How GDPR Will Shake Foundations of Corporate Marketing
Executives discuss the ways in which companies' marketing efforts must change under the General Data Protection Regulation.
January 22, 2018 at 11:29 AM
4 minute read
The EU's upcoming General Data Protection Regulation is already affecting everything from the way companies handle e-discovery to how they train their employees.
But there is still much left for companies to do in order to be compliant by the late May enforcement date. Many companies' marketing efforts, for instance, may need to be revamped given the regulation's mandates.
“There are really two provisions that impact marketing pretty directly,” said Lisa Loftis, a principal consultant, customer intelligence, at software company SAS and speaker at Legalweek's “GDPR & Global Marketing: Adapting Your Strategy for Success” Feb. 1 session in New York.
The first provision, Loftis said, requires companies to obtain consent from EU citizens before using or storing their personal data. “The GDPR mandates that consent has to be freely given, be specific, informed, and unambiguous, and require a clear and affirmative action,” she noted.
“That means that marketing can't rely on soft opt-in processes anymore, they can't rely on the omissions of an opt-out,” Loftis explained. “And they can't have a simple blanket kind of opt-in check box for all of the types of communications and solicitations that they typically do.”
What's more, since consent records will be auditable by EU authorities, consent is “going to have to be stored and tracked.”
The second GDPR provision that affects marketing mandates companies be “very clear to customers on how personal data is collected and how personal data is used,” Loftis added.
But providing clarity on data processing and management is not always simple in marketing efforts that use 21st century technology. Loftis noted that artificial intelligence and machine-learning platforms that regularly process data can contain “black box algorithms,” where the “decision parameters aren't readily transparent, and you don't know what kind of decisions are being made on that data.”
Suffice to say, the GDPR will likely force companies to transform the way their entire marketing efforts are done.
“It requires companies to fundamentally rethink how they collect and use data,” said Doug McPherson, general counsel and chief administrative officer of advertising technology company OpenX.
But while the changes needed under the GDPR may be a heavy lift for many marketing practices, Loftis sees little urgency among U.S. companies to start compliance efforts.
“I think that most of them will not be prepared,” Loftis said. “Large companies tell me they are adopting a kind of wait-and-see attitude in terms of becoming compliant with this.”
Some companies, however, are still even unaware that the EU personal data they hold—even though it is geographically outside of the EU—still falls under the purview of the GDPR.
“There is still a misperception out there by a lot of U.S. digital marketers that this is an EU regulation that doesn't apply to them,” McPherson said.
To be sure, though the mandates of consent and clarity are arguably the most impactful GDPR provisions for marketers, they are far from the only ones that marketers will need to heed.
In addition to “the amount of data they collect and limiting the time they retain it,” McPherson noted that companies' marketing teams will also need to “create internal and external policies that cover a wide number of areas that they haven't developed a lot of processes around, including data security, data breach notification, [and] data retention.”
For Loftis, it's imperative then that marketers recognize every specific change the GDPR will bring to their operation. To that end, she hopes her Legalweek session will help “marketers both in the U.S. and in the EU really understand what the impacts of GDPR are going to be for them.”
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250