Assessing GDPR's Impact on Its One-Month Anniversary

One month ago today, the General Data Protection Regulation (GDPR) went live. It's still early days, so it's difficult to accurately gauge how the new law might alter digital advertising. Regardless of what effect the GDPR might have, it has already gotten marketing tech companies to take notice and pivot their business models.

Since the GDPR—an EU law which stipulates that a user's data can only be used if they give a company explicit permission—went into effect May 25, the watchdog overseeing the regulation has received more than 1,300 complaints. The anxiousness that the GDPR is creating among company executives can be seen in the fact that it is getting mentioned more on earnings calls. CB Insights analyzed more than 6,000 earnings call transcripts from companies across the globe and found that the number of times GDPR was mentioned during the calls increased from seven in Q1 2017 to 177 in Q1 2018.

In the US, ad prices haven’t taken a hit since the GDPR went into effect, according to an analysis by Ezoic. Meanwhile, in the EU, there was a brief reduction in CPMs, but the end-of-the-month decrease was commensurate with what often occurs when ad buyers reset budgets at the start of a new month.

About a week before the enforcement date in late May, Vibrant Media surveyed 32 UK senior ad buyers and found that they were split on how they thought GDPR would affect them. When presented with the statement that the GDPR will lead to a reduction of programmatic ad spending, an equal number of respondents—42%—agreed and disagreed with that notion. The remaining 16% had no opinion either way.

To get some more clarity about what’s going on with the GDPR, eMarketer asked some ad tech insiders what they thought of the regulation’s effect so far.

Joe Weaver, CEO, Promatica: "We’re most surprised by the enthusiasm around brand marketers [who] want to learn and discuss data. Before GDPR, you would see everyone’s eyes glaze over when talking about data. Now, CMOs are showing up to meetings and asking intelligent questions not only about GDPR, but about data strategy in general.

Neil Sweeney, Founder and CEO, Freckle IoT: "Some people still have their heads in the sand and are not taking it nearly as seriously as they should. This is a massive mistake on their part. I'm also slightly surprised that there have been only a few lawsuits. I was expecting dozens of lawsuits happening on day one. However, it looks as though the regulators are doing more watching than acting right now—which is not a bad thing, as people and companies are changing."

Dmitri Lisitski, Founder and CEO, Influ2: "The biggest surprise around GDPR to me was the privacy policy updates coming after May 25. There were quite a few established companies that were late. I think the market of third-party data in Europe will be getting the most hits going forward. It wasn't very developed until now, and I don't understand how a third-party data provider can be GDPR-compliant."

Danny Khatib, Co-Founder and CEO, Granite Media: "I expect that some supply-side platforms (SSPs) are not properly stripping data from upstream requests to demand-side platforms (DSPs), and that will fall under a larger microscope from industry folks like DoubleClick Bid Manager. I would imagine it will take a while for the enforcements to happen. The next big shift will be to see what happens in the US."

André Ferraz, Founder and CEO, In Loco Media: "It’s a great first step, but it is harming startups and benefiting the large tech monopolies because the cost to become 100% compliant is too high."