Can your data management platform handle Europe's GDPR?

As businesses across the world get ready for Europe’s General Data Protection Regulation or GDPR, many are assessing the security of their data management platforms to protect themselves from massive GDPR fines.

Many already utilize the digital tools that consolidate audience data for marketing and other functions. But their security features are about to become more important; as of next month, the GDPR will require explicit consent from European users before a company can collect their personal information. Upon request, the companies must delete certain data. And those location-based rules apply not only to residents of Europe, but to anyone conducting online trade while in Europe.

Firms that don’t comply could face fines totaling 4 percent of global annual revenues.

“With the advent of stronger privacy laws like GDPR, companies that don’t implement privacy by design at the beginning of the development process will face a much harder task than if it was simply built in,” writes Robin Kurzer in Martech Today. “After several years of massive data breaches and calls for more transparency in AdTech, the notion of building tools with privacy in mind has become more appealing — a trend that not only protects the companies building these tools but offers a ‘safer’ brand to advertisers and consumers.”

Right now, DMPs primarily process third-party data through cookies to enable lookalike targeting, a process that doesn’t require user consent. In May, such consent will be required, forcing brands to be stricter about how data is accessed, aggregated, corrected, erased and/or moved.

The change will also create a legal distinction between brands acting as data controllers and those serving as data processors. The controllers will be held responsible for GDPR compliance, meaning they must ensure the processors with which they work are in line as well.

Define lookalike targeting

Analysts believe the challenge will lie in tracking consent when it comes to third-party relationships in which several parties share data. Others say many DMPs lack the technical means for verifying the needed consent. Some also foresee a market consolidation as vendors unable or unwilling to comply with GDPR fall by the wayside.

Proactive providers stepping up

Forward-thinking software designers are already stepping forward to program DMPs with vendor/data provider contracts that add GDPR-related language. For example, Lineate’s DataSwitch enables you to automate consent pop-ups, segment audiences by opt-in and track which touchpoints/channels are driving the most opt-ins, helping you determine which methods are most effective in ensuring GDP compliance. At the same time, it acts as a one-stop shop for organizing and implementing entire campaigns.

“In the not-too-distant future ... practices like privacy by design and contextual privacy will be trumpeted as proudly as ‘cruelty-free’ and ‘American-made’ are in consumer products today,” predicts analyst Fatemeh Khatibloo in Martech Today. “Marketers would do well to start shifting their data collection and use practices in that direction today.”

Contact us today to learn how DataSwitch can reorganize your data and help your brand fully prepare for the ramifications of GDPR.