The European Union’s General Data Protection Regulation (GDPR) has been in effect for a few months now, representing the most radical overhaul of data regulation in a generation. We take a look at how it has changed marketing.


Data protection law was last revised in the 1990s. Since then whole industries have come into existence that rely on vast volumes of consumer data. Consumer trust is ever more crucial to the private and public sectors. Enter GDPR, which puts the power back into the hands of the consumers, giving them greater control of their personal data.

The new directive applies to all businesses across the EU, and many beyond. All organisations, wherever they’re based, that process personal data about customers resident in the EU will need to abide by the law. This poses special challenges for marketers, particularly those that rely on big data and personalisation at scale.


One of the biggest problems for marketers is the potential loss of first-party data as users exercise their right to keep personal data to themselves. By requiring companies to obtain explicit consent for all data points, existing and new, the regulation significantly increases the costs associated with collection, storage and processing. These costs, together with uncertainty over how the law will be interpreted, may lead a lot of companies to delete far more data than is strictly required. This could radically diminish data pools of valuable information worth billions of dollars.


Third-party data is deeply embedded in the digital marketing ecosystem, but its use has also been called into question under GDPR. The law on sharing third-party data is so convoluted, with uncertain interpretation, that some companies may shy away from sharing their data altogether, thereby shrinking overall access to third-party data. Targeting and personalisation would then become more expensive and less effective, a particular problem for airlines, hotels and telecoms operators, which rely heavily on personalised targeting capabilities to drive greater ROI. That said, third- party data can still be used under GDPR if it is cleaned and processed in the right way, and it may be that in the long run GDPR will provide a better standard for more focused and high-fidelity data, both first-party and third-party.


It is evident that we have now entered a highly sensitive era of consent, in which marketers need to come up with innovative ways to hone customer trust. Brands should reassess the way they target users, making more use of contextual buys instead of audience buys, and prioritising sophisticated content creation, collaborations with premium publishers and influencers, and advanced semantic analysis.


How marketers respond to the challenge of GDPR will determine their success in this new environment. By using smaller but cleaner datasets, and new ways to catch user attention and provide greater value to customers, marketers will be able to build trust with consumers and drive growth in their brands at the same time.

Principles of GDPR

Personal data must be:

  • processed lawfully, fairly and transparently in a transparent manner in relation to individuals
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary
  • processed securely
Related Insights Posts