Martech: Martech is Marketing Logo
  • Topics
    Transformation
    Operations
    Data
    Experience
    Performance
    Management
    Special Reports
    All Topics
  • Conference
  • Webinars
  • Intelligence Reports
  • White Papers
  • What is MarTech
    Mission
    Team
    Newsletter
    Search Engine Land
    Third Door Media

Processing...Please wait.

MarTech » Marketing Management » GDPR enforcement may be driven by fears of liability

GDPR enforcement may be driven by fears of liability

But its implementation could be hampered by a lack of clarity about exactly what kinds of consumer data it covers.

Barry Levine on November 29, 2017 at 10:57 am

As GDPR Day (May 25, 2018) approaches, the experience of at least one complying marketing firm illuminates two major but hidden factors — one that could drive compliance and one that could hinder it.

The hidden factor that could drive compliance with the General Data Protection Regulation (GDPR): liability.

Yes Lifecycle Marketing is a Portland, Oregon-based cross-channel marketing services firm, helping client companies with website customer preference centers (where email newsletters might be selected), email, SMS, push notifications and Facebook.

SVP Marc Shull told me that his company has been working toward compliance by initiating new processes, consulting with outside experts, reviewing “every single screen” it offers, instituting new data governance policies, coding new capabilities to readily accommodate requests to change or delete personal data and other efforts.

In other words, Shull said, Yes Lifecycle is making a good faith effort to comply. About 10 to 15 percent of the company’s business comes from the European Union, he said, plus his company interprets the regulation as applying to any EU citizen wherever they are, or to any resident of the EU, whether an EU citizen or not. That pretty much covers all markets.

Yes has about 200 client companies, some of which are in the Fortune 500. But each of those companies also has dozens if not hundreds of other service providers.

‘Definitely look at dropping them’

If the client company gets sued or otherwise disciplined by a GDPR governing body, it’s entirely possible that the governing body could similarly go after each of the providers. Or the client company might turn around and sue a provider for not maintaining a high level of transparency and protection of consumer data.

It’s because of this liability, Shull said, that his company is currently deciding how to handle clients’ level of GDPR compliance, as well as their related compliance with the associated and upcoming ePrivacy Regulation.

If a client company is absolutely not complying, he said, Yes will “definitely look at dropping them.”

He compared that possible situation to the anti-money laundering practices that all the service providers of banks need to maintain. If the bank is sued or indicted for money laundering, the investigation will also involve the providers.

Yes intends to tell its clients, Shull said: “Here’s what we’re doing. What are you doing?”

The issue, then, is what to do about client companies that are unclear about how well they are complying. That, Shull said, is a matter Yes Lifecycle is still considering.

And then there’s at least one major factor that could hinder compliance. Exactly what is included in consumer data?

Yes’s understanding — based on advice from outside consultants — is that it includes only data supplied by a consumer, such as name, address, email and phone number written into a form. It does not include, Shull said, additional layers of data — like age, birthdate or gender — that Yes might acquire separately and append to the provided data. And, he contended, it does not include behavioral data that Yes or a client company may track, such as which webpages a consumer visited.

But Article 4 of the GDPR defines “personal data” as:

…’personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person…

And “profiling” is defined as:

…’profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements…

Those certainly sound as if GDPR covers behavioral or appended data. But, as Shull notes, the GDPR language and the pending language of the accompanying ePrivacy Regulation is clear in some places and less than clear in others.

The actual scope of what data is covered — and the nature of relationships with providers and clients — may restrict or propel GDPR’s effectiveness, but their actual dimensions may not be resolved until the regulations are in effect.


New on MarTech

    Webinar: Overcome third-party data challenges for CX success

    Public wants to know where brands stand on issues, surveys show

    Why event technology is critical to marketing success

    HubSpot expands App Accelerator program internationally

    The power and limitations of universal IDs

About The Author

Barry Levine
Barry Levine covers marketing technology for Third Door Media. Previously, he covered this space as a Senior Writer for VentureBeat, and he has written about these and other tech subjects for such publications as CMSWire and NewsFactor. He founded and led the web site/unit at PBS station Thirteen/WNET; worked as an online Senior Producer/writer for Viacom; created a successful interactive game, PLAY IT BY EAR: The First CD Game; founded and led an independent film showcase, CENTER SCREEN, based at Harvard and M.I.T.; and served over five years as a consultant to the M.I.T. Media Lab. You can find him at LinkedIn, and on Twitter at xBarryLevine.

Related Topics

Marketing ManagementMarketing Operations

Get the daily newsletter digital marketers rely on.

Processing...Please wait.

See terms.

ATTEND OUR EVENTS

June 7, 2022: Master Classes

September 28-29, 2022: Fall

Start Discovering Now: Spring

Learn More About Our MarTech Events

June 14-15, 2022: SMX Advanced (virtual)

November 14-15, 2022: SMX Next (virtual)

March 8-9, 2022: Master Classes (virtual)

Learn More About Our SMX Events

Webinars

Take a Crawl, Walk, Run Approach to Multi-Channel ABM

Content Comes First: Transform Your Operations With DAM

Dominate Your Competition with Google Auction Insights and Search Intelligence

See More Webinars

Intelligence Reports

Enterprise SEO Platforms: A Marketer’s Guide

Enterprise Identity Resolution Platforms

Email Marketing Platforms: A Marketer’s Guide

Enterprise Sales Enablement Platforms: A Marketer’s Guide

Enterprise Digital Experience Platforms: A Marketer’s Guide

Enterprise Call Analytics Platforms: A Marketer’s Guide

See More Intelligence Reports

White Papers

Reputation Management For Healthcare Organizations

Unlock the App Marketing Potential of QR Codes

Realising the power of virtual events for demand generation

The Progressive Marketer’s Ultimate Events Strategy 2022 Worksheet

CMO Guide: How to Plan Smart and Pivot Fast

See More Whitepapers

Receive daily marketing news & analysis.

Processing...Please wait.

Topics

  • Transformation
  • Operations
  • Data
  • Experience
  • Performance
  • Management
  • All Topics
  • Home

Our Events

  • MarTech
  • Search Marketing Expo - SMX

About

  • What is MarTech
  • Contact
  • Privacy
  • Marketing Opportunities
  • Staff

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • RSS

© 2022 Third Door Media, Inc. All rights reserved.