Here Are 4 Big GDPR Concerns for Brands, Agencies and Vendors

Editor’s Note: About a month ago, I sat down with clients Optimove, Marketo and Amplitude to organize a virtual panel around the topic of General Data Protection Regulation (GDPR). We then invited players from the branding and ad agency world, as well as reporters from CNBC, DMNews and MarTech Today, to discuss GDPR and its potential implications on the industry. The panel received multiple pieces of coverage. I wrote a column for Adweek about what we learned from the panel. You can read an edited version below. 

Europe’s General Data Protection Regulation (GDPR) has been compared to Y2K, the Millennium software bug that caused unnecessary panic about computers crashing—not to mention planes falling out of the sky—before midnight struck on New Year’s Eve in the year 2000. But it’s not much like Y2K at all; conversely, it deserves all the buzz it’s garnering.

When the legislation takes effect on May 25, it will enable European consumers to control how businesses collect and process their personal information. GDPR will impact any organization that hawks goods or services in the EU or tracks Europeans’ digital behavior, regardless of where such businesses’ offices or software firms are located. GDPR is fashioned to protect the privacy of EU citizens from companies in other markets with less stringent privacy protections, and it has the additional effect of forcing the rest of the world to conform to the EU’s more civic-minded standards. As one example, marketers will need explicit permission from members of their EU email lists to email them after GDPR goes into effect.

“We’ve spent the last probably six, seven months preparing for it,” remarked Kevin Scholl, director, digital marketing and partnerships at Red Roof Inn. “It wasn’t something to ignore because of the fact that although our locations are [in] the U.S. As a hospitality company, we do get a significant amount of travelers from the EU.”

“I think it’s going to force marketers to kick ass at CRM [customer relationship management],” added Pini Yakuel, Optimove CEO.

Such blunt commentary was common during a virtual panel two weeks ago that I organized on behalf of Bateman Group. The participants were: Optimove’s Yakuel; Red Roof Inn’s Scholl; Peter Bell, Marketo, senior director of marketing (EMEA) at Marketo; Sandhya Hegde, Amplitude head of product; Gartner analyst Andrew Frank; Michael Horn, director of data science at interactive agency Huge; and marketing consultant David Deal. 

Here are four themes that emerged from the conversation:

Better creativity, less targeting 

“Truly great creatives actually thrive when limitations are placed on them, and I think the truly great players in the industry will actually become better as they deal with the impact of the limitations placed by GDPR,” commented Deal.

Horn said, “It really forces us as data marketers to think much more clearly about the value of the product and marketing communication that we are delivering from a creative standpoint.” He said that GDPR will put an even higher premium on quality content instead of “just [marketing] based on the audience that we’re targeting.”  

Yakuel largely agreed, “[Before], marketers could simply get away with batching and blasting and using those blank marketing techniques. That’s no longer going to be the case because the price of messing up is going to be very high.”

“The penalties associated with breaches of the GDPR law are considerably higher than any [security breach] PR problem, many of which come and go without actually having much material impact on the business, to be honest,” added Frank.

Indeed, speakers concurred that something in the ecosystem was likely going to have to give. Bell suggested that parts of ad tech businesses could be in peril. “How does retargeting fit well within a more rigorous cookie legislation?” he asked. “I think that’s where we’ll see the most disruption, not directly on the 25th, but once the regulation comes into force.”

How can brands create trust?

With GDPR in the background, marketers should be thinking a lot about consumer trust during an era of palpable angst thanks to extreme partisan divides, high-profile data breaches, executive misconduct, and media polarization. It’s a [tumultuous] time, so it seems like a big chance to be on the right side of the privacy discussion.

“Anonymize your customer data,” advised Hegde. “Use what we call pseudonyms rather than storing raw data. Design your systems for privacy. That way, you can be open about your practices. You can say, ‘None of your private data is accessible. We anonymize X, Y, Z before we send it to vendors or expose it in our systems.”  

Scholl suggested that GDPR was a critical juncture for all marketers to reassess strategies. “As a brand, it’s an opportunity for us to take a step back and look at not only how this is going to affect the EU, but also how it impacts how we engage with all of our consumers,” he said.

But do consumers actually care?

At the same time, multiple panelists wondered aloud if consumers would ever focus meaningfully on their data privacy.

“The problem with privacy as a social issue—as a motivator for movement—is that it’s a very abstract concept,” Deal said. “It’s not like a war or something [obvious] like that. It’s something that people don’t really understand. People sometimes feel uncomfortable or are offended by a [branded] experience, but I don’t think people have a very strong, consistent opinion about what privacy means to them as an abstract philosophical concept.”

Bell said, “It’s like when you ask a consumer if they like TV advertising, they say they don’t like TV advertising. But then if you ask them what their favorite TV ad is, it’s difficult to get a word in edgewise as they talk about it for the next 20 minutes about a TV ad from their childhood. I can see parallels with privacy. In the abstract, general form, people will not want to see their data used. But in the specific in where they can see the value, they will be more comfortable with [marketers] having access to that information.”

Others saw the question differently. For instance, Yakuel wondered what would happen if consumers caught wind of the troves of data leveraged by demand-side platforms.

“Most consumers don’t understand that if they go to a luxury car’s website, and then they are shopping for an expensive house on another website, DMPs are making conclusions about their level of affluence,” he said. “When consumers find out exactly the level of depth of data DMPs keep on customers, this will be more alarming.”

GDPR isn’t coming to America. Or is it?

“I don’t see any regulation on the scale of GDPR coming to the United States any time soon,” Deal said. “The technology firms such as Google have far too much lobbying power with the current [White House] administration.”

Frank disagreed, pointing to the California Consumer Privacy Act of 2018, which would give consumers the right to ask businesses what personal data is being collected.

“It’s too simple to say that the United States federal government doesn’t care,” he said. “The state initiatives could have a pretty big effect on the way brands behave. And, I think most of the brands and marketers that we talk to tend to feel that it’s more economical to have one privacy policy that you apply everywhere than just try to adjust it for each regional market… I think the GDPR is going to have a rather sweeping effect on U.S. practice, if not the actual laws.”

While recalling recent conversations with clients, Hegde concluded, “They are all making this investment and planning ahead. They are making changes to the whole company rather than putting on a Band-Aid just for the EU customers.”