Don’t let GDPR pour cold water on your big Idea!

In an industry that thrives through innovation, anything which slows progress like GDPR is a pretty big deal. One that has the potential to interrupt your big plans to build a new piece of technology. Thankfully now that the new regulations are in place, things may not be that bad if you approach your project in the right way.

Plenty of talk about GDPR

For the last 2 years we have been hearing with increasing anxiety about the new General Data Protection Regulations which are now, finally in place as of May 25th. Big sigh of relief and pats on the back all round for making it through alive.

At this point “GDPR” has almost become a profanity in most of our vocabularies. It has surprised me how those four letters have gained the power to make a whole person visibly sink into their chair at the mere mention. It was even immortalised by memes springing up to bemoan the topic, providing a few laughs in what was looking like a miserable situation.

Preparing for the Data Protection storm

The lead up to GDPR enforcement was a road riddled with ambiguity and risk. Nobody anywhere was enjoying working through this process and a lot of people were very openly far from optimistic. Media providers and publishers (supported by the IAB) scrambled to ensure that they could collect the right permission from users to ensure the gargantuan machine that is the media industry, could keep turning over.

In conjunction with industry body the (IAB), companies normally used to being in fierce competition for audiences, even began to share their permission wording, to ensure they gathered enough scale as a collective. Such a move may seem surprising but with European media spend at a value of well over $100bn USD per year (Statista), you can well understand what is at stake for all parties should their industry not be able to operate.

Many business leaders who I spoke to during this time were quietly commenting along lines of “Business will not be the same afterwards” and “Not sure what the future holds”, whilst others who relied on 3rdparty data sources to operate considered closing their entire operation. Plenty to look forward to by sounds of that.

“Batten down the hatches”

There was a big storm on its way and companies wanted to protect themselves from non-compliance related penalties. As a person working in the digital technology sector, I witnessed a gradual paralysis of many companies from a developmental point of view.

As logic suggests, any ‘Information Technology’ project was always going to be affected by the most radical change to the data protection regulations that we had all ever seen.  The Technology portion of the market was naturally a little unsure about taking their next steps until the final position on GDPR was clarified. Projects were being side-lined until the way forward was clear. By contrast, the Information portion of market, being the companies who made data their business, just froze.

You can begin to understand the feeling of a mild panic with the frightening penalties that faced any wrongdoers.  All companies had a strong incentive to get GDPR right … Whatever that actually meant in reality.

“Let’s get some GDPR advice”

Conveniently for business owners, an entire sub sector offering GDPR advice and guidance emerged to help them find a way through the tangled mess.

Essentially these companies were being paid to tell their clients they did not know what specific advice to give until firm benchmarks were set. “Use caution” would be the main advice given to those asking where to tread next.

A cynic might consider these advisory companies as feasting on the confusion.  In truth having a 3rd party advising not only shares the accountability but provides peace of mind through following a path shared by others.

As you would expect, the market slowed down dramatically, in preparation for the unknown happening on May 25th2018…

The Big Day has passed:

These few days since have felt a lot like the aftermath of a hurricane, with people surfacing from their buildings expecting a scene of pure devastation.

But actually, by all accounts the windows and doors of your building remain attached, your company directors still have their liberty and there have not been any earth shattering fines for any breaches… so far so good.

Getting back to business as usual – privacy by design

One way for companies already building technology before the GDPR change, to ensure their operations would be compliant, was by building privacy into their technology from the start. Any business who grasped this quickly in preparation for the new rules would guarantee themselves a fast start under GDPR.  For others starting projects now this would simply be the new norm, so they had some new things to consider first.

Privacy by design is a label to use for technology design or a system that ensures citizens retain control of their data even when sharing. It used to be a differentiator, but now GDPR requires everyone in an organisation to understand privacy and bring privacy considerations into product design and processes at the earliest stages.

Designing new technology from its inception to be compliant is ultimately sidestepping the data minefield. A big challenge is sustaining an end to end focus on the goal of user privacy, in conjunction with finding a balance to deliver the right functionality or experience in the end product.

As more companies begin to better understand both GDPR (and the not so spoken about) e-Privacy Directive I think there will still be room for differentiation through the delivery of new technology we see, even though the regulation expects it.

What about Context?

Finding alternative ways of personalising content, is an important hurdle which can be jumped with a switch in mindset towards how you decide what to show someone. One way to navigate around the whole data issue is to through the use of contextual triggers instead of personal data.

As an example, within the online advertising industry if targeting contextually, a person is targeted based on the content they are engaging. This is rather than using data driven marketing which is based around profiling ‘segments’ of audiences.

When using contextual targeting, the Advertising party pays for someone to see their product based on the relevance of what they look at, (Sports product on a sports content page) rather than the pre-constructed ‘audiences’ which tell them someone likes sports and to serve the ad irrespective of the environment.

With companies like Oracle recently buying Grapeshot– a leader in contextual marketing, there is clearly a consensus that this is a major playing field going forward. Media spend in this area is booming under GDPR and the results are impressive too, so perhaps not a disaster for the future of the industry (see article on Digiday for latest on Contextual Advertising market).

So what now with the technology?

I am looking forward to seeing the next waves of technology to hit the market in this post GDPR world, as I believe we will see some true innovation that does not come at a cost to the user. We have never had so much power to decide what we see online as we do now, enabling us to define our own online experience and leaving opportunities for companies to help us carve our own unique experiences.

Sometimes I feel like we have got so fixated on finding the perfect formula for predicting our audience’s behaviour, that we forgot to observe what’s actually happening in a more obvious or literal way. Technology platforms in general which are built with privacy by design and allow for contextually driven interactions, may actually benefit from a simpler, smoother and more relevant user experience. Adding the benefits of not using our personal data to this mix and you have the recipe for building tools that might be more engaging and even perform better than the old ones.

James McDowell