“Data-Driven Thinking" is written by members of the media community and contains fresh ideas on the digital revolution in media.
Today’s column is written by Peter Micciche, CEO at Certain.
If 2017 was the year of the data breach, 2018 is shaping up to be the year of data privacy.
Data breaches impact millions of people globally, and in response, countries and regions have taken matters into their own hands by enforcing standards and regulations to keep data local. This is clear with the imminent implementation of the European General Data Protection Regulation (GDPR) and the already-active Russian data privacy law.
These regulations will need to be followed to a tee, and the tech companies that gather data must pay close attention to the rollout of these policies and understand the rules, as other countries and regions may be next to enforce more localized handling of data.
In particular, US marketers need to have a clear strategy on how to continue to capture relevant and personalized data on customers and prospects, but do so while playing by the rules of a continuously changing game.
Global campaigns, local rules
With the implementation of GDPR, it may start to feel overwhelming for companies to understand all of the new rules and still stay compliant.
For instance, Russia’s data privacy law, which came into effect in 2015, states that companies violating the terms of the law would be placed on a blacklist by Roskomnadzor, Russia's communications watchdog, which would result in fines and blocked access to their websites.
GDPR is, of course, rolling out across Europe in May with its own set of regulations and fines. In response, other countries are re-evaluating how and where their data is stored in order to be in compliance. This forced audit is leading many countries to evaluate their own privacy laws as well.
Another source of contention is the intersection of businesses that operate in multiple countries, the data management for each country and storage compliance. Depending on the sophistication of the country’s laws, stipulations can vary greatly between key elements, such as how data is collected (with or without direct consent or third-party consent) and where it’s stored (in physical data centers – aka “on premise” – or in the cloud). The specific issue of data capture, storage and protection is now tightly integrated with the success of a company’s marketing efforts.
Predictions for the US and beyond
With the EU making major strides to protect the data privacy of its citizens, many are wondering if this will set off a global trend with other countries adopting similar policies.
Once GDPR is live and we start to see the longer-term effects of Russia’s data privacy law, we may witness other countries that follow suit with localized data privacy regulations.
Many countries in Asia, including Singapore and the Philippines, have their own data privacy regulations in place; both countries clearly denote that data subjects’ consent is required for any private sector data sharing. With GDPR playing out, a more unified contingent of Asian countries may step forward with a broader plan, similar to the EU with GDPR. We may even see some initiative to create a global approach, but that might not take place for several years.
For now, we are in a reactionary mode to see if the regulations are manageable from both the regulatory body’s end and companies’ abilities to comply. The immediate concern for marketers is to continue to capture relevant data and stay compliant however they can.