Marketers prep as the clock ticks on GDPR

With less than 24 hours until the European Union's new rules come into effect, marketers are bracing for the impact in Canada.

On Friday, the European Union will make a substantive update to its digital data and privacy regulations with a new set of rules known as the General Data Protection Regulation (GDPR).

The effects of the rules will result in 43% of E.U. consumer data being unusable, according to new estimates from Vibrant Media. What’s more, almost half  (42%) of media buyers in the company’s report stated they’ve seen a drop in programmatic spend (which is said to be compromised the most by GDPR).

“GDPR is forcing brands to rethink their marketing,” said Doug Stevenson, Vibrant Media’s CEO, in a release for the report. “Agency execs are predicting that 43% of consumers will choose to opt out of an involuntary data relationship with brands, which presents a real opportunity to build trust with consumers so they opt-in to a more positive, transparent relationship.”

While the GDPR framework will be passed an ocean away, many Canadian marketers will be affected by the European regulations in some way – resulting in local industry-wide education and compliance.

“It’s very important for Canadian marketers to know this affects them,” said Tim Bishop, VP of the Canadian Marketing Association (CMA). “Even if Canadian brands don’t operate in the EU or have offices or employees there… if you have any consumers browsing your material there, if companies are monitoring data of people in the EU, there can be exposure to this law. GDPR flags any entities that aren’t compliant.”

GDPR is based around eight principles:

  1. The right to be informed – consumers must be made aware of what kind of information that can be gathered from them and what their rights are
  2. Right to access – consumers can access and read how their data will be used
  3. Right to rectification – if information that is not correct has been disclosed to third parties, companies must ensure that it is corrected and updated;
  4. Right to erasure – consumers can request the removal of their personal data when there’s no compelling reason for it to be present
  5. Right to restrict processing – companies can continue to store data they’ve already collected, but consumers can choose for it to not be processed or leveraged
  6. Right to portability – data can be re-used across different services in a streamlined way without any hindrance
  7. Right to object – consumers can object to the processing of their data if it is not in their interest
  8. Automated decision-making and profiling rights – if information is going to be shared by an organization, there must be human intervention in the process

Bishop said many of the rules are similar to Canada’s PIPEDA, but acknowledged that the E.U. is “truly world-leading” in its positioning of “privacy by design and privacy by default.”

As such, the CMA is encouraging all of its members to research and comply to the regulations.

Several industry organizations have also introduced resources to help advertisers better understand GDPR (IAB Canada introduced its own technical specifications in March), while some companies have created software to help with compliance. Toronto-based digital agency Trew Knowledge is among those companies. The agency created a WordPress plugin for sites powered by the CMS, in order to provide the requirements for compliance.

Shawn Barrans, president and chief strategist at Trew Knowledge said the plugin allows for anyone who creates a website through WordPress to manage consent, cookies, opt-out functions, objections, re-consent and more. “It’s also just a great way to say to people, ‘Hey, this site uses cookies. This is how we use cookies.’”

The plugin currently sees an average of 4,200 requests per day from clients worldwide, said Barrans, and sees 25,000 downloads per week and 2,000 active installs per day. He noted that this is a sign that GDPR is a major concern for advertisers, but that it goes beyond surface-level issues.

“All of our clients are trying to determine if they actually need to be compliant, and it’s lower-level issues like cookies. But other clients are talking about higher-level issues that are much more embedded into the process – like if a tech platform needs to have an opt-out option. There could be a much deeper business impact.”

“If we look back four years to when CASL was first introduced, we saw a lot of the same issues,” added Bishop.