General Data Protection Regulation (GDPR): What You Need to Know

August 09, 2018 | Trends
Puprle Twitter Facebook Google Plus Linked In


This conversation has been ripe for discussion. Earlier this year at an AUSAM (Austin Advanced Media) event, the group spoke to a panel of tweens about their media usage on apps like Snapchat and Instagram. The most alarming insight was that the teenagers, ranging in ages 11 to 19 years old, had little concern with regard to the amounts of data being collected online about them. Further, they had no apparent comprehension of what a business could accomplish should the data fall into the wrong hands. Think back to your carefree teenage years and you too will remember the wild age of innocence and invariable feeling of invincibility. 

It's not just teenagers who are blissfully unaware. We're all guilty of being naive to the reality of our Internet age. Albeit, a few stats can help with the mental digestion of this newfound, connected World Wide Web. For example, the average number of apps on a person's mobile phone is 40, according to comScore. Staggeringly, Facebook reported 2.2 billion monthly users as of Q4 2017. There are 7.5 billion people in the world. After doing quick math, that means almost one-third of the world uses Facebook. Further, this past May marked the third graduating wave of students since 2015 who have been on Facebook since they were 13 years old; that's nearly ten years of data. 

Moreover, as it relates back to privacy and the need for regulation, according to a 2016 Future of Privacy Forum study, one out of four top apps didn't even have a privacy policy at that time. 


Being heralded as the strongest protector of digital rights (rightfully so, IMHO), the General Data Privacy Regulation (GDPR) officially went into effect on May 25, 2018, but the regulations themselves were written almost two years ago in 2016. 

At its heart, the GDPR is a broad reform giving European Union (EU) citizens more control over how their personal data is used. Since the Internet is borderless, every commercial entity that touches the web, so every company, made updates in an effort to comply. Hence the onslaught of updates you received on Thursday, May 24, 2018.

The two common denominators that touch all areas of GDPR compliance are consent and transparency. Gone are the days of auto-enabled email enrollment—yep, that's right—you'll have to check the box yourself if you want an email. 


New regulations require that GDPR compliant organizations clearly, in layman's terms and free from legalese, state what, how and why data is collected. Further, GDPR compliant organizations must give customers options to learn how their data is being used, how they can rescind it and where to gather documentation of that request. 

New laws also grant consumers the right to see exactly what info is being collected about them and further, allowing them to request incorrect data to be updated or changed. Similarly, customers will be able to easily revoke permission for their data to be saved.

Being based in the U.S. doesn't mean you're free from regulation. If your company has employees or customers in the EU or if you market to people in the EU, your company is required to adhere. If not, it'll be important to clearly communicate that your company provides goods or services only available to U.S. consumers and should avoid any marketing language referencing EU. 

Compliance will be worthwhile. Fines for non-compliant businesses can be €20M or 4%* of annual global revenue, whichever is greater. 4% of global revenue for Facebook equates to about $1.6 billion. 


Given the progress and new regulations, it's no surprise that we're in a new era of advertising transparency. Google promises it, "will still make it possible to serve non-personalized ads" to people. However, messaging strategies will inadvertently shift away from today's current mantra of reaching the right person, with the right message at the right time. Inevitably, communication will need to shift back towards a more generalized message, targeted less toward specific personality traits and more toward external targeting variables like weather, location and time of day. 


Even though change is hard, we're all better for it. And while the cat's out of the bag as far as advertising capabilities, so too are the political and sociological "possibilities." Oh, and we hear that Internet speeds are better in Europe, too. So expect to see more changes soon, but don't worry too much—the Internet won't really look any different—there will simply be safer surfing.

Industry News, digital-education, digital-age, digital-marketing, gdpr

Recommended Posts