A new regulatory change isn’t something many of us get excited about – unless you’re a legal geek, or an attorney expecting a flurry of new business opportunities. Marketers, advertisers and tech providers alike, we all had to get our houses in order. But we have successfully made that investment, and it is paying off. Today’s global data ecosystem is a more transparent, consumer-centric space than it was before GDPR.
GDPR Should Be Seen as a Necessary Investment
We need to be honest with ourselves: the race to become GDPR compliant before the deadline was no easy task. Adtech providers were planning several years ahead of time – and even last minute we had clients coming to us with lots of questions. There were legal fees, data handling policies to draw up internally and contracts to be agreed between publishers, clients and data partners. Not to mention DMP tracking, as well as privacy notices to get up and running on websites. No-one can deny the costs associated with doing this properly.
But GDPR has to be seen as an investment, rather than from the narrow costs perspective. The legislation protecting the world’s half-billion EU citizens was an improvement on previous legislation from 1995, making sure data policy is fit for purpose in today’s connected, data-driven world. The legislation didn’t really ask for anything extraordinary: it just needed data handlers to take stock of what data they had, to be clear on why they were using it, and to be transparent with data subjects.
CEOs and business leaders are now much clearer on who their European and non-European clients are, and how their business functions – not just from a marketing perspective. Everyone has woken up to the true value of data.
Examples Have Been Made, but Regulators Have Been Fair
There was perhaps a sigh of relief that the $56 million fine imposed by French authorities on Google this year was not the enormous penalty it could have been. With the threat of fines of up to 4% of annual global turnover, a maximum penalty would run into the billions for a company with annual revenues of $136 billion. That is not to excuse Google from wrongdoing – regulators were right to demand transparency from the world’s largest search engine.
This highlights how GDPR shouldn’t be seen as making life hard for businesses: instead it is about setting expectations for the level of discipline we should all uphold in today’s data ecosystem. As consumers become ever more connected, and their data profiles ever richer, we should see regulation as a sign of maturity of the market for data.
A European Precedent for Better Consumer Experiences Around the World
A recent survey by eMarketer found that nearly 4 in 5 US corporate directors had carried out assessments and updated privacy notices in line with GDPR. Naturally, in today’s interconnected and globalized economy, many US companies are affected by the European regulatory change.
Of course, many businesses doesn’t mean every business. There will be countless directors and CEOs up and down the country who consider GDPR as having nothing at all to do with them, since they don’t handle EU citizens’ data. Well, not so fast: the EU’s tightening of data policy is already influencing regulation in the US.
Perhaps the most tangible consequence has been the signing into law of the California Consumer Privacy Act, which will introduce regulations that mirror many aspects of GDPR. A number of other US states are proposing or introducing similar legislation.
GDPR’s true reach is clear: it has been a catalyst for marketers around the world to take stock of exactly who‘s data they handle, and to be clear on how they are making use of it. This can only be a good thing, as it is driving businesses to fundamentally consider consumers in everything we do. We have to be clear on how we have obtained consent, as well as being transparent on how consumer data shapes relevant advertising and email marketing experiences. We should see this as a sign that we have reached a new level of maturity in the global data ecosystem.