Companies have long collected data on consumers to determine what people want and who their potential customers might be.
But for anybody doing in business in Europe, how they go about collecting that data just got a lot more difficult. And corporate marketing departments are rushing to figure out what to do next.
What changed everything? The General Data Protection Regulation, which puts consumers in the driver’s seat when it comes to protecting their private information online.
Broadly speaking, in many cases, companies around the globe must ask European citizens for their consent before collecting personal information. They can collect only the data they need to do a specific job, and when they’ve got it, they face a host of restrictions on how they use it. Among other rules, they must also delete data when they’re done with it—or when consumers ask them to.
That isn’t all. The rules for “third party” data also are getting more complicated. Many marketers don’t collect customer data themselves, so they use the information from other vendors, to help them target ads. Now they must make sure those vendors are in compliance with GDPR standards. Obviously, keeping an eye on all those third parties means a lot of effort and expense, so some marketers have said they would just use fewer vendors instead.
The problems of keeping track of customer data were highlighted in Facebook’s Cambridge Analytica data leak, in which an outsider shared the social network’s user records with other firms. After an outcry over the leak, in March Facebook took steps that it said would “help improve people’s privacy.” Among them: ending a program that let brokers target specific groups of Facebook users on behalf of their advertiser clients.
Those changes—combined with GDPR—meant a blow to some advertisers, such as consumer-product companies, that do not have reams of first-party data on their customers and depend on third-party data firms…