What GDPR means for APAC brands and marketers

By Patrick Milburn, managing director, Hong Kong, Mezzo Labs

General Data Protection Regulation (GDPR) was introduced in Europe on 25th May 2018, modernising laws that protect personal information to create the strongest data protection environment in the world. The regulation had been announced two years ago, yet many companies impacted by GDPR were seemingly unprepared.

In the days that immediately preceded the introduction of GDPR, many companies appeared to panic, hurriedly seeking opt-ins from individuals to continue holding their information. These communications were remarkably perfunctory, and in many cases the correspondence simply reminded individuals of a long since forgotten transaction or registration. They did nothing to build the brand relationship. Arguably, many of these emails were not required as many companies had a legitimate reason to hold the data they had on customers.

There is no doubt that the scope, potential impact and options for implementing GDPR were unclear to many companies, which led to a clumsy attempt at getting customers to effectively tick a box to remain on a mailing list.

An opportunity to reimagine the business

There was a stark contrast, however, between the many companies’ bungled attempts and those that took an active approach to GDPR, using it as a springboard to refine their data strategy. These companies saw GDPR as no more than a bump in the road and took the opportunity to reshape their businesses around data strategy, focusing on collecting proprietary data and developing deeper insight capabilities ahead of time. The best companies in Europe have used GDPR as the impetus to improve their ability to serve their customers and create competitive advantage through putting data at the core of their business model.

This is especially evident with many newer and digitally focused companies who have shaped themselves around the opportunity that GDPR creates. Tom Charman, CEO of KOMPAS, the pocket guide city exploration app, said they “have made sure they have data privacy at the top of their agenda, and are using GDPR to explain to customers why they're collecting information and the benefit that it provides to the individual”. They have not overloaded their customers with requests to opt-in. They haven’t needed to as the company already used data as the foundation on which to build better relationships with their customers.

Building proprietary data

An equally compelling need for businesses of all sizes to create a proprietary data strategy arises as the third party data used to build insight is subject to GDPR. Third party data sources will become more costly, more risky and prone to consumer opt-out.

While the most credible third party providers have responded positively, it is likely that some are forced out of business by the increased transparency forced on them by GDPR. Inevitably the requirement for third party data providers to reassess how they collect and provide data to their clients will mean there will be less third party data available though it may be of a higher quality.

According to a 2017 report from the Ponemon Institute, 56% of respondents to a survey had experienced a third party breach, up 7% from 2016. With the additional regulation, the potential costs to companies using third party data sources will increase either through the cost of ensuring the services they use are compliant or the direct impact of a data breach.

Even the largest third party providers have attracted the attention of the regulators. Facebook and Google, two of the main data providers for businesses around the world (if you advertise on them you use their data as a data provider) and for whom data is a vital revenue stream, have been accused by the Norwegian Consumer Council of giving users “an illusion of control” over their data. In addition, they stated that while “Google's privacy dashboard promises to let the user easily delete data… the dashboard turns out to be difficult to navigate, more resembling a maze than a tool for user control”.  This challenge illustrates that the EU is determined that companies will fully comply with GDPR, and even the appearance of attempting to circumvent it have been swiftly challenged.

There is every likelihood that through a combination of legislative enforcement and personal choice, individuals will reduce access to their personal data on these third-party platforms.

The best companies are actively building their knowledge of their customers and prospects via their own data platforms and capabilities, mitigating the risks and costs of relying on third party data.

Data as competitive advantage

Perhaps the most compelling opportunity provided by GDPR was illustrated by the World Federation of Advertisers, when it published its Manifesto for Online Data Transparency in April. It set out a “people first” agenda which committed its members, the largest global advertisers, to an approach that requires them to use data to build meaningful relationships with customers.

French cosmetics company L’Oreal was a great example of this. L’Oreal was able to use GDPR to cleanse approximately 50% of its French database. With relationships based on consent, L’Oreal has been able to improve its targeting to the remaining 50% of “loyal” customers.

As with almost all EU mandates GDPR will likely become a worldwide standard. There is a growing body of evidence in Europe that it can be used to frame a positive approach to data collection and a focus on building relationships with customers.

Better Customer Relationships

The “stick” provided by GDPR has given additional impetus to European companies to shape their data strategy, improve their proprietary data collection, analysis and insight. The opportunity, the “carrot”, is being able to generate a genuine competitive advantage by bringing them closer to their customers. For APAC, it is clear that companies who embrace an active data strategy ahead of legislation in most APAC markets will be able to improve targeting, reduce the cost to serve and build deeper, more transparent and ultimately more valuable relationships with their customers.