GDPR: Friend or Foe?

Why you should welcome greater data privacy

As anyone who works with data will be aware, the times are a-changing within the data regulatory arena.

The EU General Data Protection Regulation (GDPR) will be effective as of 25th May 2018, and despite the recent EU referendum result, the principles of it will still apply in the UK.

So what are the principles of the GDPR? The key terms are ‘privacy by default’ and ‘privacy by design’. These principles effectively mean that organisations must consider data privacy throughout their entire operation with regards to how they collect, store and process data. Data subjects (that’s you and me in non-regulatory speak) must be clearly advised in plain language regarding the data that is being collected and how it will be used, as well as their right to access, rectify and erase their data at any stage.

Organisations have to ensure that their systems and processes are designed in such a way that enables them to meet these requirements, and that they can easily implement data subjects’ requests regarding their data. Finally, clear procedures have to be in place to deal with data security breaches, to ensure that privacy infringement is minimised. All of which must be overseen by an appointed Data Protection Officer, who takes responsibility for an organisation’s compliance with the GDPR. Oh, and in the event that an organisation fails to comply with these requirements, they can face fines of between €10m and €20m (or 2% to 4% of worldwide annual turnover). And breathe…

At this point you’d be forgiven for thinking that there’s very little for brands to be cheerful about here. Whilst only the most embittered marketers would deny that the requirements being set out are entirely appropriate and that consumers need clarity and protection regarding their data, are there any opportunities to take advantage of?

In short, yes.

In fact, the requirements of the GDPR can be the platform for brands building much more transparent (and profitable) relationships with consumers. As part of meeting their obligations brands will have the opportunity to build structured and actionable first-party and permissioned single customer view databases. These in turn will enable brands to deliver significantly more effective communication and engagement strategies via segmented content and advertising, increasing efficiency and revenue in the process.

It is true that brands that currently rely heavily on third party data for prospecting and acquisition must address the comparatively small first-party resource that they have at their disposal. How might they do this?

Data matched targeting such as Facebook Custom Audiences, Twitter Tailored Audiences and Google Customer Match enable advertisers to contact current customers, lost customers and potential customers in order to ask permission to communicate with them (if permission is not already in place). This approach is fully compliant (as confirmed by the DMA Legal Team) at the time of writing, although it’s always worth double checking this point as the landscape is shifting here.

So in summary, building a first-party database alongside meeting the ‘privacy by design’ requirements of the GDPR represents a massive opportunity for forward thinking brands. It focuses the mind on building the data infrastructure that will enable brands to find people who want to hear from them, and discover how these people want to be spoken to. This enables brands to communicate with people in a way that they find engaging, interesting, amusing and informative, which in turn encourages them to consider and transact. Isn’t that what good marketing is all about?


Post by

Dan Watt