Experts Share 5 GDPR Lessons They’ve Learned (So Far)
A culture of “privacy by design” is the key to GDPR-compliant data handling and a conduit to a more engaged and transparent relationship with end users, according to a panel hosted earlier this month in London by Adobe.
A culture of “privacy by design” is the key to GDPR-compliant data handling and a conduit to a more engaged and transparent relationship with end users, according to panel hosted earlier this month in London by Adobe (Adobe owns CMO.com).
“Advertising, Data, and Tech in a post-GDPR World” included publishers, data processors, data controllers, and, of course, a room full of data subjects: people. This wide-ranging discussion took a look back at the months preceding and following the 25 May implementation deadline, and it articulated a shared vision for the future.
In introducing the event, Adobe industry marketing director Mike Plimsoll emphasised the imperative to “weave privacy into the overarching experience, building it into the customer journey.” This approach, he said, will result in better user experiences and unlock the power of data.
Here are five learnings CMO.com took from the all-things-GDPR discussion.
Consider Your Place In The Ecosystem
Richard Foster, LiveRamp UK managing director, described how his company’s recent entrance into Europe–three years ago–meant that his team had been cognisant of the impending regulations from the start. As a result, the identity resolution specialist didn’t require significant changes before GDPR came into force, though it faced challenges nonetheless.
While the company had a “robust data ethics plan” and processes in place for GDPR, it had underestimated the work involved to sync with partners, he said. Foster recalled: “The number of data processing agreement [DPA] requests we got in the final month was quite overwhelming. We didn’t anticipate the pressure that businesses would put on us.”
As a European-based company, music streaming service Spotify had been preparing for the regulations for years. Indeed, European head of programmatic Zuzanna Gierlinska said this type of legislation was a high priority for company executives when she joined the company 12 years ago. Like LiveRamp, the company’s key challenges revolved around collaboration.
“We suddenly found that the ecosystem was asking questions of us to sign this DPA or that addendum. We had some companies labelling us as a data processor, while others said we were a data controller,” she said. “I would say 90% of our time wasn’t focused on what we were doing but how we were working with our partners.”
It’s A Journey, Not A Destination
Despite the concentration of activity leading up to 25 May, the panellists were quick to emphasise their long-term commitment and ongoing nature of compliance.
“The 25th became a singular point in time, but it’s a milestone, not the end,” said Chris Swarbrick, head of technology at Omnicom Media Group Programmatic UK. “It’s an evolution, as people continue to learn and understand what the relationships will look like. There are multiple nuances, and it’s going to take a while to learn all of them.”
Anthony McDonagh, commercial technology director at Dentsu Aegis Network, echoed Swarbrick’s comments, adding that legal precedent will inform a significant part of the developing narrative around GDPR.
“A decision in Saxony, [for example], may change the landscape for all of us,” he said. “It only takes the conclusion of one local court to change things. If we can keep conversations around these developments going, we can make life easier for everyone.”
Universal Standards Can Provide Reassurance
As responsible companies everywhere mobilised to implement their understanding of GDPR, subtle differences in interpretation inevitably arose. To avoid the challenges these variations could cause, the panel uniformly advocated for the creation of a set of standards, created by the industry for the industry.
Harking back to industry unity during another time of change, Lisa Kalyuzhny, director of advertising solutions at supply side platform (SSP) PubMatic, said: “When programmatic started, you had all the major players in the room saying, ‘This is what we’re going to do together.’ I think the IAB, especially in Europe, has done a really good job of being present and having all of the players on their board, so that whoever wants to be involved can be involved.”
Added Foster’s LiveRamp: “I think there are things we know now that, as an industry, we can be working to enshrine at the heart of what we do. A ‘privacy by design’ approach and recognisable standards will help us all.”
Communication Is Key
Sticking with the theme of collaboration, one audience member asked how brands could help their agencies with GDPR-friendly working practices. Omnicom’s Swarbrick recommended sharing any and all internal decisions taken around the regulations, particularly as the marketing department is unlikely to be the one driving policy around legal issues.
“I’d definitely say we’ve been able to work most harmoniously with clients when we’re having those deeper conversations,” he said. “It’s so helpful when a client can tell us their approach to GDPR, their basis for legitimacy, and how they’re progressing.”
Dentsu’s McDonagh concurred, saying that early and in-depth conversations with clients about such matters yield the best results.
“When we’re able to have those conversations and explain why processing instructions for us might be different to the instructions needed for a slightly different company, for example, it’s made a big difference,” he said.
Embracing The Changes Improves Customer Experiences
Spotify’s Gierlinska noted that the regulations has enabled Spotify to step up its game in a different way: in research and development. Cutting to the core of GDPR, she asserted that the premise behind these regulations was to bring back trust among users, making them feel better about digital advertising and how their data is being used.
“It actually became a checking mechanism during development, to ask if what we’re doing is the right thing from a user trust perspective, not just legally. Now we question if anything new we develop will help the relationship we have with our users.”
Adobe’s Plimsoll concluded: “You can now unlock new levels of trust with your data subject. If you’re respectful of how you use their data, what we’ve seen is that customers are more willing to provide it, and you can develop a deeper relationship with that customer.”
https://www.adobe.com/privacy/general-data-protection-regulation.html