The Good the Bad and the Ugly GDPR

The world of digital marketing is evolving, and consumer data is at the center of this evolution. It took about 20 years to create an enforceable internet regulation that protects customers. This comes at a high price for companies. The Propeller Insights, in March 2018, indicates that 36 percent of the 300 security executives surveyed will spend between $50,000 and $100,000 on European regulations preparations, and 24 percent will spend between $100,000 and $1 million. Only about 10 percent are expected to spend more than $1 million. There are several sides to the GDPR story that I will present here. You can find a definition about the General Data Protection Regulations here


Keep in mind that I am not a legal council, this is just my opinions and general education that I share on the subject.

The Good

  •  These regulations were predictable

In the case of the GDPR, we – global digital marketers – have received a 2-year heads up to get our data in order. The law is open and transparent for anybody who is interested in learning about it. This is heavy material, but it doesn’t come as a surprise. When you understand why European legislators been wanting to design a law that protects people’s privacy online, it makes sense. Legislators looked at it as being a necessary improvement to protect information from countries’ nationals.

Today, companies don’t really have incentives not to collect non-necessary business information, such as family relationship, political affiliation, education (etc.).

Data breachesExample: There is an estimated 7.3 million people in the world in 2018. Online, there is an estimated 9.7 billion records that have been lost or stolen to this date. Hackers target confidential data. Once a company is hacked, there is very little it can do to fix the issue. In the case of the tech companies in the US, it is even more complex, because the country hosts a lot of data associated to non-US citizens.

Data is becoming a currency. If US corporations decide to launch hyper-targeted campaigns, or to sell advertisements to people who are part of a special segment, they can. It’s the company data. What can France or another single country do if a US company doesn’t want to comply with it’s national data rules? Nothing. This is why European countries are teaming up to impose sanctions for bad use of their data.

  • Internet terms and conditions are opaque and under-regulated

On the internet, most of the terms and conditions are created to be opaque. According to a Deloitte survey of 2,000 consumers in the U.S, the research found that 91% of people consent to legal terms and services conditions without reading them. For younger people, ages 18-34, the rate is even higher with 97% agreeing to conditions before reading. When it comes to agreeing to a foreign contract, it becomes even more confusing. (Source)

Example: If someone in Germany buys a service, such as an app in the Apple Store in the American currency. Does this service become a German service with German rules? Today, the answer is no. People will have to comply to the US terms and conditions that govern the service. In the GDPR, the contract will cover people where they are engaging with the brand, and the terms and conditions will need to be written in plain English.blah blah

No more mumbo-jumbo legal talk.

  • Marketers will be pulled into the executive office more often

With fines that are that high, it will become obvious that marketing campaigns will need to be carefully executed, and that the negative impact might not be a slap on the wrist anymore. With greater risks come rewards as well, and marketers will need to be consulted more than in the past to discuss companies’ compliance and data management strategy. The martech position will be more important than before. This position is a career opportunity for data marketers who want to grow their responsibilities in their companies.

Choosing the proper marketing channels to reach out to prospects becomes more important because they are the first thing most prospects see when they first interact with the target company. To be honest, these regulations are bringing some structure to the internet marketing industry and are forcing marketers to improve the way they’re engage with their prospects. Most of us know that spams are annoying, and if someone unsubscribes from the marketing newsletter, it means that they don’t want to receive a marketing newsletter anymore. People want to have options, and want companies to respect their choices. Marketers should not take prospects for granted and respect their choice.

The Bad

  • Over reach of this law into Anglo-American businesses

Let’s be honest, these regulations target the United State’s tech businesses. The goal is to prevent large tech multinationals from collecting informations from foreign nationals and justify the need for imposing exorbitant fines against them.

Example: My lovely wife was born in the United States. She is an American citizen. Because I am French, she is also a French citizen by marriage. Her filiation makes her a European national whether or not she ever puts her feet in Europe. There is no way for US businesses to know that she should not be targeted if she is part of a US citizens only campaign that would collect extra information about her. If she files a complaint, the fact that these regulations only cover Europe nationals include her as well.

The Ugly


  • Marketers will have to reinvent their business model

Saavi digital marketing requires social engineering that collects micro digital information.. Those micro touch interactions help consumers flow into a purchase funnel that can be improved and brought to science. It involves several skills, including probability, and sociology. Not being able to collect these firmographics will prevent marketers from understanding what their prospects are looking for. This might prevent them from anticipating what product/service would be better suited for their prospects.

By using lead scoring and visitor tracking, marketers can understand what online prospects might be browsing for. It allows  the company to offer the right service or product either directly with a sales person that will reach out to the prospect, or with some type of machine learning technology

Example: In a traditional retail experience, it’s just as if a very tall person comes into a store to buy a tee shirt. He gets in, and because he wants to stay anonymous, the store sales people cannot interact with him and recommend a shirt size for his height. He leaves without finding the right size for himself, assuming that this store doesn’t have tee shirts for him.

It is the same in digital marketing. Marketers need to create connections to understand how interactions relate with each other to provide the best service customers/prospects expect.

Marketing data analysis

  • Marketers can’t assess the risk of making mistakes (yet)

These new regulations sound scary for big data marketers, not because they are planning on doing wrong, but because they can’t access what will be enforced or not. There is no precedent yet, and most attorneys seem clueless about what to expect.

From one day to the other — May 24th to May 25th — marketers will expose their organization to huge fines that can go up to 20 million € or 4% of their company’s global revenue, whichever is highest. They are exposed if they send messages to people who haven’t expressed consent to receiving them and if they use historical microdata to reach out to prospects. This supposedly applies to sales departments, who are keeping relationship details about their discussions, as well. Tracking IP addresses is also included in the scope of law. People must agree to being tracked through the website, prior to browsing it.

Marketers can’t tell if what they are doing is a serious offense, or something minor. The only thing we know is that the European regulators are planning to enforce it to the fullest extent on day one.

Example: if you are using Salesforce and that you keep relationship information to remember prospects’ birthdays, wife’s name, you might not be able to collect or record this information anymore in the future, due to privacy reasons.

Michael Jordan crying over GDPR

One thing for certain is that GDPR is coming in one month and that marketers need to be ready for it.