Maneki-neko - Japanese cat figurine, aka "fortune cat"
Marketers will have to rethink and rework a lot of their current practices under the GDPR, which will be a challenge (and an opportunity) PHOTO: Alain Pham

Marketers, consider this a warning: Come May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will mark the beginning of the end for third-party data. 

This means you’ll need to rethink how and where you gather customer data for your digital marketing programs because eventually, third-party data will be gone.

Giving Consumers Control of Their Data

Third-party data’s imminent demise won’t happen soon enough for some consumers. For a long time, they’ve felt mistreated by brands' data gathering practices. In fact, a recent survey found 68 percent of US consumers don’t trust brands to respect their privacy.

The EU will enact GDPR with the intention of handing consumers control of their online data, as well as compelling businesses to keep their customers’ data safe from hackers. But the regulation also includes a revision of the definition of personal data and how businesses must obtain consent to use it. 

Specifically, businesses must obtain verifiable consent from EU residents that is explicit, informed and freely given. This means that under GDPR, those long terms-of-service agreements will need to change, stat. 

No Passing Go, No Grandfathered Data Collection

Consumers must be given clearly understandable terms for each instance in which their personal data will be used, with no pre-checked boxes and no requirement to accept those terms in order to access the business’s product or service. They will be asked to check a box that will give permission to sell their information to data brokers (which would open the door to unsolicited offers and online tracking). 

Predictably, given the option, the consumer will decline.

The GDPR has no “grandfather” provision allowing the use of third-party data collected without GDPR-level consent before May 2018. This means existing third-party data in the EU is gone, and no new data will flow to data brokers as a replacement.

If you think you’re safe because you don’t live in the EU, think again: GDPR applies to any organization, anywhere in the world, that collects personal information from EU residents. 

The fines for non-compliance are steep. They can reach 4 percent of global revenue or 20 million euros (about US $22 million), whichever is greater. EU regulators have made it clear they intend to go after high-profile targets as way of scaring everyone into line.

Look For the Silver Lining

Recognizing that GDPR is no joke, the big data brokers — including Acxiom, Experian and Epsilon Abacus — are preparing for the May 2018 deadline. 

In its May 2016 annual report, Acxiom acknowledged the threat GDPR poses to its business: 

“Between now and the time that the GDPR becomes effective, we may need to modify our platform or our business to comply with new requirements contained in the GDPR or to address client concerns relating to the GDPR, and any such measures may result in costs and expenses, and any failure to achieve required data protection standards may result in lawsuits, regulatory fines or other actions or liability, all of which may harm our operating results.”

Despite initial bumps, GDPR and the death of third-party data may not be a disaster for businesses after all. 

Rather, it will force a turning point, giving digital marketers the opportunity to focus on engaging directly with their audience to obtain first-party data. It will push brands to do the right thing by offering privacy policies that are easily understood and are accompanied by easily accessible controls that put customers in charge of how their data is used. 

This might not be the easiest path, but it’s the best way to build committed and long-lasting customer relationships.