The Current State of GDPR Compliance

Despite dire predictions, the arrival of the General Data Protection Regulation (GDPR) in May didn’t spell disaster for digital advertising. Reminiscent of Y2K, the news leading up to GDPR forecasted nothing short of an advertising apocalypse. Yet, May 25th and the months following came and went with few waves. This may be due to the fact that in the five months since taking effect, both GDPR compliance and enforcement have been slow to take off. According to recent research from TrustArc, only 20% of U.S., U.K. and EU companies are fully GDPR-compliant, and just over 50% say they are still in the implementation phase. That leaves nearly 30% who have yet to even kick off their GDPR initiatives. Despite the slow start, almost 75% of companies believe they will achieve GDPR compliance by the end of the year. And while thousands filed non-compliance complaints in the first month, the U.K.’s Information Commissioner’s Office has not issued any fines yet. The lengthy review process and cross-border collaboration required for prosecution mean that true GDPR enforcement could be months away. GDPR’s Impact on Advertisers So Far While the buildup to prepare for GDPR may have felt like an unnecessary fire drill for some, the impacts on programmatic are still being realized as more and more marketers establish the most effective ways to reach their target audiences in a post-GDPR world. Primary implications seen thus far are threefold: 1.      GDPR compliance put heavy limitations on advertisers that historically utilized third-party data targeting. This forced many to shift their targeting strategy to first- and second-party data, where personalization and conversion are strong but scale is often limited. 2.      Contextual targeting received a resurgence as a result of GDPR. With a portion of consumers declining the capture and use of their personal data, retargeting efforts stalled for some brands. But contextual targeting filled the gap with the scalability and hyper-relevance marketers previously relied on from third-party data and retargeting efforts. 3.      Companies are preparing for similar data protection laws and regulations in the United States. Since GDPR’s launch, California passed the Consumer Privacy Act, giving residents of the state significantly more control over their personal data. Although the law will not go into effect until 2020, it’s set the stage for other states across the country to follow suit. It’s important to also note that the road to GDPR compliance has had positive impacts, too. The new regulation increases transparency and requires companies to review their data handling and processing procedures – which is just good business all around. And while GDPR is still in its infancy, there is good reason to celebrate and embrace the new level of cooperation it achieved among ad-tech stakeholders. If you are still wrangling with your GDPR compliance strategy, feel free to reach out to us for a few best practices and suggestions. And continue to keep on top of what’s happening in ad tech by subscribing to our blog today.