• MarTech Today
  • Sections
    • Ads
    • Marketing
    • Content
    • Sales
    • Analytics
    • Management
    • Resources
    • More
    • Home
  • MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Mgmt
  • Resources
  • More
  • Events
  • SUBSCRIBE

MarTech Today

MarTech Today
  • Ads
  • Marketing
  • Content
  • Sales
  • Analytics
  • Management
  • Resources
  • More
  • Events
  • Newsletters
  • Home
Martech: Management

GDPR enforcement may be driven by fears of liability

But its implementation could be hampered by a lack of clarity about exactly what kinds of consumer data it covers.

Barry Levine on November 28, 2017 at 4:29 pm
  • More

As GDPR Day (May 25, 2018) approaches, the experience of at least one complying marketing firm illuminates two major but hidden factors — one that could drive compliance and one that could hinder it.

The hidden factor that could drive compliance with the General Data Protection Regulation (GDPR): liability.

Yes Lifecycle Marketing is a Portland, Oregon-based cross-channel marketing services firm, helping client companies with website customer preference centers (where email newsletters might be selected), email, SMS, push notifications and Facebook.

SVP Marc Shull told me that his company has been working toward compliance by initiating new processes, consulting with outside experts, reviewing “every single screen” it offers, instituting new data governance policies, coding new capabilities to readily accommodate requests to change or delete personal data and other efforts.

In other words, Shull said, Yes Lifecycle is making a good faith effort to comply. About 10 to 15 percent of the company’s business comes from the European Union, he said, plus his company interprets the regulation as applying to any EU citizen wherever they are, or to any resident of the EU, whether an EU citizen or not. That pretty much covers all markets.

Yes has about 200 client companies, some of which are in the Fortune 500. But each of those companies also has dozens if not hundreds of other service providers.

‘Definitely look at dropping them’

If the client company gets sued or otherwise disciplined by a GDPR governing body, it’s entirely possible that the governing body could similarly go after each of the providers. Or the client company might turn around and sue a provider for not maintaining a high level of transparency and protection of consumer data.

It’s because of this liability, Shull said, that his company is currently deciding how to handle clients’ level of GDPR compliance, as well as their related compliance with the associated and upcoming ePrivacy Regulation.

If a client company is absolutely not complying, he said, Yes will “definitely look at dropping them.”

He compared that possible situation to the anti-money laundering practices that all the service providers of banks need to maintain. If the bank is sued or indicted for money laundering, the investigation will also involve the providers.

Yes intends to tell its clients, Shull said: “Here’s what we’re doing. What are you doing?”

The issue, then, is what to do about client companies that are unclear about how well they are complying. That, Shull said, is a matter Yes Lifecycle is still considering.

And then there’s at least one major factor that could hinder compliance. Exactly what is included in consumer data?

Yes’s understanding — based on advice from outside consultants — is that it includes only data supplied by a consumer, such as name, address, email and phone number written into a form. It does not include, Shull said, additional layers of data — like age, birthdate or gender — that Yes might acquire separately and append to the provided data. And, he contended, it does not include behavioral data that Yes or a client company may track, such as which webpages a consumer visited.

But Article 4 of the GDPR defines “personal data” as:

…’personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person…

And “profiling” is defined as:

…’profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements…

Those certainly sound as if GDPR covers behavioral or appended data. But, as Shull notes, the GDPR language and the pending language of the accompanying ePrivacy Regulation is clear in some places and less than clear in others.

The actual scope of what data is covered — and the nature of relationships with providers and clients — may restrict or propel GDPR’s effectiveness, but their actual dimensions may not be resolved until the regulations are in effect.



About The Author

Barry Levine
Barry Levine covers marketing technology for Third Door Media. Previously, he covered this space as a Senior Writer for VentureBeat, and he has written about these and other tech subjects for such publications as CMSWire and NewsFactor. He founded and led the web site/unit at PBS station Thirteen/WNET; worked as an online Senior Producer/writer for Viacom; created a successful interactive game, PLAY IT BY EAR: The First CD Game; founded and led an independent film showcase, CENTER SCREEN, based at Harvard and M.I.T.; and served over five years as a consultant to the M.I.T. Media Lab. You can find him at LinkedIn, and on Twitter at xBarryLevine.

Related Topics

Channel: Martech: ManagementGeneral Data Protection Regulation (GDPR)

Subscribe to receive daily martech news and expert insights. See terms.


We're listening.

Have something to say about this article? Share it with us on Facebook and Twitter.

Get the daily newsletter digital marketers rely on.
See terms.

ATTEND OUR EVENTS

MarTech 2021: March 16-17

MarTech 2021: Sept. 14-15

MarTech 2020: Watch On-Demand

×

Attend MarTech - Click Here


Learn More About Our MarTech Events

White Papers

  • The Six Principles of Building a Memorable Customer Experience
  • 5 Reasons Agencies Adopt Marketing Automation
  • How to Land Higher-Paying Clients: A 7-Step Framework to Grow Your Agency
  • B2B Marketing Trends Shaping 2021
  • State of Email Marketing 2021 Report
See More Whitepapers

Webinars

  • Crawl Your Way Towards Better Search Results With Dynamic Rendering
  • The AI Revolution Is Coming to Every Stage of Your Buyer’s Journey
  • The Fundamentals of Link Building for E-Commerce & Affiliate Sites in 2021
See More Webinars

Research Reports

  • Local Marketing Solutions for Multi-Location Businesses
  • Enterprise Digital Asset Management Platforms
  • Identity Resolution Platforms
  • Customer Data Platforms
  • B2B Marketing Automation Platforms
  • Call Analytics Platforms
See More Research

Register For MarTech - Free

Receive daily martech news and analysis.

Channels

  • Advertising
  • Marketing
  • Content
  • Social
  • Commerce
  • Sales
  • Analytics
  • Management
  • Home

Our Events

  • MarTech
  • SMX

Resources

  • White Papers
  • Research
  • Webinars

About

  • About Us
  • Contact
  • Privacy
  • Marketing Opportunities
  • Staff

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • RSS

© 2021 Third Door Media, Inc. All rights reserved.