What GDPR means for data-driven marketing
Here’s what marketers need to know to prepare their customer data strategy to comply with GDPR regulations without sacrificing marketing effectiveness.
A topic of much discussion in recent months has been the implications of the General Data Protection Regulation (GDPR) on the availability of data. Today data is the lifeblood of effective marketing, used to obtain insights into as-yet-unknown customers, to enrich audiences who pass through websites and apps, and to better target and optimize advertising campaigns. In May 2018 when renewed data privacy legislation comes into play, marketers must prepare for a seismic shift. Here’s what marketers need to know to prepare their customer data strategy to comply with the GDPR regulations without sacrificing marketing effectiveness.
What exactly is the GDPR?
It’s an important updated data protection law, designed by the European Union to hand back control to data subjects of the use of their data. The law applies to any business, regardless of their location, that undergoes data operations about data subjects in the Union.
One of the most disruptive elements of the GDPR is the need for brands to obtain informed and unambiguous consent to process a user’s data for each individual use case their data will be used for. This represents a stark contrast to the way in which most consumer data is collected today, through invisible tracking pixels tied to cookies, largely harvested without the end user’s consent or knowledge.
What are the different types of data relevant to GDPR?
How exactly the GDPR will impact marketers’ use of data, requires us first to look at the different types of data in play today.
Data can be broadly broken out into three distinct categories, first-, second-, and third-party data.
First-party data:
This is data collected via YOUR owned properties and is your most valuable asset because of its exclusivity, provenance and high quality.
Best of all it is free of charge! First-party data includes but is not limited to:
- Customer information held in your CRM
- Behavioural data gathered from your sites and apps
- Identifiers associated with your customers (email, IDFA, etc.)
- Marketing & advertising campaign data (impressions, opens, etc.)
Because you only know who you know, the obvious downside to first-party data is its lack of scale and availability – most of us aren’t (yet!) lucky enough to have our entire addressable market in our CRM database.
FIrst-party data has a number of clear benefits when compared to other sources of data, namely:
- It is highly deterministic—LTV, prior purchase information, user preferences and CRM data eliminate the need for guesswork.
- It is exclusive—only your business has access to the data.
- It is of high fidelity—your business is the source of the data, leaving nothing to chance in terms of quality and provenance.
Second-party data:
Put simply, second-party data is just someone else’s first-party data.
A relatively new concept, second-party data has entered the marketer’s lexicon as digital brand partnerships have become more common and relevant brands have buddied up to share their insights around consumers.
For example, a leading music streaming service might work closely with a company who sells tickets to concerts, and want to provide more relevant ticket offers to it’s customers who are listening to music on the platform. Through second-party data sharing, the ticket retailer will be able to target country and western tickets to just those people who live in the Kenny Rogers audience segment the music streaming service built.
For a second-party data partnership to make sense there needs to be a good overlap in audiences, and a clear and beneficial value for the consumer.
Third-party data:
Third-party data is usually aggregated information which has been gathered from multiple external sources. Third-party data’s primary benefit is its huge scale and availability.
This scale, however, is at the expense of exclusivity and accuracy.
It can be very hard to derive the exact source of third-party data, and it has questionable competitive advantage given that it is made available to everyone, including your competitors.
Third-party data varies wildly in price, and the majority of audiences in-market are probabilistic or inferred.
A good way of illustrating this is what I like to call “The Hierarchy of Marketer Data”:
How will GDPR impact each of these different types of data?
The GDPR stands to greatly reduce the availability of third-party data in the EU. That means that, by mid-2018, we can expect to see the hierarchy above turned on its head:
Once clearer requirements for consent are in place it is unlikely that the majority of consumers will willfully opt-in to their data being traded when there’s no immediate upside for them.
What are the implications for data-driven marketers?
In the absence of these broad, high-volume audience data-sets, marketers will need to renew their focus on building deep and long-lasting customer relationships – relationships that will furnish their brands with insights over the long-term, and act as a solid, deterministic base for audience targeting and personalization downstream. With this shift, mobile will further cement itself as the highest value channel for customer data collection given its intimacy, the relative permanence of identifiers, and ability to re-engage.
What are the implications for the marketing technology stack?
Unfortunately, many of the web-centric marketing technologies employed by brands today were not architected to handle the complexities of mobile or personal data. Many systems also operate on a basis of anonymity, collecting data via presumptive opt-out clauses which greatly reduces accuracy and fidelity of the information they hold. This simply won’t fly under the new regulation.
It’s no coincidence that we see Customer Data Platforms, and more specifically mobile-first platforms like mParticle, coming to the fore at this time of increased scrutiny. Brands that are not investing in modernizing their customer data strategy face a cliff-edge when GDPR comes into play.