By now, everyone’s calendar should have a big red circle around the date of May 25, 2018, when the General Data Protection Regulation (GDPR) goes into effect. And with 12 months to go, there is still just enough time to complete GDPR readiness projects ahead of the enforcement date.
I’ve posited loud and often that martech writ large will be uniquely impacted by the regulation, and I’m cautiously optimistic that the innovators in this critical sector will set the tone for the rest of the digital industry with their own GDPR compliance efforts.
Martech’s place in the GDPR
Martech underpins the entire digital economy, driving critical advertising revenue vital to many organizations, and it is responsible for millions of jobs in both the EU and the US. All of this is possible when data is collected and used the proper way, but for all of this to continue, the sector must up its game and make sure it can comply with the GDPR.
The regulation applies to any organization processing the data of EU citizens, and as one of the most prescriptive privacy laws in existence, it will become the de facto global standard to which international businesses will need to conform. Martech should embrace the GDPR as a once-in-a-generation opportunity. Those companies that do will thrive. Those that don’t won’t survive. It’s as binary as that.
A shifting publisher-provider dynamic
The market is shifting in preparation for the regulation. A number of large publishers are currently establishing digital governance programs that require all martech companies operating on their sites or serving their ads to comply with the GDPR, and I’m already seeing contractual revisions to this effect. Where these prominent publishers lead, others will soon follow — and this trend will spread across the martech industry, becoming a standard cost of doing business.
If publishers demand their partners — and any downstream intermediaries pulled onto the publisher site — contract that they are in compliance with the GDPR, this translates as a new tax on martech in the form of added internal compliance costs. Companies will need to undertake their own internal privacy impact assessments, perform regular data protection reviews, understand and control all the data they collect and have a designated Data Protection Officer (DPO) to make sure good GDPR hygiene is practiced.
Comments