AIMultiple ResearchAIMultiple Research

Data Privacy Regulations: End of data-driven marketing? [2024]

In May 2018, the privacy and security law, General Data Protection Regulations (GDPR) was put into force to monitor insider threats. GDPR was drafted by the European Union (EU), but it imposes obligations on organizations anywhere that collect data about people in the EU.

Data privacy regulations have impacted all organizations that use personal customer data, generated by communication with prospective customers, email marketing, calling, direct mailing, etc. Organizations that leverage insider threat management (ITM) software are likely to build a systematic approach to obey these regulations by reducing user tracking and relying on less data-centric marketing approaches like contextual marketing.

What are the data privacy laws / regulations?

We have mentioned GDPR since it is one of the oldest modern data privacy laws. However, most countries also legislated similar data privacy laws. Some examples are:

  • The California Consumer Privacy Act (CCPA) started to apply in January 2020 in the United States. There are other data privacy regulations in other states as well.
  • South Africa’s Protection of Personal Information (POPI) became effective in April, 2014.
  • Brazil’s General Law for the Protection of Personal Data, the Lei Geral de Proteção de Dados, (LGPD) became effective in September, 2020.

What are the obligations of GDPR?

The most important obligations of GDPR are :

  • Organizations must ask for explicit permission to use someone’s data.
  • The users have right to opt-out of any communications from organizations and learn how their personal is saved, stored, and used.
  • “The right to be forgotten” can be requested by the users.
  • Collected data from the visitors/users must be stored in a secure environment. SSL (Secure Sockets Layer) certificates are used for this obligation.

What are the results of GDPR?


  • Fortune Global 500 companies used a budget of around $8 billion by 2018 to be ready for GDPR.
  • 25% of US companies spent $1+ million  in 2018 for compliance with data protection regulations.
  • According to Cisco’s 2020 Data Privacy Benchmark Study, companies have gained several benefits from their investments in data protection regulations.
Source: Cisco

Significant Data Breaches

  • Information Commissioner’s Officer (ICO) fined
    • British Airways £20 million. This data breach affected more than 400,000 customers
    • Marriott Hotels £18.4 million for data security failures.
  • French data protection authority fined Google 50 million euro for data breach.
  • The Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) fined H&M was fined 35.3 million euro for a major data breach.

For more, you can check out Wikipedia’s list of data breaches.

What is the impact of GDPR on digital marketing?

How companies work

  • Companies needed to find new ways to personalize their marketing. For example, they needed to rely only on users who shared their data for the basis of their targeted advertising like automated bidding on ad exchanges.
  • Marketing strategies about social media, content creation and SEO needed to be modified for GDPR compliance.
  • Companies have hired more professionals about data protection and regulatory compliance. Most large companies have a DPO (Data Protection Officer)
  • Companies have used the regulation as a chance to show their focus on user data privacy. They started marketing campaigns to show that they respect user preferences.


  • Companies have started to ask permission from the visitors of their website about communication preferences like email newsletters
  • The visitors have to give consent for tracking tools such as cookies. So, companies built cookie and tracking walls’ on their websites before collecting personal data from the visitors.
  • For the right to be forgotten, companies have created new processes which allow the users to access their data and remove their data.

New products and projects

  • Since full IP addresses can not be stored without permission, analytics software has been updated to store a part of the IP address.
  • New systems have been built to track stored data from websites and storing systems for proof of consent.
  • Privacy-friendly browsers have become popular and existing brands have increased measures to protect data privacy.
  • Companies have improved data security of their services. This requirement will lead to the development of more security oriented products in the marketing technology (MarTech) sector.

What is next?

  • Companies will continue to allocate more budget for data security technology. 
  • The demand for Data Protection Officers and data security jobs will increase.
  • Decline of traditional marketing methods such as direct sales, print advertising, television, and trade fairs, etc. may slow down
  • Developers in digital marketing (e.g. web designers) need to have good knowledge about GDPR.

While there is increased focus on protecting personal data, there are also privacy invasive initiatives like Apple’s child safety initiative for monitoring illegal images. These continue to trigger heated debates about data privacy.

Further reading: Feel free to read our articles about data privacy :

If you have questions about data privacy regulations, we would like to help:

Find the Right Vendors

This article was drafted by former AIMultiple industry analyst Ayşegül Takımoğlu.

Access Cem's 2 decades of B2B tech experience as a tech consultant, enterprise leader, startup entrepreneur & industry analyst. Leverage insights informing top Fortune 500 every month.
Cem Dilmegani
Principal Analyst
Follow on

Cem Dilmegani
Principal Analyst

Cem has been the principal analyst at AIMultiple since 2017. AIMultiple informs hundreds of thousands of businesses (as per similarWeb) including 60% of Fortune 500 every month.

Cem's work has been cited by leading global publications including Business Insider, Forbes, Washington Post, global firms like Deloitte, HPE, NGOs like World Economic Forum and supranational organizations like European Commission. You can see more reputable companies and media that referenced AIMultiple.

Throughout his career, Cem served as a tech consultant, tech buyer and tech entrepreneur. He advised businesses on their enterprise software, automation, cloud, AI / ML and other technology related decisions at McKinsey & Company and Altman Solon for more than a decade. He also published a McKinsey report on digitalization.

He led technology strategy and procurement of a telco while reporting to the CEO. He has also led commercial growth of deep tech company Hypatos that reached a 7 digit annual recurring revenue and a 9 digit valuation from 0 within 2 years. Cem's work in Hypatos was covered by leading technology publications like TechCrunch and Business Insider.

Cem regularly speaks at international technology conferences. He graduated from Bogazici University as a computer engineer and holds an MBA from Columbia Business School.

To stay up-to-date on B2B tech & accelerate your enterprise:

Follow on

Next to Read


Your email address will not be published. All fields are required.