4 Big GDPR Concerns for Brands, Agencies and Vendors

The clock is ticking on Europe’s landmark privacy legislation

Europe’s General Data Protection Regulation (GDPR) has been compared to Y2K, the millennium software bug that caused unnecessary panic about computers crashing—not to mention planes falling out of the sky—before midnight struck on New Year’s Eve in the year 2000. But it’s not much like Y2K at all; conversely, it deserves all the buzz it’s garnering.

When the legislation takes effect on May 25, it will enable European consumers to control how businesses collect and process their personal information. GDPR will impact any organization that hawks goods or services in the EU or tracks Europeans’ digital behavior, regardless of where such businesses’ offices or software firms are located.

GDPR is fashioned to protect the privacy of EU citizens from companies in other markets with less stringent privacy protections, and it has the additional effect of forcing the rest of the world to conform to the EU’s more civic-minded standards.

“We’ve spent the last probably six, seven months preparing for it,” remarked Kevin Scholl, director, digital marketing and partnerships at Red Roof Inn. “It wasn’t something to ignore because of the fact that our locations are [in] the U.S. As a hospitality company, we do get a significant amount of travelers from the EU.”

“I think it’s going to force marketers to kick ass at CRM [customer relationship management],” added Pini Yakuel, Optimove CEO.

Such blunt commentary was common during a virtual panel a few weeks ago that I organized on behalf of my employer, tech PR agency Bateman Group. The participants were: Optimove’s Yakuel; Red Roof Inn’s Scholl; Peter Bell, senior director of marketing (EMEA) at Marketo; Sandhya Hegde, Amplitude head of product; Gartner analyst Andrew Frank; Michael Horn, director of data science at interactive agency Huge; and marketing consultant David Deal. [Disclosure: Amplitude, Marketo and Optimove are Bateman Group clients.]

Here are four themes that emerged from the conversation:

1. Better creativity, less targeting

“Truly great creatives actually thrive when limitations are placed on them, and I think the truly great players in the industry will actually become better as they deal with the impact of the limitations placed by GDPR,” commented Deal.

Yakuel largely agreed, “[Before], marketers could simply get away with batching and blasting and using those blank marketing techniques. That’s no longer going to be the case because the price of messing up is going to be very high.”

“The penalties associated with breaches of the GDPR law are considerably higher than any [security breach] PR problem, many of which come and go without actually having much material impact on the business, to be honest,” added Frank.

2. Brands need to create trust

With GDPR in the background, marketers should be thinking a lot about consumer trust during an era of palpable angst thanks to extreme partisan divides, high-profile data breaches, executive misconduct and media polarization. It’s a tumultuous time, so it seems like a big chance to be on the right side of the privacy discussion.

“Anonymize your customer data,” advised Hegde. “Use what we call pseudonyms rather than storing raw data. Design your systems for privacy. That way, you can be open about your practices. You can say, ‘None of your private data is accessible. We anonymize X, Y, Z before we send it to vendors or expose it in our systems.”

3. But do consumers actually care?

At the same time, multiple panelists wondered if consumers would ever focus meaningfully on their data privacy.

“The problem with privacy as a social issue—as a motivator for movement—is that it’s a very abstract concept,” Deal said. “It’s not like a war or something [obvious] like that. It’s something that people don’t really understand. People sometimes feel uncomfortable or are offended by a [branded] experience, but I don’t think people have a very strong, consistent opinion about what privacy means to them as an abstract philosophical concept.”

Others saw the question differently. For instance, Yakuel wondered what would happen if consumers caught wind of the troves of data leveraged by demand-side platforms.

“Most consumers don’t understand that if they go to a luxury car’s website, and then they are shopping for an expensive house on another website, DMPs are making conclusions about their level of affluence,” he said. “When consumers find out exactly the level of depth of data DMPs keep on customers, this will be more alarming.”

4. GDPR isn’t coming to the U.S. Or is it?

“I don’t see any regulation on the scale of GDPR coming to the United States any time soon,” Deal said. “The technology firms such as Google have far too much lobbying power with the current [White House] administration.”

Frank disagreed, pointing to the California Consumer Privacy Act of 2018, which would give consumers the right to ask businesses what personal data is being collected.

“It’s too simple to say that the United States federal government doesn’t care,” he said. “The state initiatives could have a pretty big effect on the way brands behave. And, I think most of the brands and marketers that we talk to tend to feel that it’s more economical to have one privacy policy that you apply everywhere than just try to adjust it for each regional market … I think the GDPR is going to have a rather sweeping effect on U.S. practice, if not the actual laws.”