• Case Studies
  • Events
  • Headlines
  • Infographics
  • News
  • Presentations
  • Press Release
  • Whitepapers

Unlocking and Understanding the GDPR

The Final Countdown

You’ve likely heard the acronym: GDPR (The General Data Protection Regulation) is a new EU legal framework governing the processing of personal data. It replaces existing national data protection laws with the same set of rules across EU markets as of May 25, 2018. GDPR regulates the processing of data in digital advertising by introducing new concepts and broadening obligations on digital ad businesses for the first time. In particular, GDPR specifies that digital identifiers (for example, cookie identifiers) may be considered regulated personal data. In addition to GDPR, the current ePrivacy Directive (aka the “EU cookie Directive”), as implemented by national laws, continues to regulate certain aspects of privacy in the electronic communications sector, including the use of cookies. A new ePrivacy Regulation should have replaced current ePrivacy Directive simultaneously with GDPR, but the process has been delayed. As soon as the ePrivacy Regulation has been adopted, the ad tech industry will have to face further changes to the legal framework. It’s important to note that the customer – that’s also you and I –  will benefit from GDPR, both in terms of privacy and in how their data is being collected, processed and used.

Data privacy is, of course, a customer-first value. It’s an important lens through which organizations such as ours are viewed by customers: get it right and the organization can build trust with customers, get it wrong and an organization risks losing their business. That’s why it’s important to prepare well for the GDPR: not just for you, but also for your clients. After all, we all want to know our data is safe, don’t we?

At Sociomantic, we’ve always had data privacy at the heart of our business. As part of dunnhumby and also throughout our own history, customer trust has always been a priority, and the way we process and use data is thoroughly controlled and monitored. It’s a responsibility that we take very seriously, and for us, things like transparency, data minimization, security and confidentiality of personal data aren’t just concepts: they’re values and necessities to our day-to-day job. That’s why we’ve adopted GDPR as our benchmark for all campaigns and operations around the globe – because our clients will be the ones benefitting.

As May nears, let’s look at the main changes that are coming:

It Will Empower the Customer More than Ever

With GDPR, every company will need a justification to process personal data through their ad tech partners. Personal data may only be lawfully processed if at least one of six different justifications apply. The two most relevant to our industry are the consent of the data subject to the processing and “legitimate interest”, i.e. when the processing of personal data is necessary for the purposes of the legitimate interests pursued by the controller.

As to the topic of consent, the current ePrivacy Directive continues regulating the use of and consent to (3rd party) cookies alongside the GDPR until the new ePrivacy Regulation is passed. Following the current directive, the established market practice adopted by most EU member states has been one where we see the cookie notice (often a banner referring to a cookie or privacy policy) and, by continuing to browse through the website, we provide “implicit” consent that we’re okay with our data being used and a cookie being placed.

Such co-existence of ePrivacy Directive and GDPR is not without conflict though, since the GDPR usually demands an “explicit” consents rather than an “implicit” one. Every company should therefore ensure to additionally be able to prove and explain their legitimate interest in processing their client’s data for the purposes of online marketing.

In addition, GDPR empowers customer’s control over the use of their data.  They may request records of data collected on them or request for data to be corrected or erased (the right to be forgotten, basically). We’ll decide if our data can be collected, shared and processed.  And this is just a general overview: we’ll also receive additional rights, explained in more detail in the GDPR itself.

A customer-first mentality has always been essential for any business, and now that same mentality needs to be applied to data privacy and protection.

Worldwide Changes

To be clear, GDPR will have global implications. It applies to international businesses that offer goods or services to individuals in the EU, regardless of whether a payment is taken, or if they monitor an individual’s behavior in the EU. Even if your company is headquartered in the US, as long as you do business in Europe, your business will need to saddle up for the ride. From now on, businesses around the world will have to be on the same page.

Get Ready

For many markets, not previously legislated, this is a huge change. So sit back, and make sure everything’s prepared. And remember: if not for yourself, do it for your clients. Now, more than ever, marketers everywhere need to step up and make their business the best, most transparent, it can possibly be.