Data Privacy Regulations: End of data-driven marketing? [2024]

In May 2018, the privacy and security law, General Data Protection Regulations (GDPR) was put into force to monitor insider threats. GDPR was drafted by the European Union (EU), but it imposes obligations on organizations anywhere that collect data about people in the EU.

Data privacy regulations have impacted all organizations that use personal customer data, generated by communication with prospective customers, email marketing, calling, direct mailing, etc. Organizations that leverage insider threat management (ITM) software are likely to build a systematic approach to obey these regulations by reducing user tracking and relying on less data-centric marketing approaches like contextual marketing.

What are the data privacy laws / regulations?

We have mentioned GDPR since it is one of the oldest modern data privacy laws. However, most countries also legislated similar data privacy laws. Some examples are:

• The California Consumer Privacy Act (CCPA) started to apply in January 2020 in the United States. There are other data privacy regulations in other states as well.
• South Africa’s Protection of Personal Information (POPI) became effective in April, 2014.
• Brazil’s General Law for the Protection of Personal Data, the Lei Geral de Proteção de Dados, (LGPD) became effective in September, 2020.

What are the obligations of GDPR?

The most important obligations of GDPR are :

• Organizations must ask for explicit permission to use someone’s data.
• The users have right to opt-out of any communications from organizations and learn how their personal is saved, stored, and used.
• “The right to be forgotten” can be requested by the users.
• Collected data from the visitors/users must be stored in a secure environment. SSL (Secure Sockets Layer) certificates are used for this obligation.

What are the results of GDPR?

Investments

• Fortune Global 500 companies used a budget of around $8 billion by 2018 to be ready for GDPR.
• 25% of US companies spent $1+ million  in 2018 for compliance with data protection regulations.
• According to Cisco’s 2020 Data Privacy Benchmark Study, companies have gained several benefits from their investments in data protection regulations.

Significant Data Breaches

• Information Commissioner’s Officer (ICO) fined
  • British Airways £20 million. This data breach affected more than 400,000 customers
  • Marriott Hotels £18.4 million for data security failures.
• French data protection authority fined Google 50 million euro for data breach.
• The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) fined H&M was fined 35.3 million euro for a major data breach.

For more, you can check out Wikipedia’s list of data breaches.

What is the impact of GDPR on digital marketing?

How companies work

• Companies needed to find new ways to personalize their marketing. For example, they needed to rely only on users who shared their data for the basis of their targeted advertising like automated bidding on ad exchanges.
• Marketing strategies about social media, content creation and SEO needed to be modified for GDPR compliance.
• Companies have hired more professionals about data protection and regulatory compliance. Most large companies have a DPO (Data Protection Officer)
• Companies have used the regulation as a chance to show their focus on user data privacy. They started marketing campaigns to show that they respect user preferences.

Permissions

• Companies have started to ask permission from the visitors of their website about communication preferences like email newsletters
• The visitors have to give consent for tracking tools such as cookies. So, companies built cookie and tracking walls’ on their websites before collecting personal data from the visitors.
• For the right to be forgotten, companies have created new processes which allow the users to access their data and remove their data.

New products and projects

• Since full IP addresses can not be stored without permission, analytics software has been updated to store a part of the IP address.
• New systems have been built to track stored data from websites and storing systems for proof of consent.
• Privacy-friendly browsers have become popular and existing brands have increased measures to protect data privacy.
• Companies have improved data security of their services. This requirement will lead to the development of more security oriented products in the marketing technology (MarTech) sector.

What is next?

• Companies will continue to allocate more budget for data security technology. 
• The demand for Data Protection Officers and data security jobs will increase.
• Decline of traditional marketing methods such as direct sales, print advertising, television, and trade fairs, etc. may slow down
• Developers in digital marketing (e.g. web designers) need to have good knowledge about GDPR.

While there is increased focus on protecting personal data, there are also privacy invasive initiatives like Apple’s child safety initiative for monitoring illegal images. These continue to trigger heated debates about data privacy.

Further reading: Feel free to read our articles about data privacy :

• First Party Data
• Top 10 Privacy Enhancing Technologies (PETs)
• Third party cookies ban

If you have questions about data privacy regulations, we would like to help:

This article was drafted by former AIMultiple industry analyst Ayşegül Takımoğlu.