gdpr data through magnifying glass
Ian Lowe Posted by Ian Lowe May 28, 2020

GDPR and what it means for big data companies in the U.S.

When it comes to GDPR compliance in the U.S., it’s almost painful to recall how wide open the possibilities seemed only a few years ago. And with the two year anniversary of GDPR on May 25th, it’s a good time to look at some of its impacts.

It seems like only yesterday when big data was going to steamroll its way across the digital marketing landscape. Collecting and analyzing oceanic data pools would power personalization – even hyperpersonalization, (and we know how I feel about personalization) – opening up a golden age of predictive analytics, of 1:1 marketing.

Then the steamroller smacked up again a mountainous boulder: The movement among consumers, legislators, and regulators toward data privacy, manifesting itself in the General Data Protection Regulation (GDPR). This was soon to be followed by the California Consumer Protection Act (CCPA) and a bevy of proposed and enacted regulations aimed at giving consumers more power over their personally identifiable information (PII).

So, has GDPR compliance in the U.S. squelched the promise of big data? Not necessarily. It’s a matter of adaptation to new circumstances. If the boulder stands fast against you no matter how hard you push, there is a secret. It’s to make the boulder – that public sentiment about data privacy – your friend.

What changed for big data under the GDPR?

The GDPR is, to put it mildly, a pretty big boulder’s worth of regulation. It’s made up of no fewer than 99 Articles and an additional 173 legal declarations, or “Recitals,” which lay out details and insights about the function of the Articles.

The ones that matter when it comes to GDPR compliance in the U.S. are those that define a cornerstone of the regulation. It’s where it defines “data profiling,” which the GDPR views as the collection of personal data, and the subsequent use of same, to reveal information about the data subject.

What constitutes profiling? Processing personal data to determine and predict details about individuals like their socioeconomic status, demographics, region, movements (both physical and digital), and more. These are then used for targeted marketing, among other purposes both strategic and tactical.

For U.S. companies, not having on-the-ground operations in the European Union makes no difference in the eyes of regulators; if they collect PII for purposes like profiling from EU residents, they’re liable. Many American firms are beginning to understand that, as well as the difficulties of maintaining compliance, as companies like Amazon, Apple, Facebook, Google, Spotify and Twitter run afoul of the GDPR.

Remove profiling from the equation, however, and the big data flywheel gets knocked off-kilter. Analytics and personalized marketing become much more difficult, nearly even impossible.

New rules, new tools … new opportunities?

It’s premature to write off big data for digital marketing. First, let’s understand that the GDPR actually provides legal grounds for data processing that don’t require explicit consent from the data subject. For instance, if you’re following through on a contract or agreement with the data subject, or you’re acting at their request. Or where you have legitimate interests in processing the data that aren’t overridden by the rights and freedoms of the data subject.

So having a clear understanding of what those rights and freedoms are, and of the relationship you have with the “subjects,” is crucial to GDPR compliance in the U.S. That will let you map out where you need to gain explicit consent.

Big data practitioners also must institute new practices around matters like data storage limitation, where the purpose of the data collection dictates how long you can retain it under the GDPR (not to mention other regulations in the financial services and healthcare sectors). Here’s one cited example, “Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers.” Data from an A/B test for a global website that already has a strong knowledge of its user base might have to be deleted after a week, while data captured by a startup’s site might be retained for months as it’s processed to give the new firm a basic grasp of how users employ the site.

To ensure GDPR compliance in the U.S., finserv companies, in particular, are turning to tools like Enterprise Content Management (ECM) platforms to automate the proper storage and timely cleansing of databases and document archives. These can verify data has been properly collected, is accurate and current, or delete data that’s reached its regulated expiry date.

Consent is the way back to big data

For digital marketers, though, there’s a means of gathering the data they need to deliver more targeted and personalized campaigns and assets. That’s by obtaining consumer consent, of course.

There isn’t overwhelming, innate resistance to sharing personal data among consumers; rather the opposite, in fact. A 2019 Deloitte survey found that 71% of consumers would be willing to share that data with retailers in exchange for better pricing, special discounts, or exclusive offers. Even though only 5% of respondents placed “retailers” among the top three businesses they’d trust with their data.

It’s a lesson in transparency and quid quo pro, of course; if you explain why you need their information and offer an incentive for sharing it, most people will be more than willing to provide that data. Personalization remains a strong lever among consumers of every generation, and the more personalized an omnichannel marketing experience you’re able to deliver, the more likely they are to gratefully give you the data you require.

One way to make consent a painless and seamless experience for consumers and marketers alike is to adopt a Universal Consent Platform that can ensure they’re in compliance not just with the GDPR, but with the CCPA and other mandates. It’s the best way to both respect your customers’ privacy and maximize consent rates, while ensuring you’re being compliant within every state, nation, or region where you’re operating.

GDPR compliance in the U.S. is a fact of operational life for US-based global marketers, but with the right digital compliance tools, big data marketing isn’t out of reach. In fact, by demonstrating how you value customer privacy, too, they’ll help you make it more attainable and effective than ever.