Read our new manifesto
22 - 26 March

Festival for a rapidly changing world

Topics include: Direct to consumer / E-commerce / Data & privacy / Martech

Brands, publishers and agencies on biggest worries as they prepare for GDPR

While the General Data Protection Regulation (GDPR) has been on the industry’s radar since 2016, there still seems to be a great amount of uncertainty across every sector about just what it is going to mean for marketers moving forward.

In a Forrester report released this month, it was revealed that only 26% of European firms report that they are fully GDPR compliant, with 30% of global companies falsely thinking they have done enough to comply with the regulation.

Grapeshot, vice-president for EMEA, Richard Sharp said he sees GDPR as an opportunity and added: "Advertisers have gone too far with their use of data. Context is what advertising is about and this (GDPR) provides us with an opportunity now for us to move back to to the use of context alongside quality data."

Meanwhile, Siteimprove product unit director, Mikkel Landt, pointed out just how much work needs to go into ensuring compliance. He said: “GDPR is not something we can simply just check mark and be done for the year, this is something you need to monitor on a regular basis, you need to be aware of what is going on so that you can control the outcome.”

The global chief executive of The Marketing Group, Mary Keane Dawson, described her surprise at how liberal European companies use of personal data was following a stint working in the US. She said: “I had to go through a very rigorous set of exams to be able to work with this data. The one thing that struck me, when I am talking to clients in particular, is the level of ignorance of what GDPR means for their business.

“And they are a little bit lost on where to go for advice or information about this because a lot of big agencies are nervous about giving advice or guidance. Because you know if we sit on our hands maybe it will go away."


As agencies and brands alike get down to the nitty-gritty for the upcoming legislation in May, there has been a lot of discussion about re-papering, a process that involves going through every contract to ensure each accommodates the regulation.

Nigel Gilbert, vice president of strategic development at AppNexus, explained how much work has gone into the adtech outfit preperation. He said: “In GDPR, platform changes need to be set up by default to have users privacy available. We have to be able to demonstrate that we have done that effectively. We have to re-paper every partner we are connected to and every client we have got.

“It is into the thousands and every single one will have their own questions and point of view. That is something we have been working on for more than a year, we have been doing this for a year and a half now.”

For others, namely companies without legacy systems, the task is much easier. Dawson said with media agencyTruth, set up last year, it insured processed with GDPR-compliant from the get go.

She added there is a concern for bigger agencies and those who have been working in the industry for a certain amount of time. She said: “People who have been in roles for a very long period of time, particularly in the data place, never really had any kind of frameworks. The law and regulations has been very light touch. But with GDPR there are rules and very strict laws on the definition of first party data, second party data, third party data - what does that mean?”

Oath head of data and attribution, Alex Timbs, explained the implications for publishers may be more positive, saying marketers will seek quality over quantity when it comes to sourcing data.

"Scale doesn’t count for quality. We do have large amounts of verified data from our consumers but there is an opportunity for transparency now. So consumers can see exactly what data any of these technical players might hold on them and they can review their profile. So that leads to better quality.”


Due to the lack of guidance from the regulators, the industry has been forced to come together in a bid to make a clear judgement call. The idea of competitors coming together caused a lot of murmuring at The Drum’s GDPR breakfast, however it is not unlikely.

Gilbert explained how IAB Europe has released an open source tool, which has seen a number of competitive adtech firms come together. He said: “The open source has been put together of at least 15 adtech contenders who historically would be at each others throats because we all want the same thing.

"We want publishers to get consent from their users to show them advertising. To access their data in certain ways, we need advertisers to get consent from their customers and we need all that to happen really quickly and in the right way. It’s not if someone does something wrong oh it’s okay for us.

Sharp concluded that the big challenge for the industry would be post-May, when every advertiser will be forced to demonstrate its value in a consumer’s interaction through better, more relevant content. The European Data Protection Regulation will be applicable as of May 25, 2018. "After the May deadline our industry cannot work the way it has in the past. But the question remains, how do you make advertising or the user experience better and compliant? Consent and compliance alone are not the answer, the solution has to be about value. That is going to be a huge challenge and perhaps the real chaos for us, this side of advertising."

Comment came from a panel session held by The Drum focusing GDPR within the industry. The Drum hosts monthly sessions, which are free to attend and can be found on The Drum Diary.

Join us, it's free.

Become a member to get access to:

  • Exclusive Content
  • Daily and specialised newsletters
  • Research and analysis