In January, French regulators fined Google €50 million ($57 million) for violating the General Data Protection Regulation (GDPR). The fine, the first for a major Silicon Valley tech company, is the largest since the GDPR became enforceable last May.
Fear of violating these tough new laws has driven publishers to turn off open exchanges and led vendors to pivot their business models. More than three-quarters of brand marketers in the US and Europe agreed that GDPR will affect how they use third-party data to target people, according to a November 2018 survey by Sizmek.
While GDPR is specific to Europe, business executives believe that more countries will adopt similar laws. About seven in 10 of the 400 senior executives in a June 2018 survey by A.T. Kearney said that GDPR will likely inspire other countries to expand data privacy regulations.
In the US, individual states are passing their own data privacy laws, creating a patchwork situation. (The Association of National Advertisers (ANA) is lobbying for a more uniform national standard regarding data privacy in the US.)
For our recent report “Digital Display Advertising 2019: Nine Trends to Know for This Year's Media Plan,” we spoke with Amy Manus, vice president of the southeast region at Goodway Group, about how marketers are grappling with data privacy concerns.
How has GDPR affected marketers?
It's caused companies to re-evaluate their overall process, and address the data they have and what they'll be using. Most marketers I talk to are finding the impact of GDPR somewhat bittersweet.
Can you elaborate?
It's causing them to streamline the amount of data they’re storing; letting go of data can be scary for any organization. But inversely, this whole data deluge has continued long enough, and marketers are becoming more cognizant of what data is going to help aid in the relationship they have with customers during their journey. So, overall, just streamlining their approach and strategy for how and what data they use is a necessary exercise many marketers have been putting off for some time.
What strategies should US marketers implement to become compliant?
At minimum, doing an audit of the data you have, understanding—at a high level—the guidelines that are happening over in Europe, and learning how those implications can be brought to the US. The US will have data privacy laws in the future. Will they be like GDPR exactly? Probably not.
What else should marketers do?
Be aware of how you're collecting data, how you're storing it and where it's located. Just the conversation around security and privacy has been so top-of-mind with recent data breaches. It’s not a 'nice to have'—it's a best practice, and it should be moving into 2019.