GDPR, will it re-define the GDP of the Internet World

4 minutes

Back then, Egyptians used papyrus to makes sales messages and wall-posters. 11th to 7th-century Chinese merchants played bamboo flutes to sell candies. Europeans invented image-based ads used by cobblers, blacksmiths. In the 19th Century, advertisements started to appear in weekly newspapers in England. Until now, habitué is the king. He possessed his data and decided what to share. Everything about him was an aspect of the sample size he represented.

Zooming into this age, anyone who has tried to access their data quickly recognises the profound informational asymmetries that characterise today’s data economies. From increasingly connected and personalised spaces to the ubiquitous facial recognition, we are in an always-on zone where organizations know more about us (marketers included) than it was previously ever possible. We, marketers, contracted our superheroes, assisting us to automate, customise, attribute and program campaigns, drive conversions making us heroes too. From third-party trackers in apps to companies we have never knowingly engaged with— the ad-tech technology has created an ever more complex ecosystem with the power of tracking and profiling peoples’ every move.

Hovering on this week (25th May 2018), if you are a marketer, we expect you have heard about the General Data Privacy Regulation (GDPR). The legislation will have big impact on how organizations obtain, store, manage or process the personal data of EU citizens. Well, things look different as per independent research done by Hubspot and DMAasia Teams.

“Just 36% of the marketers have heard about GDPR, while 15% of companies have done nothing and are at the risk of non-compliance.” – Hubspot Research

“90% of the customers are concerned how their data is used. 91% feel that their data is for the benefit of the brand than themselves. However, 80% of the customers are happy to share their data, by choice only with their trusted brands.” – DMAasia Research

Organisations thought that this law applies only to companies in Europe. The fact is,

“Even If, you are based outside the EU but you control and process the data of EU citizens, the GDPR will apply to you.”

The GDPR law covers you if,

  1. If you are an E-commerce company and have access to European citizens
  2. Data Collection Agency
  3. Indian in Europe
  4. Processing data on behalf of a European company in India
  5. If you have a subsidiary in Europe

While this is currently European Citizen-centric, there are millions of data records in India that belong to European Citizens, or Indians staying in Europe across businesses like Travel, Banking, E-commerce, Health, Real Estate, etc.

Security Experts, Data Specialists, Policy Makers, Marketers met at DMAi’s (Indian Chapter of the DMAasia) Digital Breakfast to discuss the implication of GDPR in India’s perspective. It was an interesting conversation with fellow marketers like and industry experts like Jodie Sangster of IBM, Puneet Modgil, on GDPR implications.

Individuals are empowered with their data:

  1. The right of data portability – an existing service provider has to pass an individual’s data to the competitor if the customer wants to shift to the new service provider.
  2. Right to be forgotten. The company is obliged to delete the data from the system. Entire deletion is tough, but data has to be suppressed. The same action is to be passed to all the partners of this company with whom this person’s info has been shared.
  3. Know what data a company holds of me.
  4. Any data breach has to be informed to the individual

“If someone is planning to delete his financial trail for Tax avoidance, please note the banks have legal right to store your data for a certain period even after you discontinue your services or ask your data to be deleted”.

GDPR also define different types of Data:

  1. Owned data – basic info
  2. KYC data
  3. Transaction Data
  4. Enrichment Data – data that you get
  5. Anonymous Data

Anonymised data does not have GDPR implications. New technologies can help to process Encrypted data and comply. There are different formats: Identifiable, Semi-Identifiable, Visual Identifiable, Encrypted Data.

Data used for the purpose, for which the business sought the data (related and compatible purpose) then compliance is in place. A bank using data to sell non-core business services will have to comply with GDPR laws.

“Emergency services are exempted from data compliance.”

All this is fine; I do not want to predict the future. Predicting the future requires hubris, and it should, therefore, be met with more than a terabyte of scepticism.

I am only concerned. I meaning the marketer. Is it going to arrest my marketing that is running at the speed of thought? Marketing Automation, Big Data, Artificial Intelligence, Chat Bots, they just became friends and started talking. Will the fear of fines of up to €20 million or 4% of their global annual revenue (whichever is greater) disarm marketers from reaching out to Europe? Yes, the fear looms and there is not a clear answer.

Businesses who adorn a site only to front-end with a prospect or generate enquiries also come under the purview. Most of them even do not maintain an in-house technical team. Will it hurt businesses and exporters from India to reach out to business in Europe? Data Security Expert, NASSCOM Vinayak said, “With Increasing data concerns, Businesses are getting platformised”.

Structured Data is obviously under the scanner, even Un-structured data attributed to a sample or an individual will be under GDPR scanner. What will happen to Personas, Custom Audiences targeting on Social Media Platforms, Data Management Platforms, 1st, 2nd and 3rd Party Data?  The US is more data-centric, whereas Europe has been more technology-centric. Another reason more IA lead data innovation is from the US.

Real Estate was not thinking about GDPR except for corporate site. Now they have to. Legal Contracts between NRIs in Europe investing in India come under GDPR lenses.

Hospital and other medical service providers who have European Nationals coming for treatment will also have to comply with GDPR standards. For e-Medical Records, the norms are even stricter.

“Individuals consent is mandatory before using their data. 46% of the data held by European Marketing companies is already redundant.”

You want to seek Permission! Really! As per a survey, if an individual is cognitive of the quantum of data you have of him for your benefit. He might never give you his concurrence. Their world is going to change dramatically as the GDPR will hasten the demise of marketing tactics like buying lists, cold emailing and spam. Marketers will have to work harder to earn attention and gain insight to communicate on an ongoing basis. However, hard work may not be enough marketers will have to more creative.

Permission Marketing - Seth Godin

Win your customers’ trust seems to be the only way. Research says, “80% of the customers are happy to share their data, by choice only with their trusted brands”. The era of creative communication, brand campaigns will be back soon. When marketing used to be about smoke and mirrors. Smoke was sometimes literal, “the Axe effect” and the mirrors reflected who we are, and what we wanted to be “Humara Bajaj”.

Welcome to the Era of Purposeful Marketing.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.