDPR does not stand for Go Delete Personal Records - rather it's about thinking the circumstances under which you can hold, and use, customer data. All businesses will have some legitimate interest: one of the six judicial frameworks that underpin the GDPR. And legitimate interests will be individual to each business. It is not a one-size-fits-all and therefore requires some thought.
So rather than embark on an digital shredding exercise of Enron-level proportions on May 24, companies should in the first instance conduct legitimate interest assessments, to provide a solid grounding for all business and marketing activities. Customers and prospects can always have the power to opt in and out, but having a solid understanding of the varying levels of legitimate interest justification for the different contacts you are responsible for will help to maintain a consistent approach to best practice and compliance in future. In other words, Generally Don't Panic, Review.
Chris Andrews, Head of Digital at Bountiful Cow
With Google moving to limit the seats at the table for vendors and Facebook guillotining access to third party data, it’s easy to spot two of the early GDPR winners. Amidst the scramble of “please don’t leave” emails it’s easy to forget the aftershocks of the blows the big two dealt to the ad tech and data brokering industries. What might be great news for consumer privacy is definitely going to be a worry for certain aspects of the digital market, where precise targeting covered up some of the shortcomings of what was possible within the limited parameters of what users would tolerate. That said, a reset of expectations can be a good thing in the long term - new media and creative opportunities will emerge for those brands and publishers that have a direct relationship with their user base – so expect Amazon to continue to make an absolute killing.
In the short term, however, the return of context and creativity to the head of the media plan is no bad thing. As an independent media agency, we provide the bridge between clients’ customers & media owners - understanding the client’s needs and choosing the best media partners to meet that brief, free of kickbacks or preferential treatment. We’ll continue to select our partners carefully, and in the immediate term, across the sector I expect we’ll see a brief decline in behavioural targeting as agencies move back more to direct media partnerships based on contextual targeting, and the behavioural partners they can trust. Over the next year GDPR will see those that haven’t managed the disintermediation between trading media and trading data becoming the first victims of the programmatic lumapocolapse as seats continue to get pulled from the table.
Benji Vaughan, Founder & CEO at community publishing platform Disciple
GDPR is going to be great for the UK’s creative and data economy. By taking a relatively laissez-faire attitude to data, we’ve allowed the US platform giants to profit from surveillance marketing- tracking our every move across the web to build assumed profiles and leverage that data in aggregate to sell advertising. That’s not going to change overnight and in fact, the likes of Google, Facebook and Amazon will be strengthened in the short term as they have both the financial and legal resources to skirt around the legislation.
But the GDPR, and wider tech-lash has signalled to companies and citizens that the platforms cannot be trusted, and we are seeing more brands doubling down on permission marketing - where they take control of their own data and go direct. Email will be the first casualty, but we’ll see more brands starting to act more like publishers: giving their customers content, services and experiences their customers love. Red Bull has been the gold standard but any brand, individual or institution of substance now has the opportunity to use community publishing platforms such as ours to build direct relationships independent of email and social networks. This move from surveillance marketing to permission marketing means brands have to work a little harder to stay relevant but I think that’s good for everyone and by creating trust with their supporters brand’s can build much deeper more valuable relationships.
Jamie Ball, GDPR expert at digital creative agency Impression
Overall, I believe that GDPR will be a good thing for the creative industries - at least in the long term. The new regulation forces data controllers to consider the data they hold and whether it is “right” to continue to use it in the same way - which provides increased trust in the relationships between data controllers and subjects. Of course this is an important factor in any industry, but an understanding of this aids these vital long term relationships that are typical to the creative sphere.
It also provides a benefit to the individual within the industry. GDPR means extra data security in the event of data breach, as well as for general use. The regulation ensures that companies as a whole are prepared for and safeguard against data breaches, something that will become increasingly important in creative industries, such as for agencies and brands. Additionally, it also clarifies terms of importance as tech evolves. For example it is now much clearer what is to be classed as personal data and how consent should be given.
Despite this, we know that GDPR poses a huge admin burden for all those in the creative industries, who need to create data flow maps, prepare documentation and policies. It could also pose issues for international brands and agencies, as you can no longer store data anywhere in the world, as GDPR ensures it must be in a geography with safeguards comparable to GDPR. In general it's a reduction of data freedom - it will no longer be acceptable to use data which was collected in a non-GDPR compliant manner. This affects the creative industries in many ways, perhaps in simple ways of communicating with customers in the creative industries such as through mail shots and surveys.
Aliya Vigor-Robertson, Co-founder of JourneyHR
The emphasis GDPR has on transparency and user rights hammers home some valuable lessons about running a business, but it risks getting swallowed in a tick-box exercise. The spirit of the regulation to achieve honesty, transparency and clarity can go far beyond data. It’s an opportunity to share information with employees and encourage them to feel confident in raising concerns. This may be about a personal data point on company files or it could be broader queries about their role, a business decision or their team. This is just one example, but the point is the same: empowered staff make a business more effective. Rather than treating GDPR with a mumble and a groan, businesses should look at how the regulation can positively impact the business.
Rob Illidge, CEO at Social Republic
GDPR is a huge opportunity. It will force businesses to be more creative, focused and relevant. The scattergun approach to marketing where you need a huge database because you’re only converting a very low percentage isn’t effective and it will finally end this way of communicating to the masses.
More than ever, businesses and brands need to think about the marketing messages they’re going out with. How can they make sure they’re creating and sharing quality, valuable, useful or inspiring content that their target audiences actually want to read, share and engage with? As soon as they shift their mindsets to think like this, they’ll soon start to realise they can build more meaningful relationships with customers. This won’t only help to generate more enquiries and sales, but it will help to turn their customers into advocates and loyal fans.
As a social media agency, we’re already seeing changes around users' agreements, privacy policies and targeting options. From a Facebook advertising point of view, some of the targeting options are going to be cut – such as some interests, behaviours and demographics. Although we'll still be able to target Facebook ads effectively, we're losing a level of detail so will need to be more strategic and creative - as well as continue to monitor and evaluate what works for each business. But by creating, testing, evaluating and improving, we’ll still be able to get great results.
Clive Halperin of GSC Solicitors
There’s going to be a lot of political and media pressure on the government to enforce GDPR seriously, to make sure the public is aware of how data is being used, this is going to cause issues for businesses in making sure that’s being communicated properly, and one of the reasons the government’s going to be particularly keen to make sure this is the case is because of Brexit. Post-Brexit the UK government is going to be very concerned to make sure that the UK is a safe haven for data from Europe as part of the ongoing relationship with the EU, and they’re going to have to take steps as the US has had to do, to make sure that individual’s rights are being protected.
It’s inevitable that organisations that allow data to be misused are going to be the subject of investigations and possibly legal action. I’d say to organisations: check your plans for GDPR implementation very carefully, if you’re getting data from third parties, don’t just rely on assurances that the data has been properly collected and can be used by you. Do your due diligence so that if you are questioned you know how the data was obtained, and how you’re allowed to use it.
Dave Wonnacott, Chief Data Protection Officer at Prophecy Unlimited
Ultimately, GDPR will be a force for improvement. By educating the public that there are now stringent rules around personal data handling, rather than voluntary guidelines, the bar is raised in terms of more professional and transparent behaviour. There won’t be much of a slow-down in terms of data collection, but ‘Big Data’ will turn into ‘Clever Data’ as we learn to use less personal data more intelligently. Leaving the EU matters not one jot: if we are sensible, we will preserve the GDPR intact or risk a loss of adequacy in trading personal data with the EU. The biggest danger is not from loopholes, but from non-compliance.
The Facebook/Cambridge Analytica fiasco clearly demonstrated that something needs to change if the industry is to find a happy middle ground when processing personal data, and I’ve no doubt that GDPR is a revolution rather than an evolution. The industry as a whole will be pushed to a better place by successive prosecutions and fines over the coming years, but where the real difference will come is from companies who embrace the change and really make something out of the new requirements for transparency.
Copywriters and UX people will be leant on the hardest. The underlying message, “Please engage with us,” will stay the same, but innovations in communication must improve the balance between greater sharing and better privacy. Providing a cleaner request for a more trusting relationship is going to be a burden, but one with big rewards for those who do it well.
Townsend Feehan, CEO at IAB Europe
There is no denying that the GDPR represents a significant challenge for the digital marketing industry, but these challenges can help us to band together and come up with new solutions that were previously unheard of. One of the key elements of GDPR compliance for this industry will be improving transparency into the ecosystem, by allowing internet users to better understand which companies process their personal data and for which purposes.
Together with our member companies we realised that the industry needs to be able to speak a common language to communicate user’s preferences, and for this reason we developed the Transparency & Consent Framework. Consisting of a global vendor list and a technical standard, we hope to provide this common frame of reference for companies and consent management providers. The great thing about the Framework is that it came about through a cross-industry effort, and it is a non-commercial solution that relies on open-source technology. We firmly believe that this will foster the kind of trust we need in the post-GDPR era.
Jenny Stanley, Founder and Managing Director at Appetite Creative Solutions
Essentially, GDPR doesn’t change anything for companies, like mine, who have always taken data security seriously; we’ve always made sure that personal data is completely secure and is held with the express permission of individuals. However, the wake-up call for the industry is that the penalties for security breaches could easily bring a company to its knees, not only financially but reputationally.
Ultimately, GDPR will reduce the amount of data available for marketing and particularly re-targeting campaigns. The argument is that the smaller pool of data will be more qualified - but whether that becomes the case or not, I do believe the inability to solely rely on data-led campaigns, will allow the needle to rebalance a little between the data and creativity struggle. Bringing a long awaited healthy balance to the rise of programmatic media.
My prediction (and hope) is for a stronger connection between media and creative teams; and more focus on what creativity can bring to the table, especially with the more qualified data that will be available. Never one or other in isolation, collaboration is the optimal solution, a rebalance has been needed for some time. So, perhaps against all the doom and gloom, the silver lining will be: better, considered digital creative. And that can only be a positive outcome for the creative industry.
Paul Fennemore, Digital Transformation Consultant at Sitecore
Marketers will feel one of the heaviest effects of GDPR. No longer will a brand marketer be able to send emails to customers informing them of new products, promotions and news without their prior consent. And why – when they’re not being served relevant and personalised content – would a consumer opt-in? To prepare from what’s coming, brand marketers need to make sure then can deliver high quality personalised content to consumers, and to do this they need to use their customer’s data in an intelligent way. This data can come from a variety of sources – from CRMs and social media through to instore and online shopping records. These marketers need to understand their customer’s attitudes, sentiments, context, affinities etc, without being creepy. They need to tell them why they want their data, and what it’s going to be used for.
But, with all this data, digital marketers face an incredibly difficult task in being fully prepared for GDPR, because this data could end up being hugely fragmented across multiple channels and systems. There are now more than 5,000 marketing tech platforms – usually each with their own dataset – which marketers can extract data from.
Getting a holistic view of this data in order to personalise is one thing. However, from the end of May, people will also have the right to demand a copy of all this data held about them, and marketers will need to supply it in 30 days. Unless there is an integrated, holistic view of this data, it will be almost impossible to quickly and accurately retrieve, verify and share this data with the individual in question. Collating information into a single platform in this way also allows businesses to deliver a much better customer experience across all channels and mediums at the same time as being GDPR compliant. Everyone in the organisation must get involved if this is to succeed. Specifically, it will require collaboration between the CMO and the CIO to ensure that data sets can be linked, stored, and easily accessible should a demand be made under GDPR.
Guy Hanson, Senior Director of Professional Services at Return Path
GDPR is a positive step for the creative and marketing industries. In light of Cambridge Analytica, people have become much more aware of – and invested in – how their data is stored, processed and used. By forcing brands to use high quality data, implement more robust consent, and be transparent, GDPR will build stronger trust in senders and, in turn, deliver improved email programme performance.
Improved data quality under GDPR will yield significant financial benefits. According to The Royal Mail research, the average cost of poor-quality customer data to UK organisations currently averages at 5.9 percent of a typical business’s annual revenue. Considering the average lifetime value of an email address is calculated at £28.56, businesses will benefit significantly by ensuring their data is accurate and relevant so they have reduced bounces, opt-outs, and complaints. Focusing their marketing efforts on those that want and engage with their emails is only going to mean increased programme value.
We will also see consumer trust increase once GDPR is enforced. The DMA has reported that 58 percent of individuals share their personal information with a company because they trust them. Trust is built on honesty and transparency, which are two expectations closely aligned with these regulations. It means more subscribers will provide their primary email address (the one they most actively engage with) when signing up for marketing materials. The fact is, if a customer believes a company is being open with them and treating their data respectfully, they will be more inclined to engage with them. More opens and clicks are going to mean more traffic and conversions – and we are seeing these in absolute terms, not just percentages. This not only means more immediate revenue but also extended lifetime engagement, meaning significant increases in the overall marketing value of these programmes.
Sean Masters, Creative Director and Partner at Masters Allen
As The Economist put it, personal data is the world’s most valuable resource, so what will happen when we have to be even more careful about how to use it? With the GDPR deadline just under a week away, businesses all over the UK will be tying up loose ends in order to become GDPR compliant. And although it will be a daunting time for many, especially marketers, there are plenty of last minute ways businesses can still succeed when it comes to direct marketing without putting themselves at risk of non-compliance.
In light of the impacts GDPR will have, brands really need to reconsider how they target prospective customers. It has never been more important for brands to offer something that recipients can’t get elsewhere. Unengaging, irrelevant content simply won’t stick it any longer. Creating a lasting impression is key, therefore brands need to produce content that engages and makes you sit back and think. Instead of putting their hands up and waving the white flag, brands should see this an exciting opportunity to reinvent who they are and how they stand above the rest. This is also a great opportunity for organisations to revitalise their direct marketing efforts. There are still a whole host of channels that brands can use to attract a customer to their brand and their services. For example, social media, offline marketing, advertising, PR and experiential marketing stunts will all be ways that brands can get heard above the background noise without finding themselves in deep GDPR water.
Now is the time to take stock of what has already been implemented and just make those small last minute changes to ensure your customers stay engaged after May 25th. After all, the ones that have opted in are the ones who are truly interested in your brand. Sometimes a smaller, targeted mix of customers are far better than a wide net approach when it comes to marketing ROI.
Marcus Hemsley, Founder of Fountain
Following GDPR we’re likely to see an increase in CPCs for paid advertising across all channels as a large number of new companies enter the market at the same time. There are a number of ways businesses generate new business leads online. These can be split into two categories: Affiliates, brokers, email and third-party databases, and direct marketing such as PPC, SEO and paid social media. While most marketers will expect GDPR to affect the first category, in actual fact both of these could be affected in the coming months.
The need for first-party opt-in under GDPR has caused problems for affiliates and lead generation networks. While many affiliates have likely worked on GDPR compliance, the complexity of using these types of networks increases the risk of marketing collateral being used to advertise to non-compliant data. If you give collateral to an affiliate network, they will pass it on to sub-affiliates, who will then pass it to sub-sub-affiliates and so on. If one of these affiliates down the chain uses your marketing collateral in an email to a non GDPR compliant list, you are liable. Therefore, this type of marketing is likely to be avoided.
The second group generate their own leads and get first-party opt-in, so you’d expect them to be unaffected. But, with fewer marketing options many companies – especially those in industries that use a lot of affiliate marketing such as finance, insurance and retail – are likely to put more investment into paid advertising online. PPC offers an immediate solution to make up a shortfall in leads or online sales. However, PPC in search ads such as Google and Bing, and social media platforms such as Facebook, Twitter and LinkedIn are priced based on competitive bidding. This means a spike in demand will push up the cost-per-clicks for everyone.
Mark Maclure, MD of Stream, a member of The Chemistry Works
Many are running scared of GDPR but is it all that bad? There is a plethora of scaremongers around and when combined with a legal team’s input and the UK’s propensity to be over cautious on all things EU law related, you can probably guess where we are now at! The essence of GDPR is a long overdue update to the outdated data protection regulations. The offshoot of this is a requirement for brands to be more responsible in how they market to their audiences. One of the key phrases in GDPR for marketeers is “legitimate interest” – in B2B it is much easier to justify legitimate interest as many businesses are likely to have a proven requirement for a brand’s products/services. In the B2C world existing customers and proven case studies can provide legitimate interest. There is a lot of misinformation out there and a proliferation of comms currently flooding our inboxes, much of which is unnecessary. The ICO is wanting brands to adhere to the regulations but is not actively seeking to prosecute (in 2016/17 the ICO concluded 17,300 cases and only 16 resulted in fines).
The net result of GDPR is that we should see an overall improvement in marketing practices and brands putting a greater focus on engaging those who are most interested in their products/services – this starts with their existing customers and then those prospects who are more genuine ones than speculative – all of which should be viewed as good practice. And from an agency stand point, GDPR spells opportunity and the chance to get more creative. We need to be providing solutions to our clients that work within the GDPR framework and reminding brands that the more energy spent focusing on their true target audience, the better it will be for all.
It’s pretty clear that aggregating and selling personal data as a business has become a huge profit-generating enterprise, and that many of the companies that engage in it have not been transparent about their practices, or particularly responsible about setting limits on their own behaviour. Self-regulation, as is usually the case, is more of a smokescreen than a solution. Therefore, it seems, on balance, that standardisation of practices has become essential. Some form of global standards would be the ideal, but that is clearly a long way off.
T. Alex Blum, from BLUM CONSULTING PARTNERS
All legislation has unintended consequences and this will be no different. Often, the unpredictable effects can be the most significant, and of course we don’t know what those will be. Clearly, the big challenge here is for publishers, especially since even Facebook and Google, the elephants in the room, appear to be dealing with this by offloading the responsibility onto them, or making blanket permissions a condition of service, which would seem to be a direct violation of the regulations. There is a valid concern that the penalties in the regulations are draconian, so until there is some sort of enforcement history, that will be a cloud that will hang over the issue for some undetermined amount of time, and particularly smaller publishers and vendors will be disproportionately at risk.
In the long run, brands may also benefit, since ironically, it may protect them from the backlash as more abuses in the use of people’s personal information come to light, which they will, and brands will be insulated from responsibility by a blanket requirement that their publishers, agencies, and vendors are compliant. Brands are already so addicted to the concept of targeting that it’s hard to believe this will change their behaviour in a big way, especially since they are not shouldering the risk. Those brands who are bringing programmatic buying in-house should probably pay close attention to their contracts and conditions.
The big issue with data driven advertising is still the massive lack of clarity about the actual value of the data that is available. As an anecdotal example, just look at the complete lack of consistency between all the companies who rated the Super Bowl ads in the US this year based on “scientific” user data. It was laughable. Basically, it was obvious that their data was no more “scientific” than I could generate from asking the people in my living room. Right now, it seems as if consumers are surprisingly indifferent to this issue, and that will probably continue until abuses in other arenas where algorithms use personal information in non-transparent ways, like politics, or banking, illuminate just how serious misuse of that information actually is.
Aaron Brooks, Co-Founder & CEO of Vamp
I believe that GDPR will provide a good opportunity for brands. They can present consumers with additional safeguards to protect their data and restore trust. With recent scandals like the Cambridge Analytica, shedding a light on how data can be used, it is essential for brands to provide complete transparency on their usability of customer data. This will not only ensure that brands are GDPR compliant to avoid hefty fines, but also make a bid to restore trust amongst consumers.
Facebook and a lot of the big advertising agencies are having to tighten up their privacy policies, which can only be a good thing, and we work closely with those parties to ensure compliance and transparency from initial conversation through to campaign launch.
With Europe being a huge market, I doubt many companies will bail on it rather than follow the new General Data Protection Regulation. Trust in social media platforms has taken a huge hit in 2018 so it’s essential for brands to be explicit about how it will follow the new regulations. It certainly won’t change how companies advertise on Facebook, but they will be responsible for ensuring their own compliance or face a significant fine.
Elliott Clayton, Senior Vice President at Conversant
The marketing and advertising industry has been somewhat guilty of haphazard mass-marketing in the past, and some bad practices are still rife today. But GDPR and its demand for transparency is an opportunity for the industry to evolve and deliver a better service to all parties by finally establishing large-scale one-to-one consumer relationships through the use of technology and data.
Many marketers and advertisers may be operating through fear at the moment, undergoing extreme measures to be compliant, but GDPR is a chance for them to take back control. As the old saying goes, it’s about quality not quantity. The new requirements of GDPR, gaining consent and having records of customer data possessed by companies, will aid and encourage this focus on quality, helping to make ‘high-quality’ an industry standard.
If consumers are only seeing poor-quality content, why would they want to give their consent to receive it? Consumers will withhold consent where there’s a risk of being exposed to ‘bad content’, so as companies and brands strive to be compliant, the natural fallout will be more relevant, high-quality content. Looking to maintain consumer consent will also compel the industry to nurture and build greater personalised communication over time.
Campbell James Findlay, Communications Manager at Create
Safeguarding is one of the cornerstones of our organisation. We understand that we often hold sensitive information on our participants and often have to weigh our decisions to publicise our work against the welfare of those we work with. Over the last few months we have seen how data can be used by large corporations with frightening results. Technology companies hold the keys to our most personal of data – using it to target users with adverts and even influence their voting preferences.
The new General Data Protection Regulations mean organisations will have to be far more responsible about how the data they hold is used. At Create, we are now working to ensure that we only hold data that we need to carry out our mission of empowering lives through the creative arts. We welcome the change in the law, which will help us connect and communicate only with those who want to hear from us. Our inspiring work speaks for itself and while we want to tell everyone about it we also want to make sure the people we tell are listening.
The way charities communicate with the public is changing and we must adapt to this change. As a small charity we need to find new ways to engage a wider audience and develop narratives that resonate. Everything we do is focused around the individuals who we work with. We know from experience that drama can build an isolated young carer’s self-esteem, that storytelling can strengthen the bond between a young offender and the loved ones waiting for him at home, and that music can help ease the anguish felt by the parent of a child with a life-limiting condition. We look forward to engaging a wider audience and telling the stories of those whose lives we have such an impact on.
Austen Clark, Managing Director of Clark Integrated Technnologies
Remember the Millennium Bug? Computer systems were predicted to crash, airplanes would come falling out of the skies and billions would be wiped off the markets. Hype around GDPR hasn’t reached those levels, but just as there was no disaster in Y2K, there won’t be ruination with GDPR becoming legislation. Creative agencies and their clients that act upon personal data held on EU citizens will be affected by the new regulations – Brexit makes no difference. What’s required is clearly spelled out by the Information Commissioner’s Office (ICO).
We’ve seen much in the media about severe fines that could be imposed for non-compliance, and warnings to businesses that businesses could lose customers by bringing their consents to the GDPR-standard. But consider the opportunities that arise from this legislative overhaul in data protection. Better engagement with customers will build customer trust. Every week there is a new story about a company harvesting customer data without them knowing. GDPR is great chance to build confidence, trust and demonstrate robust processes and systems are in place for handling personal data. Compliancy highlights business have trustworthy and ethical practices when it comes to marketing communications and handling personal data. Compliancy strengthens credibility not only with customers but also suppliers and partners.
Think about making the most of the new opportunities, from cleansing databases to building trust. GDPR does mean making changes, but this can support digital transformation by modernising out-of-date processes. Aligning GDPR programmes with IT modernisation could deliver savings, operational benefits and boost productivity beyond a tick-box exercise of "just being compliant." The creative industries, like all businesses, should view GDPR as a catalyst for positive business transformation, rather than seeing it as a setback. GDPR will be good for business in the long term, so don’t let it stifle creativity.
Adam Maskatiya, UK and Eire General Manager at Kaspersky Lab
Data is invading every part of enterprises and, as it does, organisations are looking to uncover all opportunities where data can add insight into business operations. As a result, every job role is impacted and everything from call records to customer interactions are under scrutiny. In this context, GDPR is the perfect opportunity for HR professionals to play a unique role in creating a culture of good data practice. The HR function can be used as a launchpad to embed changes within the fabric of the business and the minds of employees, enhancing employee knowledge by driving a better understanding of data privacy.
GDPR comes into effect on May 25, 2018 and the UK government has confirmed that the regulations will apply in the UK as it will still be a member of the EU at that time. This gives HR leaders just under a year to prepare for the new regulations to take effect. Teams will need to very carefully assess their current processes and procedures to ensure they are ready for these demanding, yet empowering, new requirements.
A critical first step is to recognise the pivotal role HR must play in creating a GDPR-compliant environment, ensuring employees understand their role and the repercussions of failure to meet the new obligations. If teams get it right, GDPR can indeed become the secret weapon that will help put HR professionals at the heart of the data debate.
Chad Wollen, Chief Marketing Officer at Smartpipe
There are those in the industry who believe the arrival of the GDPR will lead to a data crash, citing an inherent conflict between “big data” and “big privacy”. Some companies have been pursuing an unbalanced strategy, focused only on exploiting data. Now there is a rebalance many are going to struggle to change their culture, technology or business models. A few, however, have seen the GDPR as an opportunity to invest and innovate, building products which keep data flowing without compromise to privacy. The explosion in 'Privacy Tech’ that should have taken place well ahead of the 25th May 2018 will now happen after the deadline.
The new laws put the power firmly in the hands of consumers, at a time when they are becoming more and more aware of their personal data rights. Businesses must therefore open up a dialogue with them, rather than avoiding the GDPR conversation. Users must be clear on what they are signing up to and be given every opportunity to make an informed decision when choosing to opt in or opt out. The real challenge of GDPR is how we, as an industry, can deliver engaging ideas and campaigns while always adhering to compliance processes. Businesses will have to quickly understand that this is not exclusively a legal challenge, and allow marketing to deliver creative solutions to fill the privacy gap between brands and their customers.
Initially, the post-GDPR era may feel uncomfortable and difficult, but by focusing on the customer, creating new tools and experiences for them to engage with their data, and by investing in technology to ensure greater data protection, that conversation will soon become much easier.
Lindsay McEwan, Vice President and Managing Director, EMEA, Tealium
The GDPR will promote customer data privacy, strong data governance, and greater transparency, allowing consumers to take the reigns and control their own data. In turn this will allow marketers to deliver improved, more relevant, and more targeted conversations that create higher levels of engagement, and ultimately build long-term brand loyalty. The new regulation will inevitably create noise; this shake up has been a long time coming and is on a larger scale than ever before, demonstrating the industry is taking customer data privacy seriously – at a global level.
With change comes the challenge of adaptation; businesses may initially feel the pressure to get their data in order by assessing current policies, procedures, and contracts to ensure they include stringent data privacy clauses. However, in the long term, GDPR will help businesses gain greater understanding of their data by joining up previously disparate data stores – subsequently creating the 360-view of consumers that has always been the ultimate dream for any marketer.
Nothing suggests that GDPR will negatively impact creativity; companies that have adequately prepared should make a smooth transition into the post-GDPR landscape. It is possible to deliver creative ad campaigns that are respectful of consumer data privacy and will be better received if customers feel assured their data is not at risk, and content is relevant, timely, and engaging. The GDPR was designed with the consumer in mind, but brands can leverage this opportunity to rebuild new, stronger relationships with their audience, with trust and transparency as the cornerstone.
Andrew Buckman, Managing Director EMEA, Sublime Skinz
GDPR will undoubtedly have an effect on companies both large and small within the industry. However, if businesses have taken the correct steps to ensure they are ready and compliant, I believe there's no reason for the new regulations to have a negative impact or slow down progression. In fact, GDPR could actually help the digital advertising market thrive, as it offers benefits to both brands and consumers. For example, through greater levels of transparency and security, and minimisation of data collection, I expect to see an increase in user trust, as well as higher investment in the digital sector from advertisers.
From now on, publishers and advertisers must now look to strike the right balance between creative, placement and context. In doing so, they are presented with the opportunity to build better relationships with consumers by developing more engaging ads. Not only will this ensure that brands see a better return on their investment as they are reaching relevant audiences, but it will fuel a better quality of advertising overall; which is a necessity for industry advancement.
The big winners in all this will be Google and Facebook. As a result of their tremendous dominance in the digital environment, publishers and users will have little option but to comply with their new privacy rules. In turn, these two players will perform a key role in shaping the future of the market.
Stewart Maurer, VP of Marketing, Crownpeak
GDPR will change the advertising technology ecosystem for the better. Well-prepared players that put consent first will emerge, taking a more innovative and efficient approach to compliance and raising industry standards. However, this is dependent on whether brands have correctly addressed the core components of the regulation and understood where their priorities lie. There is a crucial need for brands to bring transparency to the forefront of their business model, rather than seeing the GDPR as a mere ‘tick box’ exercise. In building consent-first procedures, marketers will create customer relationships based on trust, allowing them to operate above the competition on data governance.
Brands should see GDPR as an opportunity to regain control of their complex digital supply chains, which often include tracking, advertising and analytics third parties. As they discover which ad tech organisations data is shared with, they will not only be able to ask the audiences for consent to use their data, but identify which parts of the digital ecosystem are not delivering marketing value. Rationalising third party technologies will reduce website latency and enhance the user experience, resulting in a better return on investment.
I believe the GDPR may end up becoming the de facto global privacy standard, with data privacy becoming increasingly linked with consumer trust. It is important for companies to embrace the changes encouraged by the regulation and continuously integrate them into company culture as consumer demands evolve.
Peter Falcone, Director of Analytics EMEA at Flashtalking
The GDPR represents the biggest transformation in data regulation in recent times, but it’s reported that 20% of marketers will still not be ready by 25th May. Many common misconceptions are still held – such as the definition of personal vs. sensitive data – and these are confusing and complicating the journey to compliance. The potential penalties served for non-compliance – up to €20 million or 4% of global turnover – have instilled fear in many organisations, but this is mostly unfounded. We expect the Information Commissioner’s Office will seek to support those companies demonstrating efforts to reach compliance.
Personalised communications are better for consumers than irrelevant digital marketing and consumers are rightly seeking guarantees their data is protected. Through compliance, marketers can ensure that their customer’s data is secure and deliver more timely and relevant communications that will foster stronger relationships.
Gavin Stirrat, VP Europe, Partner Services, OpenX
While some may see the General Data Protection Regulation (GDPR) as a major concern for businesses, I believe it will usher in a new era of trust and quality across the digital ecosystem. In a recent Information Commissioner’s Office survey, it was revealed that 80% of UK citizens do not trust organisations with their data. By placing clarity, accuracy and accountability at the heart of the industry, and encouraging the practice of “privacy by design,” the new legislation will give companies an opportunity to build more trusting and rewarding consumer relationships based on consent.
The regulation requires marketers to review data handling and processing procedures, but instead of looking at this solely as a compliance obligation, businesses should use it as a chance to build a solid data framework to increase business efficiency. It will force the advertising industry to make smarter decisions about which audiences they reach and how they speak with them, and will most importantly result in a more productive and streamlined media supply chain where only the highest quality and most trusted marketers, publishers and technology providers will flourish – and ultimately succeed.
Adam Singolda, Founder & CEO, Taboola
At Taboola, we have spent significant time and resources to prepare for the GDPR and to help our partners and others in the industry do the same. We have taken this opportunity to assess our global data operations and to ensure that our processes meet best practices and transparency standards. We have also collaborated with others in our industry to define best practices, met with regulators, and worked towards self-regulatory standards — most recently in the implementation of the IAB Europe’s Transparency and Consent Framework.
Through our learnings, we believe that the most important thing our partners should know is that, despite the extensive preparation required to comply, Taboola is optimistic about the long-term benefits that will result from preparation for the GDPR. Because the GDPR offers users new opportunities to communicate whether they want to receive personalised ads and to update their data and preferences, in the long run, the GDPR has provided the digital advertising industry with an important opportunity to better understand the preferences of our audiences. In turn, this means that publishers and marketers may now become even more familiar with their audiences and what types of content they are most interested in and most likely to engage with.
Maria Vardy, Managing Director at Jaywing
GDPR is a much-needed regulation to protect consumers and responsible brands alike. It should help consumers understand their own responsibilities in allowing the use of their data, and also create an environment where trust can be rebuilt with brands following a wave of high-profile cases of data misuse. In light of recent malpractice, GDPR has received heightened interest—but the scaremongering isn’t warranted. Our hope is that it leads to a more informed consumer audience and better marketers, rather than endless misleading headlines.
For brands, re-earning trust and permission will be the key to thriving in the post-GDPR world. In order to do that, brands need to have the agility and adaptability to do this in a transparent, creative and mutually-rewarding way. No doubt we will see big winners in this field, but also some pretty big losers. GDPR should have a huge effect on the creative industries and the individuals working in it. We should begin to see the resurgence of creativity over commodity and automation and realising the role of technology to enhance human experience and service. We should also see the return to small data, with more personalised, valuable and trusted exchanges between brands and their audiences. For creative industries, it’s time to sharpen our pencils and get back to those engaging ideas that compel audiences to act and interact.
Steve Lowell, Director of Insight and Data, Indicia
GDPR seems to instil fear in many, but it’s largely undeserved. If we stop viewing GDPR as an ominous deadline and begin to see it as a tool for more effective relationship-building, it will lose its negative reputation and open up new opportunities. Fundamentally, GDPR is a good thing for the creative industries. It should be a catalyst that sparks a real cultural shift in the way we connect with consumers. The very premise of GDPR is giving control back to the individual when it comes to data, but this is not to say that creative industries will now “lose control.”
GDPR will actually create a more efficient and authentic conversation between brands and consumers. Up until now, companies have had customer data at their fingertips, and have used it how and when they want to. Not all brands have used customer data wisely or to real effect. Post-GDPR, brands and businesses will begin to see that they don’t own that data—they need to earn it through quality content. Currently, the amount of data available to businesses is so vast that it can be hard to see the wood for the trees. The implementation of GDPR will mean that companies are only interacting with those who are genuinely responsive to their brand, making conversations more contextually relevant, targeted and refined in their messages.
Of course, this will mean that new or untapped audiences are less accessible, but it’s a chance for the creative industries to think of new ways to earn consumer buy-in. Essentially, GDPR shouldn’t be a surprise or a thorn in the side to any creative agency. It’s simply putting the consumer first, something that should already be at the forefront of our minds.
Andy Evans, CMO at Sovrn
Data and Privacy has been an issue of concern for users long before the recent Facebook scandal. The changes that will follow GDPR will certainly pose a challenge to the online advertising industry, but will ultimately be good for the user. Sadly, many companies, both big and small, are still not prepared. Some international publishers will potentially cut off their EU inventory in the short term, creating a smaller pool, and, as cookie targeting becomes more difficult, buyers will be thinking about contextual targeting instead. This swing from user targeting to contextual targeting means that creatives will need to focus on the content ads are seen against, rather than the audience which is viewing the ad.
Moreover, brands looking for viewability and engagement will find that, after GDPR, direct response advertisers and re-targeters will have limited inventory to target, meaning that there will be more pressure on creatives to deliver campaigns that really work. For industries like digital marketing, however, GDPR is a small bump in the road as it is fast moving and dynamic enough to re-invent itself, while providing improved privacy to users.
A way in which GDPR will benefit brands is that users will not be bombarded with retargeting, and contextual advertising will become more respectful, delivering the right message against related content. Ultimately, GDPR will not stop the world from turning, and the challenges that arise from it can only spur new innovation, so I am excited to see what positivity might come out of it. We are all users of the internet and shouldn’t have to be forced to make changes due to governance. If we look inside ourselves, we know what is and is not acceptable.
Harriet Thacker, Account Manager at RizkMcCay
Headlines surrounding the imminent arrival of GDPR give dire warnings of the potential fines for not adhering to the new regulations. Additionally, there is a fair amount of conflicting information on what needs to be done to be ready for GDPR. It is important to be prepared for the new legislation, but with a week to go, many people are wondering what actual impact the new regulations could have on their business.
As GDPR comes into force on a Friday, the business world is anticipating a manic day on 29 May – the first working day after the regulations begin in the UK. Experts expect that thousands of people in the UK and other EU countries will begin to submit SARs (access requests) for their data. Tuesday 29 May will be a major test of how prepared UK businesses are to deal with GDPR in reality. After this, there will be a period of adjustment, during which strategies will be put to the test and adapted as they are implemented in a new regulatory landscape.
It is estimated that a huge 75% of UK marketing data will become useless on 25 May as it will no longer comply with GDPR laws. As a result, so-called ‘re-permissioning’ campaigns are top of marketers’ agendas to try and mitigate as much loss of data as possible. Many of these campaigns are well underway with business after business asking consumers to opt-in to continue receiving communications. This isn’t the case for everyone. Virgin Holidays have explicitly said that an opt-in campaign will be a last resort for them. “At the end of the day we’ll have a much smaller base but they’ll be much more engaged; we’ll have people who actually want to hear from us,” Saul Lopes, head of CRM and loyalty at Virgin Holidays, said. We can, however expect some smaller businesses to look at starting over to build up their marketing databases from scratch.
Mark Roy, Chairman and Founder of REaD Group
GDPR is fantastic news for the creative sector. There is every sign that we’re about to see a return to Direct Mail as a major communications channel. This is because Direct Mail can be used under the basis of Legitimate Interest under GDPR (or put another way, does not require affirmative consent). Direct Mail is a less abrasive media channel when compared to telemarketing or SMS and is more likely to pass muster when conducting a balancing test as to whether this will cause distress to a recipient. The Information Commissioner's Office (ICO) is looking for the application of the main principles of the GDPR: openness, honesty and transparency.
For too long, companies have relied on email as the mainstay of their communications strategies. But email can be a visually horrific medium, (worse still on a mobile phone) where creativity is stifled. Now, we’re set to see a return to creative execution across a channel that can really work hard for a brand. You’ll see more colour, innovative materials and designs that really absorbs the consumer and creates interest and engagement. Today, Direct Mail is regarded very differently from a decade ago. We will be going full circle as, for millennials in particular, research shows that 18-30 year olds are ready and waiting to start receiving things in the post.
Carl White, Co-founder, Nano Interactive
Evolving consumer expectations, along with the impact of the changing regulatory landscape, means that our industry is ripe for change. To be successful in this new era, digital marketers will need to evolve away from retrospective analysis, i.e. cookie based targeting and pivot towards real-time, ’in the moment’ targeting of consumer behaviour. By utilising AI technologies we can understand and predict people’s intentions so that we can deliver advertising tailored to the individual. Brands must embrace this opportunity to ensure that their advertising appears in the right context at the right time.
The cookie has played an important role in helping to create the multi-billion pound industry that we work in today and though there is still some life left in it yet we do expect the role of the cookie to diminish. Traditional contextual relevance allied with real time signals of consumer intent will drive the evolution of the digital ecosystem and make the digital advertising market more sustainable.
Nick McCarthy, SVP EMEA, Data Solution, Merkle
When GDPR finally rolls out on 25th May, its effect will be felt across sectors as diverse as retail, healthcare and government. Of all those impacted however, it's likely that the creative and advertising sector will feel the effects of the regulation most keenly, as agencies and brands alike move quickly to become compliant or else become obsolete. Nonetheless, GDPR is as much an opportunity as it is a challenge. In the immediate term, it will mean a redrawing of the landscape; we're likely to see the inevitable flushing out of those who can't comply, whilst those who remain will be doubling down on adopting a consumer-first approach – both important steps for the long-term health of the industry.
For creatives in particular, the opportunity to create a personalised journey will mean more diverse briefs and greater demand for their services. However, it's important to note that GDPR itself is both a reflection of and a consequence of a shifting public mood towards data privacy. As a result, creatives must ensure that their work caters to both those who want a highly-personalised experience and those who don't. In order to create these two divergent experiences, creatives may find they have to look to different mechanisms to engage with consumers - although again, this will be as much of an opportunity as it is a challenge.
Overall, a natural consequence of putting consumer-interest in the driving seat will be better brand experiences, resulting in a greater number of opt-ins to continue the relationship. By building a relationship built on trust and transparency, brands and agency parties will soon find their first-party data becomes more relevant and curated over time – creating a virtuous cycle of trust and resulting in higher quality experiences across multiple channels.
Ed Preedy, MD, Europe, GumGum
The GDPR represents an enormous shake-up to the way businesses collect, use and store consumer data. There’s no doubt that it’s occurrence is significant, but contrary to what many see as a doomsday event, it’s implementation could actually mark the beginning of a bright new future. What brands, agencies and creative individuals have failed to appreciate so far is the enormous amount of valuable insight that the web can provide about consumers, without the need to harvest personal data. For example, the sharing of photos and images has arguably become more common than person-to-person interaction; the meteoric rise of image-first social platforms like Snapchat, Pinterest, and Instagram is testament to that.
Therefore, with literally billions of images uploaded and shared daily on the internet, there’s an opportunity here for advertisers to get to know their consumers in the language they now speak: images. One of the key tools for automating the analysis of this information will be image recognition – the visual branch of AI. This opens up the possibility of serving image-based ads, contextually-relevant to the content people are viewing and sharing. The old ways of profiling and targeting consumers was lazy and created a situation where true creativity became neglected. GDPR will necessitate a much-needed shift back towards more contextual ad placements, and will drive the adoption of new technologies to enhance creativity to improve user experience. In this sense, the GDPR actually represents a key development in the creation of a sustainable and healthy digital advertising ecosystem.
Robert Allen, EMEA Director of Marketing and Technology at Kingston Digital
Using data and carrying it from one place to another is part of any job role, but when we look at the creative industry, these processes are ubiquitous. Communications with clients and with employees requires the movement of data back and forth, much of which is confidential but necessary to progress projects. Professionals work on multiple campaigns concurrently, and may be carrying the data in the same place. Flexible or mobile working is prevalent in the sector, and therefore more data is carried outside of protective business firewalls than perhaps in other professions. Any mishaps from any of these dangers leading to data breaches under the new GDPR legislation can lead to serious consequences. Fines, loss of reputation, and the loss of clients can be expected, and so it’s important to have a robust GDPR plan in place. There are several solutions available to help creative workers to be compliant with GDPR, and Cloud solutions can be great for sharing files and contents. Complementing this, there is also a need for a secure, encrypted USB option in every company’s portfolio.
To combat the disadvantages of using standard consumer USB drives for storing and moving business data, there is a range of secure USB drives available and specifically designed for corporate use. Encrypted USB drives have helped businesses large and small, consultants, and independent workers transport their mobile data securely and confidently. If a USB drive is lost or stolen and the data on it is encrypted, then this is not considered a data breach, and may not even have to be reported; therefore, none of the penalties earlier mentioned may be applicable. It is hard to define what can be considered personal information and what is not, and the new EU regulation will simply force everyone to have more consideration when using someone else’s data. Over time, these changes will eventually be part of a standard company processes.
Ruth Manielevitch, Director of Business Development EMEA at Taptica
Andy Dobson, Technical Director at Wolff Olins
Many I know in the business of engaging with their customer base are exhausted by the hoops they are now having to jump. Some are cynical, viewing it as a "job creation scheme for lawyers and bureaucrats". Others regard it as ineffectual at best and a bit of "privacy theatre" in the wake of so many data and privacy scandals. Whatever your feelings, the impact will be far-reaching, and it is undoubtedly creating a headache for those that have to administer it. I particularly feel for the charitable sector for whom digital marketing has been a low-cost lifeline to punch above the weight of their big budget commercial counterparts, and might lack the necessary in-house knowledge and skills to meet the requirement.
However many, myself included, will be grateful for the lighter inbox next week, and as an industry, we should embrace this as an opportunity to set a new baseline for the responsible collection and use of data. In a time where technology is under much scrutiny for its ethics and obfuscated business models, many of which are predicated on the exploitation of the data-rich lives we now share (whether we choose to or not), GDPR invites us to question how we operate, what the value of data really is, and how it's misuse threatens the relationship with our customers and users.
GDPR, for all its flaws, sets an ethical baseline for the collection, storage and use of our data, and removes barriers to accountability. This is something we can wholeheartedly embrace, if for no other reason than the knowledge and expectation gap between the public and the tech industry narrows with every scandal. It's an invitation to get our houses in order, even if that house is just making sure that your mailing list is full of meaningful customers, rather than pointlessly hassling people who have no interest in you right now. Given the amount that organisations invest in making their brand represent integrity and trust, GDPR is a golden opportunity to make this a practical outcome and not just a value statement.
Neil Davidson, MD of HeyHuman
The intense interest surrounding GDPR feels like a throwback to the millennium bug. There’s a lot of uncertainty about what the legislation entails, and companies are dedicating heaps of time and money towards protecting themselves. At times, it feels like we’re just playing a very expensive game of Chinese whispers. In the short-term, GDPR is certainly proving to be an organisational minefield. However, I think that the new laws might end up having a positive impact on the creative industries. The furore does not end on May 25th. It’s an ongoing journey that will make creatives think a lot more closely about the types of content they’re putting out to their audiences.
In fact, GDPR reminds me of Seth Godin’s concept of ‘Permission Marketing’: that consumers are becoming increasingly savvy to marketing materials and will simply ignore you unless you are offering something of value. Attention is the most valuable commodity to a marketer. You have no chance of succeeding in this industry unless you can encourage consumers to willingly notice you. The laws around GDPR will, hopefully, emphasise this point to marketers. Right now, creative companies are asking themselves, ‘How do we become a brand that people look forward to receiving content from?’ It will be exciting to see the answers they come up with.
Florian Gramshammer, MD EMEA at Impact
There is no doubt that GDPR is being felt throughout the industry. Ultimately the introduction of this landmark legislation can only be seen as a good thing for consumers and the industry. It was overdue for some time that as an industry we pause and consider the many positive outcomes from all the hard work that has gone into compliance over the last few years.
Targeting and quality seemed to have slipped off too many marketer’s radars over time, who now find themselves forced to put control back into the hands of consumers. It is only natural that the companies who have long embraced 'privacy by design' and permission-based marketing will reap the benefits faster, while others will have to spend more time on the basics first. Brands who continue to deliver strong and innovative creative and work hard to retain customers by providing value, will find it easier to obtain consumer permissions. As a matter of course, they will have the upper hand as they will own truly valuable data, giving them an opportunity to build on the trust instilled in them by consumers.
In this new GDPR world, the most successful industry participants also understand the need to continue investment in best-in-class teams, partners, agencies and technology platforms to interpret the data and use it effectively. In doing so, they are better positioned to optimise the marketing platforms available to them and excel in using their own first-party data.
For more thoughts and insights into GDPR, check out my companion piece "Don't Panic: Talking the ticks and crosses of GDPR with the influencers who know," which probes deeper still into the acronym on everyone's lips this week.