| March 27, 2018
Heightened attention and concern to protecting the privacy of consumers has become a hot topic. In fact, digital publishing recently saw increased awareness and concern following the rise in consumer use of ad blockers. Consumer feedback was that ad blocker enabled them to consume content in lieu of advertising, creating less disruption in their content consumption. Deemed, ‘ad avoidance’, consumers found this mechanism as a means to avoid annoying, or even intrusive, ad experiences.
It was consumers’ mechanism to demand change in their experience with advertising and the use of their personal data. But marketers debated the notion, struggling to balance the best executable user experience against both the use of consumer data for targeting and relevancy, as well as for advertising revenue generation.
And as recently as last week, the news broke regarding Cambridge Analytica accessing 50 million users’ Facebook data without their knowledge, creating heightened awareness and debate regarding consumer expectations relative to their data and privacy. There is no question that individual expectation is going to change in the near term, as demonstrated by the dip in stock price of Facebook following the announcement, as well as in the #DeleteFacebook trend.
The topic is undeniable, consumers no longer desire control—they demand it. As marketers, it is our job to cater to the consumer experience they desire while carefully balancing consumer privacy, as to not infringe upon it.
The point is that this topic isn’t new. And with GDPR looming on the horizon, this should be no surprise to marketers. At its very core, GDPR aims to put control back in the hands of the consumers to give their consent for their information to be collected. Specifically, consumer consent means that no longer are long terms and conditions documents proper for obtaining approval to collect their data. Consumers need a clear, simple and accessible form that enables them to provide their consent for data collection.
Marketers should see the GDPR not as a barrier to their business operations, but as an opportunity to ensure that its strategic use of personal data is transparent and embraced by consumers; to build consumers’ trust that their personal data is in good hands and will not be corrupted. For those marketers who put forth the effort to put consumer data privacy first and gain the consumer’s trust and consent – they will have the greatest opportunity to use the data to build campaigns that are to the mutual benefit of the organization and the consumer.
Still not up to snuff with what GDPR is and what is means for you? Read on to capture key points.
What is GDPR?
On May 25, 2018, a new regulation out of the European Union will become law, the General Data Protection Regulation, or GDPR for short. The GDPR is a comprehensive data privacy regulation which applies to all businesses who collect, process, or store private data pertaining to EU residents, regardless of whether the organization is established in Europe. The GDPR was created to replace the EU Data Privacy Protection Direction (1995); to take data privacy protection into the digital age. What is important to note is that the GDPR definition of personal data is considerably broader than that of the US’ interpretation of personal identifiable information (PII). The expanded breadth in the GDPR arises from the regulators’ decision to include both direct and indirect identifiers; the latter consists of information that does not identify a person in isolation but can do so when combined with other information (for example, IP address).
What is the purpose?
The central philosophy of the regulation is that personal data belongs to the person, not a company, and that a person should be able to control their personal data. The GDPR codifies the basic rights of EU residents, which includes: the right to be informed about the data an organization is collecting/processing and for what purpose | the right to amend this data | the right to have this data be deleted | the right to change their elections about what data is being collected | and the right to port their data to another organization. Organizations have the obligation to ensure these individual rights are protected or face regulatory fines of up to €20 Million or 4% of revenue.
What information is defined as personal data?
Under the GDPR, personal data is defined as “any information relating to an identified or identifiable natural person ‘data subject’; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.” By our estimation, this includes, but is not limited to:
- Tax identification number
- Banking information
- IP address
- 3rd party cookie information
- Device IDs
- Cashback Member IDs
What are the key points for businesses?
The changes brought in by the GDPR are wide-reaching and many functions in an organization may likely be affected by such changes, from marketing to security, HR, legal, and compliance. Companies must keep careful records of all data processing activities and provide a legal basis for all collecting or processing of such data. Businesses should evaluate their collection and use of personal data under the guidance of the GDPR and assess any gaps between their current collection/process processes and what is required under the GDPR.
How is Pepperjam preparing for the GDPR?
Pepperjam is working with GDPR specialists to ensure its compliance with the GDPR. Some action steps that we are taking:
- Implementing an informed consent opt in for visitors of our site(s).
- Undergoing a Data Protection Impact Assessment and Gap Analysis.
- Updating our commercial contracts for suppliers, vendors, publishers and advertisers
Pepperjam aims to provide our valued partners with information on this topic to ensure we help you ahead of the GDPR learning curve.
Where can I learn more?
**Disclaimer: the information provided is not intended to serve as legal advice. You should seek legal advice to determine if you are impacted by GDPR.