By: Yoav Oz, Co-Founder of Spotad
Unless you’ve been living under a rock, it’s likely that you have seen this latest acronym everywhere – GDPR (General Data Protection Regulation). If you haven’t, it’s time to get updated and understand what GDPR means to you as an individual, as well as a marketer or business owner.
What’s the deal with GDPR?
GDPR stands for General Data Protection Regulation. This EU regulation took four years of work and was approved by EU Parliament in April 2016, giving companies a two-year transition period to get ready. You may ask why it took so long to create? The reason for that was the complications they ran into when trying to find a way to legislate data protection while taking into account today’s technologies. The EU had to differentiate between how personal data is used, and how it’s likely to be used in the future. That doesn’t mean there aren’t any data protection laws today. The UK currently relies on the Data Protection Act 1998, which was put together after the 1995 EU Data Protection Direction.
So, why the new legislation? Well, it’s pretty safe to say that in the past 20 years, technology has changed significantly, and has drastically affected how personal information is provided and shared online. The GDPR supersedes these ancient data protection regulations and was created with the goal of giving people more control over what companies do with their data. It will also make data protection rules pretty much the same throughout the European Union, which is not the case at the moment. The GDPR took effect in all EU member states on May 25, 2018.
To Regulate or Not to Regulate?
There are many ways in which the regulations play out. One of the regulations will begin with Jurisdiction. The GDPR extends to a large territory and applies to all companies around the globe that process data belonging to subjects within EU countries. In the past, this was not clearly defined. Now, the regulation applies to both controllers and processors, regardless of their location and where the data is being processed, so long as the data itself belongs to subjects within the EU. Another regulation will include higher penalties with fines being based on the gravity of the breach or non-compliance and can reach up to 20 million euros or 4% of annual global turnover. Fines for infringements will be considered on a case-by-case basis and will take a number of criteria into consideration, such as the intentional nature of the infringement, how many subjects were affected, and any previous infringements by the controller or processor. In order to prevent these higher penalties, stronger consent will be implemented. Today, companies use long “privacy and terms” pages with legal jargon that the average Joe probably can’t understand, let alone read. The GDPR demands that conditions be clear and accessible, and that consent regarding data must be separate from other matters on its own, using clear and simplified language. In addition, companies must ensure that users can withdraw their consent as easily as they provided it.
The GDPR is working to ensure anyone has the right to gain access to their own data, whether currently being processed by a company or not, as well as how that data is being processed and for what purpose. Upon request, companies will have to provide this information free of charge. In addition, anyone has the “Right to Be Forgotten” – meaning, they can request to have their personal data erased, stop all dissemination of processed data, and require all third parties processing the data to desist immediately. Additionally, all EU member states must notify their users of any breach that can potentially risk their “rights or freedoms” within 72 hours of having become aware of the breach. For example, the Trump Hotels breach case, which was discovered in August 2016 but only reported in July 2017, would result in a serious fine under the new GDPR policies.
There are, of course, many other changes, and I highly recommend that all companies and individuals read the regulations or a summary of its articles to understand the obligations and rights it introduces.
What It Means for Online Marketers
The idea of the GDPR is to protect all individuals by protecting our data and giving us a say in how our information is used. From a personal standpoint, it’s highly recommended that everyone understands the basics of this regulation and know their rights in terms of data protection. From a business standpoint, any company that does business in the EU is affected. Companies around the world have already started to prepare for the biggest change in data protection laws in the past two decades, and it’s understandable. It’s not for nothing that the EU gave a two-year warning – it’s not easy to implement such radical changes and it will be devastating for many businesses who can’t comply, especially small businesses due to the significantly high fines involved. Is this the end of online marketing? No, but it will not be a surprise if small marketing and advertising agencies shut down as a result.
GDPR was created to safeguard the individual user and their privacy. These new regulations will make it harder for smaller companies to target individuals who don’t want to be targeted, as well as companies looking to sell users personal data without their explicit consent. These small companies might very well disappear altogether. While GDPR is safeguarding the privacy of the user it will, in effect, change the landscape for online marketing once again. What was once a plentiful data-filled environment where online marketers could freely gain access to information regarding their customer base, will now become severely limited. No longer will marketers be able to just derive data from mobile applications and website cookies without jumping through quite a few hoops. With the option to delete all your data and with clear and concise terms of agreement, who wouldn’t opt out if they could? Is this the end of online marketing altogether? I think not. I believe that online marketing companies will just have to find new and innovative ways in which to target potential customers. As the saying goes “Necessity is the mother of invention” and this may very well be the necessity that spurs the next step in the evolution of online marketing. Whether it be new technology or just more inventive ways in which they will reach their intended audiences, who’s to say, but I for one am excited to find out.
About Yoav Oz, COO and Co-Founder of Spotad – Yoav has over eight years of experience in marketing and advertising, and was previously a manager at a private advertising technology incubator and the Director of the LaunchPad Entrepreneurial Program at Tel Aviv University. Yoav’s latest venture, Spotad, is a leading artificial intelligence, mobile advertising technology company that is the first Western demand-side platform to enter China. Spotad connects clients to both Eastern and Western ad-exchanges. By utilizing advanced machine-learning Artificial Intelligence technology, Spotad enables businesses to bring their own algorithms and data to the programmatic advertising space. The company boasts impressive clients that include Uber, Expedia, Apple Music, OpenTable, Trainline, and others.