In late March, many marketers received an email from Google AdWords announcing the steps the company is taking to prepare for the General Data Protection Regulation (GDPR), which enters its enforcement stage on May 25. We’ve put together a brief overview of the issue, including industry recommendations for American companies.

What is the GDPR?

The GDPR is a major shift in European data privacy regulation; it affects European and non-European businesses that use online advertising, tracking, and analyzing products when their sites and apps are accessed by European Union (EU) residents.

The law is designed to protect the data and privacy of EU residents anywhere they go online. While it goes into enforcement on May 25, there is a grace period of about 90 days before the EU begins investigating compliance and applying penalties as appropriate.

We anticipate that two aspects of the GDPR will have a significant impact on digital marketing:

  • Affirmative consent: Users must be offered a choice between whether or not to allow their personal data to be collected. For instance, the statement “by using this site, you are agreeing to our cookie policy” violates the GDPR. Consent is no longer implied; it must be clearly given. Also, evidence of user consent must be recorded, stored, and accessible on request
  • Transparency: Users must be informed of how their personal data will be collected, what it will be used for, and why. The challenge and opportunity here will be to identify data-gathering methods and purposes in a way that indicates a benefit to the user

What is Google changing?

Starting May 25, Google’s consent policy for advertising in the EU will read:

For Google products used on any site, app or other property that is under your control, or that of your affiliate or your client, the following duties apply for end users in the European Economic Area, you must obtain end users’ legally valid consent to:

  • the use of cookies or other local storage where legally required; and
  • the collection, sharing, and use of personal data for personalization of ads or other services.

When seeking consent you must:

  • retain records of consent given by end users; and
  • provide end users with clear instructions for revocation of consent.

You must clearly identify each party that may collect, receive, or use end users’ personal data as a consequence of your use of a Google product. You must also provide end users with prominent and easily accessible information about that party’s use of end users’ personal data.

What does this mean for American companies?

If a company wishes to continue advertising in the EU using Google AdWords, they must follow these provisions. However, based on an individual business’s interests, company leadership could decide to minimize their risk by no longer advertising there. This would, of course, be something to discuss with an attorney familiar with the GDPR.

Unfortunately, given that this is a new law, even GDPR experts are unsure of how the law will be enforced for companies with no presence in the EU. Because of this, most of the digital marketing industry has adopted a wait-and-see stance regarding GDPR compliance by American companies, and that’s the position 360Partners is taking as well.

What does 360Partners recommend?

We are urging our clients to consult their companies’ legal counsel regarding their options for using Google products in the EU and other aspects of GDPR compliance.

Google has outlined four major questions for businesses to ask their legal counsel regarding the GDPR:

  1. How does your organization ensure user transparency and control around data use? How do you explain the benefits to users of sharing their data with you?

  2. Are you sure that your organization has the right consents in place where these are needed under GDPR?

  3. Does your organization have the right systems to record user preferences and consents?

  4. How will you show to regulators and partners that you meet the principles of GDPR and are an accountable organization?

Whatever our clients’ legal counsel determines to be the best policy for their company, we will apply our usual diligence and conscientiousness to delivering excellent results for digital marketing campaigns.

We’ll also advise our clients on changes in digital marketing products and best practices that are likely to evolve in response to the GDPR. As a Google Premier Partner agency, we have a designated team of specialists at Google to keep us informed on the company’s next moves in response to the GDPR.

We think that eventually, many parts of the GDPR will be viewed as best practices in digital marketing and become an expected component of a good customer experience. In the meantime, we’re keeping a close eye on this law and how it will be applied and enforced outside the EU.

Resources

For more information and insight on the GDPR, we recommend these trusted resources:

Given the potential impact this law could have on digital marketing worldwide, we’ll continue staying on top of GDPR news and sharing our insights on it.

Learn more about 2018 trends in digital marketing

eBook: Digital Marketing in 2018

The GDPR is just one of the challenges facing marketers this year. To learn more about the digital-marketing landscape for 2018, download the free PDF “Digital Marketing in 2018: What to Watch For, What to Watch Out For.”

Josh Cuttill

Josh Cuttill

Product Manager at 360Partners
Josh Cuttill created our conversion rate optimization (CRO) services from the ground up. He combines an instinctive understanding of data with a drive to understand client needs and deliver the best possible strategic insight.
Josh Cuttill