Professional Documents
Culture Documents
GDPR 190103202mn
GDPR 190103202mn
So, in simple words, GDPR is a set of basic guidelines that a firm needs to follow to conduct any
operations in the digital space in Europe or concerning European citizens. Companies that fail to
comply by these rules are subject to stiff penalties.
This legislation applies to two different type of data-handlers namely, data controllers and data
processors. Both of these types are explained below.
Data controllers are the ones who are treated by the GDPR as the main parties responsible for the
giving consent and access to the data. As article 5 of the GDPR says, ensuring lawfulness, fairness and
information transparency are the responsibilities and fall under the purview of the controllers. A
controller decides the purpose and processes to be used to analyze the data. Data controllers are
considered the most responsible regarding the protection of privacy rights of the user. For example
the owner of the website of a hotel. Moreover, the controllers need to collect and maintain lists of
data processing activities from all the processors it is working with and, need to present it to the
authorities when requested.
Data processors, on the other hand, are the ones that simply analyze and process the data according
to the terms dictated by data controllers. It is a third party that has been selected by the data
controller to use and process the data. They do not own the data nor do they control it and hence,
they cannot use the data for any other purposes. Continuing the previous example, the hotel
company will use Google analytics to process the data to represent it in an insightful and quantifiable
form. Here Google analytics is the data processor. The processors also cannot use or any other
3
processor, without the permission of the controller in an existing contract. They are also supposed to
maintain a lists of all the processing activities all the controllers it is accepting data from.
Moreover, controllers also need to ensure that the contract with the processors, complies with the
GDPR.
Apart from these, the national authorities can also impose fines on the companies, depending upon
the incident or case of non-compliance or data breach. For the firms that fail to comply by the core or
fundamental or critical GDPR requirements, the fine is up to 20 million euros or 4% of the annual
turnover, whichever is the highest.
4
How Does GDPR Impact Digital
Marketing?
It has been more than 2 years since the GDPR came into effect and has triggered various paradigm
shifts in the ways in which businesses operate in the digital space. Following are some of the aspects
that are observed in the digital marketing industry, post the implementation of GDPR:
Examples
1. The apps on google play ask for the permission to access various data like images, contacts,
etc. upfront, before they start using the app.
5
increased the ROI of the firms on their digital marketing efforts. A smaller target market has allowed
the marketers to shift from generalized communication towards more accurate and tailored
communications to the customers. This especially true for email marketing. GDPR enforcement has
forced the companies to adopt a more user-centered approach and and focus on the users wants and
needs in every email that I sent to the user.
Examples
1. The unsubscribe option given in e-mails along with relevant content that the user has
searched for in near past.
Also, firms like Google and Facebook are required to make their collected data transferable to other
businesses. This regulation somehow disincentivize the process of data collection, due to sharing of
data with a probable competitor.
Native advertising is a form of contextual advertising that the firms have been using even before
GDPR implementation. In this form, the sponsored ads are positioned and designed in a way that they
appear to be a part of the content on the page. However, this form of advertising is also sometimes
regarded by the users as a deceptive technique.
Behavioral advertising is another form of contextual advertising in which ads are designed on the
basis of the users behavior rather than targeting on the basis of the keywords of the used by the user.
Though these forms of advertising are difficult to implement and execute, firms believe that such
practices are the future and will be highly common as we move into the future.
6
References
https://digitalguardian.com/blog/what-gdpr-general-data-protection-regulation-
understanding-and-complying-gdpr-data-protection
https://gdpr-info.eu/
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/
https://ec.europa.eu/info/law/law-topic/data-protection_en
https://digitalguardian.com/blog/data-controller-vs-data-processor-whats-difference
https://www.ironmountain.com/resources/general-articles/d/data-processor-vs-data-
controller#:~:text=According%20to%20Article%204%20of,processing%20on%20the
%20controller's%20behalf.
https://advisera.com/eugdpracademy/blog/2019/02/20/how-does-gdpr-affect-digital-
marketing/
https://digitalmarketingphilippines.com/ways-gdpr-will-transform-the-digital-
marketing-industry-infographic/
https://www.wordstream.com/contextual-advertising
https://hbr.org/2018/05/how-gdpr-will-transform-digital-marketing#:~:text=GDPR
%20will%20force%20marketers%20to,dependence%20on%20behavioral%20data
%20collection.&text=To%20protect%20consumers'%20privacy%20and,use
%20activities%20within%20the%20EU.
https://www.superoffice.com/blog/gdpr/
7
https://www.cmswire.com/digital-marketing/two-years-later-how-has-gdpr-affected-
your-marketing/
https://www.smartinsights.com/customer-relationship-management/customer-
privacy/recent-data-privacy-legislation-and-the-operational-impact-on-digital-
marketers/
https://www.ama.org/2019/05/30/the-impact-of-gdpr-and-ccpa-on-digital-marketers/
https://digitalmarketinginstitute.com/blog/gdpr-and-digital-marketing-how-your-
company-will-be-affected