As you are likely aware of, the implementation of the General Data Protection Regulation, more commonly known as simply GDPR, is fast approaching. In fact, the 25 May 2018 is only 277 days away from today (10 October). This won’t be first time – or the last time – you get told how vital it is to get things reorganised to make sure you’re GDPR compliant.
Of course, many admit that, even with the implementation very much on the horizon, they still do not fully understand what the regulations actually or what measures they must take to avoid getting into trouble with the authorities.
“GDPR is something which you firstly need to understand, but you need to bear in mind that you actually have to do something, you actually need to make physical changes to your technology architecture,” said Amir Malik, digital marketing expert at Accenture, speaking at the Digital Matters: GDPR Breakfast, presented by Mobile Marketing and Teavaro. “And it’s interesting for us that people are just trying to understand it still. There is an element of ambiguity at times but you need to start getting the wheels in motion.”
Got fine written all over it
The importance of being prepared for next May is underlined by the size of the fines that can be levied on organisations that don’t comply with the GDPR. Businesses could see up to four per cent of their earnings, or up to €20m, taken from their company for falling short on adhering to the regulation.
“I think that that idea that GDPR will come and the industry will be fine, and people will just adapt is wrong,” continued Malik. “I think the industry is going to need to adapt to GDPR very quickly and they’ll be some penalties put in place, and you’ll see people under increasing pressure within their own organisations to fix this problem. So, it’s better to be prepared in advance.”
The problem with the GDPR isn’t just the size of the potential fines, but how easy the regulation will make it for people to request for investigations into businesses. People will be able to file cases in their home nation, even if the company handling their data is elsewhere.
“It’s making the threshold for something to happen really low from the consumer perspective and there will be organisations that will test this and try this out,” said Dirk Rohweder, co-founder and COO of Teavaro at Digital Matters. “There are a lot more rights of the data subject. We don’t know yet how many people will actually use those rights but this is something you need to be looking at and making some estimations.”
For publishers, GDPR could be seen as a positive, despite the amount of stress behind getting everything in place initially.
With the implementation of GDPR, media owners will be able to regain some control over data leakage from their sites, according to Malik.
“You also need bear in mind that on your digital assets you basically drive the audience, your client websites don’t drive much traffic generally – that’s why digital advertising is crucial for generating quality traffic and leads to clients’ sites,” he said
“The publisher environment is a good place for an opt-in experience. So, as a publisher, you should be thinking about how you can accommodate brands and clients to seek permissions for their brands to advertise in your environment. This has to happen. I think it’s realistic that publishers will become environments for seeking approval for brands and clients.”
And remember: according to Robert Bergmann, co-founder and CEO of Teavaro also speaking at Digital Matters, if you’re really afraid of getting permission from your customers, then you may need to take a look at your business in general.
With all the kerfuffle surrounding the GDPR in Europe, it can sometimes be difficult to remember that this doesn’t just affect businesses within the EU but also businesses based outside the EU with European operations.
One nation that could, as with most things, have a key part to play in the GDPR is the US.
The US is home to much of the ad tech used for the entire display ecosystem but, according to Malik, the US section of the industry “just don’t seem to be having any moment around GDPR”. This is important because “there’s only three companies in the world that don’t really use third party technology: Google, Facebook, and Amazon. Everybody else is using third party technology. The reality is it’d be very difficult to start to build a technology solution to fix GDPR yourselves.”
Malik added that, despite this, ad tech companies cannot be relied upon to solve the GDPR problem of their partners, as programmatic supply side platforms (SSPs) are “all just working on this picky syncing, arbitrage business model”.
GDPR is, as you already knew, a lot for anybody to get their head around but the importance of getting it right cannot expressed any more strongly. And, all-in-all, it will have positive implications for the industry.
“It’s been a largely unregulated industry, and what’s happening is that the industry is becoming regulated, which is ultimately for the greater good of our industry I think,” said Malik.