Back in June, the UK’s Data Protection Authority (ICO) released statements on their stance in regards to ad tech, saying: “If you operate in the adtech space, it’s time to look at what you’re doing now, and to assess how you use personal data” (Simon McDougall, Executive Director for Technology and Innovation at ICO). The ICO also released a report that looked into how the ad tech sector should comply with the GDPR. Below are the most important aspects to take into account if you work in or with the ad tech sector:
Expect and accept changes
The GDPR was first introduced in May 2018. Since then, ad tech companies, just like any other company, have been making major adjustments to make sure their functions adhere to the data privacy laws set out across the EU.
Marketing today is naturally dependent on a large amount and variety of data, as in it’s core, it bases decisions and strategies around said customer data. Consequently, the obligations of the GDPR have caused quite a bit of turmoil in regard to lead generation: from how businesses generate ads, through targeting the correct audience, right to retargeting leads.
A working paper done back in July by researchers (Goldberg, Johnson & Shriver) suggests that websites in general are facing a loss of profit as a result of the GDPR. The authors had looked into the data from web marketing service Adobe Analytics, and used different approaches to record page views and revenues. The results showed a fall by about 10% for users in the EU, after the GDPR enforcement deadline.
At the same time, the privacy law ad tech relationship isn’t all just rain and gloom, fortunately! Spice up the relationship by taking the following factors into account.
• What kind of data is being collected
• What the data subjects rights are for the processings
• Your legal basis for processing and handling the data
• Who is gathering the data
• How customers can use their rights (which also includes who they can contact)
• Who is the data being shared with, and if appropriate, safeguards that are in place
It's an absolute must that the mentioned parts are written in a clear way, providing customers with the full picture on how their data is being used. As an organisation, below are steps you can, and should take to further ensure a compliant ad tech future.
“Give me another chance?” adjusting cookie consents & retargeting methods
Retargeting, also known as “remarketing”, is a method of reaching out to people who visited your website but left without making a purchase. Therefore, they are still within the “consideration phase”. Afterwards, retargeting is done when ads are shown to them through advertisements. Your different products or services are eventually shown, and sometimes even special discounts are offered if they were close to making a purchase. These are done on various channels, most commonly on other websites, or social media channels such as Facebook.
Once a new user enters your site, gives consent to the cookies, later, when browsing the internet, these cookies will let the retargeting provider know when and where to serve advertisements that may trigger another interest to your site or product. This ensures that the ads are served to users who had previously been on your site before, and who could potentially be future customers.
Real-time bidding (RTB) is the process when advertisements are served within seconds until a website loads. The ICO, along with privacy advocates and internet browser, Brave, expressed concerns on how RTB allows ad tech companies access the personal details of users without prior consent.
So what’s next then?
Be transparent with sign up forms and engagement methods
What it should look like is to have empty checkboxes that users can click on, agreeing to give consent. These checkboxes should also have the option to be un-ticked any time. While this notice may create a disruption with audience engagement - even a possibility of a significant drop in conversions, this measure is absolutely necessary to ensure that users who do proceed to give their information are also opt-ing to various types of further activities, from collecting marketing analytics information, allowing your organisation to communicate with these users about marketing information via email.
Letting go: shaping up that email list
Email marketing is still going strong, in fact, it’s only getting stronger. According to Acoustic’s Marketing Benchmark Report, audience engagement with email marketing campaigns are again rapidly increasing due to a change of marketing strategies, heavily influenced by new privacy regulations.
However, the time of purchasing customer records, or in other words “buying leads” has certainly reached its end. Not being able to tell which contacts were opt-ins and which ones were purchased for your email list is already a situation leading up to future problems. If this fits your case, it’s recommended to keep track of mailing lists, and even to start from scratch again.
Moving on: looking into alternatives for handling valuable data
Storing valuable data, such as customer information, on spreadsheets is now a thing of the past. That being said, with the GDPR in place, handling such data should be done securely to reduce the risk of violating the regulation and putting customer data at risk. In order to reduce this risk, using automation to help process customer data may be the strongest and most efficient way. Centralizing data in a system would make a smoother process in accessing, managing, and making changes to such sensitive information.
In summary, the GDPR shouldn’t be seen as a barrier for communications. On the contrary, the GDPR should be seen as an opportunity to improve the quality of data, to increase a firm stance on transparency, and to increase the quality of consumer/client relationships. By taking the steps to further comply with the privacy laws, your company will not only decrease the risks of fines for noncompliance, but will also cover the appropriate steps to “win” new customers and “win back” current ones.
All in all, creating a happy relationship.
Topics: EU, GDPR Compliance, Data Protection, GDPR for SMEs, Small business GDPR, Medium business GDPR, Data Protection Officer, GDPR Reputation, GDPR For Tech Companies, Data Consent, Cookie, Consent, Cookies, Marketing, Marketing under GDPR, GDPR for Marketers, gdpr, gdpr 2019, Europe, DPA, Britain