This is the third post in the “Talk data to me” series. See last week’s post about the features offered by Google Analytics to connect offline and online data together. This week’s post will look into the so-called GDPR and the main challenges it poses for the online marketing industry.

GDPR Overview

We are now less than 7 months away from the effective kick-off of the greatest change in data regulation in the last 20 years in the EU. This is the so-called General Data Protection Regulation (or GDPR), which will come into force on the 25^th May 2018.

This regulation (which is the highest form of legislation in Europe) applies not only to companies operating in the EU but also all other organisations that sell to/ hold/process EU consumers’ data. In short, it applies to a large amount of companies. Due to its extended reach, it is expected that it will generate a domino effect for other countries to legislate in the same direction.

The general idea behind the GDPR is to provide more power and control to consumers over their data and how they choose to share it. The definition of personal data will be broader, including data about genetic, mental, economic, cultural or social identity. New rights will be introduced such as the right to be forgotten and the right to portability. The right to portability is the ability for consumers to ask to have their data moved to a different platform.

Main Features of GDPR

Businesses will be required to be very clear about what’s being done with consumers’ data by asking for specific consent. Default sharing or ambiguous descriptions about the data processing will no longer be acceptable. The GDPR will also push companies to make structural changes to their IT infrastructure so that data privacy and security sits at the core of their business and decision-making. Other relevant elements introduced are:

• Breach of information notification systems (within maximum of 72 hours)
• Appointment of a Data Protection Officer (DPO) – in charge of looking after the data policy of the organisation (if applicable)
• Implementation of the data privacy impact assessment (DPIA)

The commitment of the EU to protecting consumers’ data is made obvious by the quantification of the fines for non-compliance with the GDPR. These can be 4% of global turnover for the company or €20 Million, whichever is greatest.

These is merely an overview, but you can find more information in the Information Commission Office website (UK body). In spite of Brexit, GDPR will arrive before 2019. The UK government has already stated that the same, if not equivalent regulations will apply from that moment onward.

Challenges for online marketing

It is patent that the GDPR will affect almost everyone from a large range of industries. In this blog, we will put the focus on the online marketing industry, and which are the main challenges that should being considered. For more information on how it will affect marketers, see this Digital Marketing magazine post and this StrategIC Blog post for digital marketing.

• Deadline approaching fast: The first main challenge is TIME. From taking a quick browse across the Internet, it becomes patent that a large percentage of online websites are not yet ready to comply with the GDPR.
• Opt-in/Opt-out consent: Asking for consent will have to be done in a clear and explicit way. In the case of children, an adult consent will be required. This completely forces a modification on the approach taken by websites until now. Up until now, cookies are being placed without the consent of the visitors, with a short statement like “By navigating this website you accept the use of cookies”. With GDPR, this won’t be allowed, as seeking for consent will be a must.
• 3^rd party providers must comply: If your business has agreements with other parties for any kind of processing/storing of data, you must ensure they comply with the GDPR. This applies to CRM, Analytics, marketing automation platforms, etc.
• Extended individuals’ rights: The new requirements demand a simplification in the process of customers’ asking for a deletion/modification/portability of data. This will unavoidably trigger changes in the way the data is stored across different systems – which will need fast, real-time responses to the customers’ demands.

Where are we heading?

To sum up, we are entering a new era for data analysis. Businesses will have to convince consumers to share their data, and most of those consumers will decide against this. Thus, this represents opportunities for businesses to generate TRUST by building two-way transparent relationships. For instance, one trend will be for businesses to require customers to log in to navigate their websites. Those users will have previously accepted the complete consent requirements.

We will be covering GDPR in more depth in the coming weeks. Stay tuned for more posts related to GDPR and the next topics on the “Talk to me” series.