It’s often been said that data will be the oil of the 21st century. Until now data (and big data, particularly) has been the engine that runs modern-day app advertising. Data-driven ads work not only for advertisers, but also for users who find more relevant advertising and interact with the products advertised. But come May 25th, the discourse around data is set to change when GDPR comes into effect for the EU.
There’s already a lot of buzz around how data is collected and used, as well as how it is shared to serve ads to users. Data privacy will also be a main concern once GDPR is implemented. A lot has been said in the media around how prepared the industry is when it comes to how each stakeholder will handle their data. There are some question marks that remain around how the new legislation will change how the industry works with first, second, and third-party data.
We partnered with mParticle to prepare a go-to guide for our readers to help them understand what GDPR means and how each of the data types will evolve as we move closer to the enforcement of the new law. Of course, as an industry we will see how we adapt and work closer with the new legislation, and it is an ongoing process.
Click on the image above to unlock and view the full infographic or access the PDF in the link here to download and bookmark it.
As a 2-min read, we have also put down some key takeaways:
What is GDPR?
It’s a law designed by the European Union to give private citizens control over how their data is collected and used. The law is applicable to all service providers and international companies with data operations about subjects in the EU.
“Can I Be Fined?”
A lot has already been said on the fines that can come with GDPR mainly because they are substantial. There are two tiers of fines. The first is up to €10 million or 2% of a company’s annual global turnover of the previous year, whichever is higher. The second is up to €20 million or 4% of annual turnover of the previous year, again, whichever is higher.
The first tier is for breaches of controller and processor obligations, the second tier is for breaches of data subjects rights and freedoms.
To which extend this is actually going to be applied remains to be seen.
What About Data-Driven Ads?
There has been some panic in the industry and among the different stakeholders, but GDPR doesn’t mean there will be an end to data-driven ads. Stakeholders need to be more transparent and abide by the rules of how user data will be utilized.
What About Legacy Data?
From what we heard and read it is not safe to rely on leniency related to past legislation and that we should not expect a ‘grace period’, so everything is applicable starting from end of May. This means that companies should find a good approach to get re-consent or to renew permission to use data. Possible solutions are anonymization of old data or deletion. You have to come up with a good argument and business requirements why to use personal data after the 25th of May. We look at it as starting with a clean slate. From the 25th of May, our data needs to be processed in a GDPR-ready manner, all data, not only new data generated from the 25th onwards.
How to Govern Your Data Under GDPR?
- Access: All your data sources
- Identify: Inspect them to identify what personal data can be found in each.
- Govern: Define what personal data means and then share this understanding
- Protect: Set up the correct level of protection for the data. Work with mobile-first Customer Data Platforms with GDPR Compliance features
- Audit to show regulators
- Embrace culture of new user rights