Impact of GDPR on Digital Advertising and Data Supported Agencies


Published By:


European Union’s General Data Protection (GDPR) designed to put control over data collection and usage back in the hands of consumers by asking the opinions of consumers directly, came into effect on 25th of May 2018.

Under GDPR, any company – no matter where they are based or headquartered – holding information about European Union citizens is subject to strict new legislation around the use of personal data.

Anticipating, a rethink by brands and agencies, forced by the new law, prior to its enforcement, researchers conducted study that reveals as below:

  • The study conducted by the WARC Toolkit 2018, prior to the law came into force revealed that only 22% of brands and 18% of agencies believe they are prepared for GDPR.
  • “Majority of consumers in non-EU countries would like to see GDPR rules in their own country” concluded the 2018 Unruly GDPR Consumer Trust Study.
  • An International study reported that ” Media buyers feel Brands could lose 43% of their customer data due to GDPR Regulations”

GDPR legislation has created a profound impact on the ways in which businesses store and use consumer data. Now, that the  Europe’s GDPR has become law the technology and advertising industry has to face the inevitable change.

The Information Commissioner’s Office is the supervisory authority in the UK responsible for overseeing and enforcing compliance with the General Data Protection Regulation. Data management and marketing businesses may be penalised up to the higher of €20,000,000 or 4% of total worldwide annual turnover, for the offence GDPR violation.

As the GDPR, if breached, may also put the organisation to the extent of even demolishment of the business, it is prudent to be aware of its provision and abide by the law.

To stay GDPR complied Suraj Nagappa ,VP – Isobar suggests:“GDPR is more than just data, to ensure continuity of business within the EU we have to accept GDPR and work towards compliance. Upholding customer trust in digital technology must be the heart of the GDPR… with constant cyber threats staying secure in digital first, cloud first world is a huge task.  Agencies should start involving various stake holders such as customers, vendors, employees and third parties and determine GDPR requirements applicable to the organization. Compliance cost of all Indian companies who are dealing with EU would shoot up as the need would be to implement sufficient safeguards as required under the GDPR in order to transfer personal data outside the EU. “

Welcoming the new law, Sahil Chopra, CEO and Founder, iCubesWire says : The enforcement of General Data Protection Regulation has left the industry confused and there are innumerable speculations revolving around its impact. It is being imposed to harmonize laws with respect to data privacy and protecting every individual’s personal information being shared online. The modification to be able to share sensitive data only after the user’s consent is a remarkable one, as many times users tend to give out information without realizing that is being shared with third parties under the garb of ‘default settings’. The customer is a true beneficiary post the implication of GDPR and as far as the media & advertising industry is concerned, we are in a grey area where the level of impact is uncertain. However, it is a boon in the long run as it will ultimately remove false means & practices being followed by the brands. It might restrict the ability to target individuals, but one can be ahead of the curve by adapting, shifting & maintaining a responsible attitude towards the positive transformation that GDPR aims to initiate.”    

Anticipating the impact of the law Rishi Sen, Chief of Staff, The 120 Media Collective commented, “GDPR, in my opinion, is going to have a noticeable impact when it comes to measuring performance and results. Before the advent of GDPR, browsing and shopping on the web were just a few clicks away for the average consumer. One could easily sign-in via third party plugins and it was a win-win. Content was consumed, products were purchased and data was collected. Now, consumers might be much more careful about what they sign up for. While ‘sign-ups’ is just one of many data collection methods, consumers should be given the choice of what data they want to make publicly available with a minimum threshold of 2-3 fields.   

Craig Federighi, Sr. VP of Software Engineering at Apple recently introduced their new privacy feature at the WWDC keynote. iOS 12 & Mac OS Mojave will make it much harder for third parties to get access to consumers’ personal information. This shows how some of us are taking the whole data privacy situation especially after the whole Cambridge Analytica/Facebook fiasco.

Our industry still need access to enough data to improve user experience, serve the right content, influence and drive sales. My best guess is if everyone suddenly gets limited access to publicly accessible data, precision ads will need to find another way to reach their audiences. Creative agencies will need to focus a lot more on trying to understand audience behavior, conduct deeper market research and develop creative communication and content marketing strategies that are genuinely more consumer friendly and interactive; and with seamless product integrations.”

laborating the impact Faisal Amin, Co-founder of Fruitbowl Digital adds:“GDPR is a very interesting law that the European Union has passed to protect the citizens living in the European Union. It will have a huge impact on the Indian economy and ecosystem because a lot of data mining and a lot of backend operations are also happening in here. And a lot of these large scale companies look at expanding in India be of the likes of Facebook, Google and Twitter. If you see recently most of the people have updated their policies as well in terms of their privacy and other things. Now most of the Indian companies are also looking to expand in the European Union, which is again going to create a hindrance at the same time is something very good because it’s majorly the data of the urbanised like you, me and the regular readers of this article which is at stake and the way companies utilizes data which gets very intrusive to a certain level and the same time it is quite sad. When I say sadly it’s from the advertiser’s point of view, because we as advertisers have seen a drastic dip in the way organic data could be reached down on Facebook and other platforms. And with the kind of clutter the content is creating, the idea was how could you use the existing data and how could you create and identify those wales for your businesses, how could you identify segments which will create a larger impact on the businesses. All that being said and done, there are a lot of data startups happening in the country. 

We are also trying to build one such startup which is based on the retail data. With these laws coming into the European Union obviously, there are certain advantages of it on the larger level in terms of the citizens and the people staying in those particular geographies. And there is obviously a threat that such laws would be applicable to India also in coming future which as an individual I feel is definitely more protective and less intrusive in nature which allows us to retain our information and not being used by a lot of capitalist, data and technology startups. But form a business point of view, the people who had the data were trying to build data businesses obviously that’s going to create some level of hindrances but all in all I feel it is not exactly a win-win but we will have to wait and watch, how does it pan out for the economy on the whole.”

Mayur Milan, Founder & CEO – Ourbit Digital , “Remember the time when the government decided to move all adult related ads to post 11 PM? That was done with an understanding that kids won’t watch television at that hour. It was contextual. GDPR is something like that. Digital advertising is moving to contextual targeting from behavioral and personality targeting, at least in the EU region. With GDPR making it clear that companies like Facebook, Google and LinkedIn cannot store personal data and use it for ad targeting (think interests on Facebook & cookies on Google), without active consent, digital advertising model will become more like television advertising where ads are shown basis the content being watched rather than who is watching it. Brands, will have to create content based ads or ads that are based on the dynamic experience system of platforms like LinkedIn & Facebook. Case in point, while you are reading this article, you may see an ad from a legal service provider, informing you that they can help you become GDPR compliant. The reason why you may see this ad, is from the understanding that you may be interested in GDPR because you deal with EU client. With GDPR, the control moves back in the hands of consumers.”

Welcoming the new law Shrenik Gandhi, CEO and Co-Founder, White Rivers Media says, India being the largest data consuming market in the world, the day is not far, when such strict policies might come to effect in India but many marketers in India are still to come to terms with that fact. It is important to start prepping up for the same and make sure no data policies are breached. Indians are traditionally not known to take their data as seriously and hence at times, marketers misuse the luxury of having data. Non-misuse of data shall lead to more relevant and less forced ads, which shall lead to better product buying, better brand affinity and a better advertising world! Customers will not be tricked into seeing ads which they have not opted for and hence the brand trust shall increase too. While the policies might take some time to come, they are the future and we marketers better prepare for it in advance, before the same is the only option available.

Sowmya Iyer- CEO and Founder, DViO Digital: “This is a monumental piece of legislation as countries all around the world look to adopt it in the year ahead. Marketers and brands stand to benefit from the move as treating data responsibly is the new currency of trust. Customers willing to share personal data with you is a sign that they trust the brand and are willing to be prospective customers. This will help in better conversion rates across the board.
That being said, brands will have to be careful what information they share with their business partners and will have to be in the know on what they plan to do with it to secure themselves from regulators. Indian brands and marketers will need to catch up in double-time to enable global businesses to see us as responsible data controllers and processors. Data security might just be a bigger concern than privacy. “

Deep Mehta, Co-Founder, Digichefs  said, “GDPR is a welcome move, for it could lead to a fresh start to the consumer centric marketing practices and also trigger innovations in this space. Merely taking consent that your website uses cookies, to enabling only ethical and legit usage of the customers very personal data will lead to responsible marketing practices. Though currently the policy is limited to companies dealing with EU consumers, it is definitely an eye opener for scamsters across the globe and will spark a revolution that the fast paced online marketing & advertising space needs. After the Facebook fiasco, it is crucial that consumers gain confidence back in the apps and websites they interact regularly with. Using hazy terms and conditions while extradicting user’s contact information is a practise many scamster media agencies have exploited enough.”

While at our organisation we run several consumer centric campaigns, across segments, for brands who serve the EU consumers, we have been taking specific precautions to provide clarified instructions in simple words to express how important and secure their information is with us. That is the only way we see customers trusting us with their details, thus improving campaign results.

Parth Nagar, Country Manager – KRDS India said, Specific to the Indian Market a lot of people believe we are at the nascent stage but the matter of the fact is we have been in the perceived “Nascent Stage” for over 3 years now. It may be a way for us to shield our growth, when it comes to digital advertising, as compared to the growth in other markets. But the truth is the Indian digital story is not slow but different.

Why do I start with this statement, some may wonder? Well like our digital growth story, I believe many are still in denial about GDPR and why not? It’s an EU law one would argue. Still, applicable to any organization in business with customers in EU, any organisation handling personal data of EU citizens and residents. Also a law like GDPR was long coming and should be equally applicable to Indian organisations in principle at least. In the last few years, consumers and their data has commoditized, the consumer has become a product rather than the end benefactor. Most people look at data as 0s and 1s but at its core every user’s data is their identityand they should be able to curate, edit and remove their data as they wish. Just the way we’re allowed to curate our identity we want and express ourselves we want in a similar way we should look at user data as an extension of identity. Which means all the rights that a user has with regards to identity the same must be allowed when concerned with user data.And hence, it becomes all the more important to accept and comply with a law like GDPR by law and in principle.

For businesses it would eventually mean:  Higher Trust (Customers know what data of theirs is collected), Better engagement (Only interested consumers receive content leading to higher engagement) and an improved marketing experience (Regulated use of personal data would mean better experience for customers on the internet which would make them more receptive to businesses that do online marketing). It may not be as simple as I have put it above, there are various checklists and consents that need to be in place for it to be in full effect, and that means on every strata. Be it, organic social media marketing, paid social media ads, lead forms etc. There are guidelines available to be followed.

So while it may still not be a law in India, it’s best to be aware and put in practice certain check-lists required as we can be sure it wouldn’t be far behind from becoming a law in India as well.

Conclusively, the GDPR law has left the digi tech and advertising and marketing companies bewildered and has forced the fraternity to  evolve innovative ways to get out of this crunch. The law has also paved the way for anticipating many new marketing strategies that may come up down the line.