How GDPR Changed the Marketing Landscape

Privacy & Consent Management|6 Minute Read

How GDPR Changed the Marketing Landscape

The official General Data Protection Regulation (GDPR) website deems the consumer measure “the most important change in data privacy regulation in 20 years.”

That very well may be the case. However, the opinions about this “change” — a full two-plus years after the law went into effect — vary, depending on the who you ask:

  • On the one hand, consumers and regulators — not just in the European Union, but worldwide — consider GDPR a big win. Consumers were awarded more control of their personal data. Meanwhile, lawmakers behind the EU measure and abroad can claim victory over companies that improperly secured, stored, sold, and/or misused data.
  • On the other hand, organizations that work in the EU bent over backwards to ensure complete GDPR compliance prior to implementation of the divisive data privacy law. Simply put, GDPR requirements — while seemingly laid out clearly for marketers and brands the world over — still proved difficult for many businesses to meet (and on time).

With the data protection law affecting innumerable businesses the world over today, it’s worth examining exactly how GDPR has changed the customer data management landscape to date — and how organizations of all sizes need to maintain a focus on GDPR compliance.

ccpa vs gdpr

GDPR: A refresher on General Data Protection Regulation for marketers

“What is GDPR?” isn’t exactly a popular question in the business and marketing community anymore. (Who doesn’t know the data law at this point, of course?)

However, we thought we’d provide a quick refresher on the intricacies of the law that was adopted in April 2016 and ultimately went into effect in May 2018.

With that in mind, here’s our oversimplified version of “GDPR for dummies” — a rundown of the measure before, during, and after its enforcement:

  • Before — Why GDPR came to be: European parliament wanted organizations who secured consumers’ (a.k.a. data subjects’) information without adequate permissions to cease doing so and give individuals the option to opt out for that data usage. Enter new GDPR consent management obligations, which cover all EU citizens.
  • During — Action items for brands: A GDPR compliance window was built in to the regulatory launch plan. However, it took many companies considerable time to ensure compliance and the protection of personal data as well as appointing a Data Protection Officer (DPO) within their organizations. Data cleansing and security, mailing list updates, and form-consent or -field modifications were some tasks brands tackled.
  • After — Comply or face penalties: Brands in breach of GDPR face hefty fines from law enforcement. This potential punishment from public authorities lit fires under business leaders to fast-track compliance. As of the end of 2020, though, only a few large-scale companies have been penalized for failing to meet the guidelines.

TL;DR: GDPR mandates companies doing business in the EU (or collecting customer data there) prioritize information security across their organizations and meet the myriad requirements by making the necessary data collection changes or face (financial) wrath.

So far, the vast majority of brands have seemingly passed the test. (Or, at least, avoided penalties). Several barriers to continued GDPR compliance, though, remain for companies regarding the processing of personal data and use of it in their marketing programs.

Biggest GDPR challenges for marketers: Compliance, consent, and more

A Winterberry Group survey of marketers found many challenges impede their marketing success: from the difficulty of proving legitimate ROI to a lack of guidance from leadership.

The top challenge cited in the poll? Government regulation — or the prospect of new/future regulatory measures.

(Data silos came in second, but that’s a topic for another day.)

It’s a little surprising more executives aren’t as fearful of measures like GDPR affecting their businesses’ bottom lines, given the potential negative ramifications of data breaches by EU supervisory authority. (And, now in the U.K. the Information Commissioner’s Office.)

However, there are still hurdles to clear to maintain GDPR compliance:Winterberry Group

#1: “Forgetting” consumers who want to be forgotten

The “right to be forgotten” is a critical benefit for those who don’t want their customer data stored by brands. The GDPR mandates that consumers who want their data erased can request as much of a given brand(s), who then will have 30 days to comply.

What this means for you: In this instance, GDPR compliance not only requires deleting customer data and getting any third parties with whom you’ve shared customers’ data to do the same, but also alerting the person who made the request shortly after their request and when the task is ultimately done.

#2: Managing real-time changes to customer consent

In the same vein as data erasure, brands also need to remain up to speed on how customers engage with their websites, apps, and emails. Why? Because that activity — including and especially new form submits — invariably impact their consent status.

What this means for you: If your organization uses a customer data platform like BlueConic (see below) to handle real-time consent management, you need not fret.

If you don’t, though, it’s entirely on your company to find another method to track customers’ and leads’ consent changes and to update their various database profiles.

This can be quite the time- and energy-consuming chore (and a waste of valuable resources).


#3: Unifying customer data in a single source of truth

Technically speaking, this is a challenge marketers face regardless of whether GDPR.

All the same, it’s essential for all companies, regardless of database size, to unify customer their data in one, central location so they can easily activate data in lifecycle marketing.

A single source of truth simplifies life for marketers by unifying a customer’s historical profile information into a sole, dynamic profile that updates in real time.

As business intelligence consultant Rod Welch wrote for TWDI, “Accuracy is no longer a ‘nice-to-have’ feature. The GDPR brings the data quality of personal information into the realm of compliance.”

What this means for you: If you don’t have a single source of truth solution, like a pure-play CDP, your ability to ensure data accuracy for customers and prospects — and, in turn, to ensure ongoing GDPR compliance — becomes that much harder.

consent management

How the consent management “evolution” continues today

When GDPR first went into effect, UK Information Commissioner Elizabeth Denham said, “The GDPR is a step change for data protection. It’s still an evolution, not a revolution.”

The EU law was meant to rectify customer data privacy issues that have lingered since the inception of the internet. Now, other countries and some U.S. states have planned their own data privacy measures:

It’s only a matter of time before comprehensive data privacy laws are in place everywhere. The specifics of each one will certainly vary. But the central purpose remains the same:

Ensure companies responsibly gather, store, and disseminate customer data; offer complete transparency to consumers; and delete data upon request (and quickly).

With two full years of GDPR in the books, it’s safe to say the brands everywhere are aware they need to be savvier and smarter with customer data collection.

What remains to be seen is how the continual evolution of consumer privacy laws will play out in the year — and years — ahead and impact marketers.

Watch our data privacy laws webinar to learn how you can comply with consumer data measures by investing in a CDP with consent management functionality.

data privacy laws

See what BlueConic can do for you.

Whether you’re looking for operational efficiencies or improved marketing effectiveness through data activation, our customer data platform can help.