As we approach almost a year and a half since the GDPR went into effect, there has been enough time for this regulation to make its mark on business practices globally with more changes yet to come. The GDPR has affected more than just the marketing departments in businesses, but today we are going to look at how the GDPR has affected marketing specifically.
What is the GDPR?
So, what does GDPR stand for? It is the General Data Protection Regulation and officially went into effect in May of 2018. The GDPR unifies data protection regulation across the EU. It creates strict regulations around how companies can legally collect consumer data and what they can do with it. Companies under the GDPR must protect consumer’s personal data by ensuring their systems meet the security standards set by the law. Companies must also notify consumers of any data breach within a set timeframe. More information on the specifics of the regulation can be found in this “cheat sheet” of the GDPR.
Why does it affect me as a US company?
The GDPR covers all EU businesses and any business that serves EU residents, so if your company provides services or sells products to anyone in the EU and collects or uses consumer data, you need to be compliant to avoid the risk of being fined. To learn how to become GDPR compliant see this article.
What effect does it have on marketing?
Improved Data Privacy for Consumers
Consumers covered by the regulation have new rights around the protection and control of their personal data. Companies must get consent from the consumer to collect and process their personal information, meaning marketers cannot collect consumer data and use it for targeted marketing without the consumer first giving consent. Consumers also have the “right to be forgotten” in which a company must delete all personal data at the request of the consumer. These rights along with other that are included in the GDPR, provide consumers with more control over their information and what a company does with it.
Changes to Marketing Processes
While the increase in data privacy for consumers was necessary and definitely an improvement in providing consumers more control over their personal data, the regulation has required businesses to reconsider their marketing processes and possibly change the way they collect and handle data completely.
How does the GDPR affect Marketing for US companies?
Reports show that approximately $19.2 billion were spent on third-party data in 2018 by U.S. companies. With companies relying so heavily on third-party data, it’s no surprise that many marketing departments worry about their third-party data sources with the new regulations in force. Companies are faced with the choice between making sure their data providers are compliant and trusting them or stepping away from third-party data sources all together and gathering data on their own. Marketers often rely on data in creating strategic plans to reach their target consumers with relevant messaging. This crossroad presents many marketing departments with a challenging decision.
Fear of Fines
Although the law has been in effect for over a year now, studies show that only 28% of businesses are fully GDPR compliant. This means the companies that are not completely compliant are at risk of being issued hefty fines. You may be wondering why a business would not already be fully compliant if they stand the risk of fines. The regulation is somewhat complex in what all a business must put in place to be fully compliant. Some companies are still working on it, some seem to be okay with the risk, and some don’t seem to be in a big rush to open their doors back to the EU market for fear of missing some section of the regulation and receiving a fine.
When the GDPR went into effect, many Europeans found themselves unable to access services or products that they once could, such as news sites. For instance, Europeans wishing to read the Chicago Tribune were given this message on May 25, 2018 (the day the GDPR went into effect). Although some businesses have since become compliant and removed such notices, there are some that still have a notice of being unable to provide services to many European countries. These companies consider the temporary loss of service in the EU as the choice to make to avoid fines for a lack of compliance.
The GDPR has led to big changes in marketing and business practices around consumer data. We are experiencing the beginning of a new level of consumer data privacy and security, and it will be interesting to see where it takes us. The regulation has also sparked new regulations in the US, such as the CCPA in California. This new legislation covers all businesses that provide services or products to California residents. For more information on what you can do to become CCPA compliant, see our article here.