EU Companies, Are You Ready For The GDPR?

The General Data Protection Regulation will come into force in 2018, and with it the new rules concerning online data. It can be a threat, but also an opportunity.

EU Companies, Are You Ready For The GDPR?

You’d be forgiven for having a sense of déjà vu when reading the phrase “beyond the cookie.” Haven’t we had this debate already? Well, yes, we have. In 2011, the EU ePrivacy Directive (often known as the Cookie Law) required publishers to notify consumers about the use of third-party cookies and to provide them with an opt-out. Many of us feared that this new era of transparency and control would cause a plummet in cookie-data volumes for use in behavioural targeting, but it wasn’t the case. Far from obsolete, online advertisers continue to rely on cookies for audience targeting, attribution, and consumer insight. And so they should—because cookies continue to provide a simple, scalable, and precise solution for all of the above.

Now a new threat looms. In 2018, the General Data Protection Regulation (GDPR) will raise the stakes again—its scope spans the full gamut of online identifiers and ramps up the level of choice and control that consumers will have in relation to their data. Crucially, it is likely to classify cookies as personal data. The implications of this are considerable—as are the fines that businesses will incur if they don’t comply.

This is not the death of the cookie, but it is certainly a major threat to the current way in which marketers are approaching online data. Marketers will need to adapt their strategy and their systems as a result—but they should view this as an opportunity as well as a threat. GDPR should encourage us to explore more innovative types of data and, ultimately, employ a more diverse data strategy.

A Fresh Look At Data Strategies

The broad definition of personal data within GDPR means that anonymous online identifiers such as cookies and device IDs are well within its scope. One of the largest implications of this is that many businesses may have to gather proactive consent (i.e. an opt-in) to capture this sort of data.

If you’re a digital business with a well-established CRM strategy and, therefore, a high-scale footprint of opted-in digital customer data, then you’re well placed to weather the GDPR storm. If you aren’t, then it’s important to start thinking about this now. How can you begin to gain consent for online data capture and processing, and what incentive do consumers have to give you this? We need to get closer to consumers to have an open and mutually beneficial value exchange when it comes to their data.

Collaboration with technology and execution partners also becomes key. Another change that the new regulation brings is that it’s not just the data controller that bears responsibility for data protection, but also any data processors. Most advanced marketers are now at the top of a colossal food chain of martech, adtech, and execution partners, all of which will be reliant on the establishment of an equivalent chain of consent to do their jobs.

Whichever way you look at it, an opt-in world would result in either falling scale or rising expense of user-level data. As a result, GDPR is a good prompt for marketers to look beyond user-level data. Where could similar results be achieved through more broad approaches? Where could data be aggregated or deleted? And what alternative non-user-level datasets could ensure that an intelligent approach to targeting is still achieved?

Achieve Personalisation In A Post-Personal World

Picture the scene: it’s a cold and rainy Monday morning, I’m hungry, in a rush, and the trains are a mess again. My past browsing behaviour will tell you nothing about this. Instead, an advertiser should be able to make some accurate assumptions about my mood just by knowing my rough location and some context about what’s happening there right now. Furthermore, they could show me a list of products that meet my current needs, and assemble an empathetic creative message that I’d respond well to, without the need for any cookie data. In this instance, relevance, and the creation of an ad that’s personal to my situation, require no understanding of who I am, just where I am, and what’s going on around me at this particular moment in time.

This kind of data is called moment data, or macro data—and it is the key to producing relevant advertising based on real-world, environmental events. Nowadays, there are thousands of opportunities for marketers to capitalise on the current moments happening across sports, social media, TV, health trends, weather, the economy, and exchange rates—to name just a few.

In 2016, 70% of marketers said they would be testing moments marketing. In 2017 and beyond, we should be looking to this as a primary source of driving relevance across digital media channels. By relying more on macro data and less on cookie-based data, brands can diversify and derisk their data strategy, as well as improving ad-engagement in the process.

Not only will this provide brands with innovative and more relevant targeting, but it will also improve engagement across media channels. Ultimately, the GDPR will cause a fundamental shift in brand communications, but it will also provide opportunities for forward-thinking brands that can consider macro drivers in their outreach. Now what brand wouldn’t want that?