25 May 2018– a historic day in the world of doing ethical business. On this day, in 2018, the European Union finally implemented the General Data Protection Regulation (GDPR). In the last 2 years of its existence, GDPR has been seen as a concerted effort toward building a secured user data privacy ecosystem, harmonizing the laws of privacy with user management, business goals and cybersecurity.
In January 2020, we saw an overwhelming response to the introduction of CCPA as well. Together, GDPR and CCPA are seen as steps toward building a compliant data governance ecosystem.
Last year, the European Commission revealed some very interesting stats on how the EU and the various business groups operating in the region took to GDPR compliance.
- DPAs received 144k or more complaints or inquiries, with GDPR as the subject
- A majority of these complaints were related to telemarketing, promotional emails and video surveillance/ CTV advertisements
- There were 90k data breach notifications reported from the region between May 2018 and May 2019.
In 2020, the nature of data protection guidelines continues to evolve, even as we see a rampant rise in malware attacks and ransomware attacks arising from data theft pertaining to dark web operations. Social engineering activities have exponentially blown out of control– impacting the nature of digital marketing and data collection, even though companies could be 100% compliant with the GDPR benchmarks. Yet, the financial impact of GDPR is much more adverse on the business, financially and value-wise. For example, violators of the GDPR may be fined up to 20 million euros or up to 4% of their gross annual turnover of the last financial year.
In less than 2 years, GDPR has become the standardized framework for passing privacy laws, including the ones in China (China’s Password Law), Japan, Brazil, South Korea, Argentina, and Africa. CCPA, for example, has many distinguished similarities with the GDPR.
Commemorating the GDPR 2nd anniversary, we spoke to industry leaders.
This is what they had to share with us–
Data Privacy Concerns Are Not Restricted to Third-Party Cookies
Calum Smeaton, CEO, TVSquared said –
“Across the advertising and adtech ecosystem, privacy needs to be more than a simple checkbox exercise. It’s something that continues to evolve to suit consumer and industry needs. Whether it’s our physical infrastructure or how we manage data access and control, we’ve made sure privacy is embedded within the DNA of TVSquared. That is second nature to us, as the founding team members, myself included, come from fintech and are used to working within regulated, high-security environments…
… Within digital marketing, the phase out of third-party cookies reflects the next stage of data privacy. While TV is an essential player in the next wave of data privacy due to the growing information available via smart TVs and subscription platforms, it’s going to see less of a fall out from the disappearance of third-party cookies than digital-first companies. However, data privacy concerns are not restricted to third-party cookies, the focus on personal information and how data is managed, processed and accessed are top-of-mind for us, especially as digital and TV collide.”
First-Party Data is the New King
Ivan Ivanov, COO, PubGalaxy said
“While all companies should be in control of their GDPR compliance at this point, publishers and advertisers should especially now be preparing for the perfect storm that’s heading their way. With more global privacy regulations rolling in, unstable ad spend, and the end of third party cookies on the horizon, the industry is under pressure to adapt to the changing conditions. In response to this, we expect to see compliant use of first-party data continue to grow in popularity. By establishing direct relationships, publishers and their advertisers can use personalization methods to seize strong monetization opportunities.”
Turning GDPR into a Strategic Advantage for Business
Alexander Igelsböck, CEO, Adverity
“Two years on and GDPR maintains its standing as a key priority for companies across Europe, and the world. In the UK, the ICO’s announcement regarding ‘pausing’ its investigation into the ad tech industry does not mean data privacy should move down the agenda. Businesses must continue to focus on ensuring best practice in data management, making sure they have the right systems and processes in place to track data better and ensure the correct permissions are sought, and always followed…
…As an industry we do have a clearer understanding of what compliance means and moving forward we should be seeking the most efficient ways to comply with our responsibilities. The tools and means exist to ensure both compliance and excellent levels of service. It’s time to turn this into a strategic advantage for companies.”
Jem Benton, Chorus’ CEO said, “Privacy and protection for businesses and individuals is paramount. We believe customer conversations are one of the most valuable assets for a business and must be treated as such.”
[To share your GDPR insights and your experience complying with the data privacy regulations, please write to us at firstname.lastname@example.org]