Five Charts: How the GDPR Will Affect Marketers

Advertisers scramble to comply with new regulation

After months of anticipation, the EU's General Data Protection Regulation (GDPR) finally becomes enforceable today. It's too early to tell exactly how the law will shake out, but some industry observers say it could rattle the ad industry.

The GDPR stipulates that user data can be used only if that individual gives a company explicit permission. There are high stakes for marketers to get their data under control because companies found to be in violation of the GDPR face a fine of €20 million ($22.1 million) or 4% of global revenues (whichever is greater).

But some marketers aren’t feeling too self-assured in their abilities to comply with the new regulation. In a March 2018 survey of 201 US marketing professionals conducted by Openprise, respondents rated their GDPR compliance a 3.10 out of 5 (with 5 being best-in-class). That was the lowest rating assigned to any of the data management tasks they were asked about.

Marketers have strong incentive to tighten up their data, but the law's vagueness and uncertainty around how stringently it will be enforced have created an environment where few companies feel prepared for GDPR. Just 6% of companies in North America are completely prepared for the law, according to a November 2017 survey of IT professionals by Erwin.

There are many issues that make GDPR prep work difficult.

In a spring 2017 survey of 900 business decision-makers worldwide conducted by Veritas, 32% of respondents were concerned that they didn’t have the right tools in place to monitor data as they prepared for the GDPR. About four in 10 respondents said they lacked a way to determine which data they should save or delete.

The GDPR is making users question how their data is being used. In a February 2018 survey of 1,050 UK internet users conducted by The7stars, nearly 60% of respondents said GDPR is making them question how much data companies have on them. And about a third of those polled plan to exercise their right to be forgotten.

Complying with GDPR requires lots of legal and data-related work. Many companies have begun to adapt to the law, but few are in complete compliance today. In a March 2018 survey of 531 US IT and compliance professionals conducted by Crowd Research Partners and Cybersecurity Insiders, just 7% of respondents said they’re in compliance right now, while about two-thirds said they had entered the process of becoming compliant.