The General Data Protection Regulation is a general EU regulation that is going into effect from 25th May 2018. It gives the citizens of European Economic Area (EEA) more control over how their personal data is utilized and used online. Many of the internet services are scrambling to get in compliance with the new standards set by GDPR. GDPR is going to bring some significant changes in the business and companies need to be more transparent stating about the information they are collecting from the people. Also need to mention how they are collecting the information and what it will be used for. The organization should get permission from each individual if they are using the data for the later purposes.
GDPR also spells out that the information needs to be given to the customer in a plain language instead of long privacy policies filled with legal jargons. The pre-checked boxes and notices will no longer be allowed to take the consent of collecting the information from individuals.
Once the information collected from individuals, GDPR sets out the requirements for how the data is stored, protected and used. If the data breach is occurred, consumers need to notify it within 72 hours of time. If the data-breach occurs in a company with non-compliance, then it will hit with a fine as high as 20 Million Euros or 4% of the company’s annual global revenue, whichever is higher.
As a matter of fact, GDPR deals with the consumer concerns about the data privacy and security. The most prominent areas relate to:
- The personal data can be only used with the express consent of the consumer
- Consumers have the “right to be forgotten” and “right of data portability”
- Safe and secure administrative record – keeping requirements.
Personal Data of the Consumers:
Personal data can be ranging from an email address to the payment information. It is basically anything that ties to the person’s identity. GDPR also categorizes the cookies, IP addresses and location data as the personal data. The user must agree to the way that how their data is collected and used.
Example: Things those are no longer acceptable by GDPR are:
- Pre-checked boxes on forms or data collection points.
- Passive “you accept cookies” notices.
Customers should be able to give their consent freely and no longer is the implied consent acceptable. The consent cannot be hidden under the long Terms & Conditions in a complex language. Also, the customer will have the right to remove the consent at any time.
Impact of GDPR over Digital Advertising:
Programmatic technology is operating on the data driven advertising. The GDPR regulatory changes are questioning how the digital advertising ecosystem operates. Programmatic trading needs to show that it can also adapt to meet the evolving needs of the industry.
If the data is no longer be used to target the users, the advertising experience becomes far less relevant and engaging, also having a potential impact on the ad revenues.
Every advertising network is aware of the new issues protecting the user privacy. The major ad networks such as Google and Facebook are in the frontline establishing the compliance, but even their revenues get impacted. Google has set up a new site addressing their own efforts to help the customers with compliance. And Facebook has outlined that how they will be addressing the privacy settings.
But if the industry operates closely by meeting the requirements of GDPR regulation, it can bring the enormous benefits for both Publishers and Advertisers. The transparency enforcement within the ecosystem will build a stronger consumer relationship. And a privacy survey states that consumers cite the transparency is the key to trust.
Impact of GDPR over Google Analytics:
Google as a data processor, handles the data of the people all over the world. It has to take the necessary steps to become compliant with the GDPR standards. In Google Analytics, an additional feature added to delete the information of the particular user if they request to do. It has also added the data retention settings that allows you to set the time period that how long the user data is saved. The default setting of the Google is 26 months, but if you are working with a US based company conducting the business in United States then you can set it to never expire.
Impact of GDPR over Digital Marketing:
GDPR brings a significant change in Digital Marketing as well. GDPR will impact the Digital Marketing in the following ways:
- All aspects of data collection and CRM
- Customer data – Understand the “right to be forgotten”
- Cookies and Personal data
- Permissions needed for explicit consent
- Chat tools that capture the User ID’s and IP Addresses.
- Email marketing – check permissions and data sources
- Monitoring of Individuals such as behavioral tracking
- The right to withdraw the consent at any time.
- The right to inspect the data collected by you.
- The right to demand the deletion of data.
Data Controller side:
- An express consent is needed to collect the personal identifiable data.
- The commitment to inform the users how their data is used.
- The commitment to keep the data up to date.
- Data can be used only for a purpose for which the consent can be given.
The biggest problem for the Digital marketers with GDPR is the consent for the use of personal data. GDPR also classifies that Cookie identifiers and IP address is also considered as personal data.
This means, without the consent of the user you should not track the IP address and push cookies. Online marketing definitely notices a change under GDPR, but how it changes can be known only after its commencement.
GDPR is about to bring a major change in the Digital world. Let’s wait & watch it’s impact on Digital Advertising and Marketing Industry.