GDPR for Content Design, Development, and Deployment

Page 1 of 2

Article ImageEarlier this year, the European Union’s (EU) General Data Protection Regulation (GDPR) went into effect, and it ripples far beyond the borders of Europe. Although the U.S. has traditionally had a much looser culture of privacy regulation than Europe, the protections afforded its European counterparts through the GDPR might be welcome to many American consumers right about now.

The new regulation—designed to ensure digital privacy and data minimization for European consumers—rolled out during the same spring that Facebook CEO Mark Zuckerberg testified to Congress about his company’s mishandling of personal data. It’s also a year when clear evidence pointed to Russian bots leveraging ill-gotten personal information for nefarious purposes during the 2016 U.S. presidential election.

And although abiding by the GDPR certainly places digital-centric organizations under pressure to wrangle, document, and manage their data flow with transparency and precision,  it also makes the penalties for not doing so prohibitively expensive. And GDPR contains a valuable, and timely, kernel of opportunity. Rahel Anne Bailie, chief knowledge officer for Scroll, which provides content designers and content strategists for digital projects, characterizes it this way: “GDPR represents a chance to take the ocean of data and make it into a lake or make the lake into a pond.” 

For content creators who leverage the regulatory requirements of the GDPR to refine their customer data-gathering processes and create—or rebuild—trust that such data will be used only to the customer’s benefit, the byproduct should be more satisfied, more trusting, and more engaged customers. And that’s a worthy goal on either side of the Atlantic.


Recap of the GDPR

First, a quick recap of what the GDPR does, as of its starting on May 25, 2018. It makes consent explicit, which means that a customer must opt-in to share any personal information (PI) data before a company can store it. It expands the definition of PI far beyond the traditional name, address, and birthday, encompassing a user’s location (including IP address), health, genetic data (including biometric data), and sexual orientation, race, ethnicity, religious beliefs, or political opinions.

The GDPR stipulates that, regarding such information, companies can only collect what they absolutely need in order to conduct their business. The guiding principle of data minimization says that companies can’t collect “just in case” data anymore in the hopes that they may be able to use it at a future date. Consumers have much more control over their own data, thanks to the GDPR. They now have the right to ask companies to show them exactly what data it has collected and stores about them. Consumers can also request that the company flush that data—with the “right to be forgotten.”

The GDPR casts a wide net; contrary to what many seem to believe, it’s not just aimed at organizations based in Europe. Any company—wherever it is headquartered—that collects, stores, and/or processes PI for European consumers is subject to the GDPR. Companies have been scrambling to catch up; a rather bleak 2015 survey from Ovum found that 63% of U.S. businesses expected the GDPR to make it harder for them to compete, while 70% felt that the GDPR would throw the competitive advantage to EU businesses.

Alex Calic, chief strategy and revenue officer for The Media Trust, which provides transparency and ad verification solutions in the online and mobile advertising ecosystem, says that if May 25 came and went without your organization getting its GDPR house in order, “then if the EU comes knocking, you need to at least show that you’re getting your arms around compliance and are on a path toward it.” Because the last important fact about the GDPR is that it has teeth. According to the regulation, companies that fall short of full compliance can be fined up to 4% of annual global turnover or 20 million (about $24 million)—whichever is higher.



Why Should Content Creators Care About the GDPR?

But isn’t the GDPR all about data security? It’s not up to content creators to know what back-end data is being stored by an organization, right? Wrong. That might have been true 10 years ago, but content supply and value chains are more integrated than ever in the digital age.

Tim Walters, principal strategist and privacy lead for The Content Advisory, which helps companies evolve their use of content-driven experiences to build audiences, says, “Only three of the 99 articles in the GDPR relate to data security, and you could argue that really only one—number 32—does.” (Insert your own “99 Problems and Data Security Is Only One” joke here.) Walters says that while security has garnered the vast majority of attention and funding around institutional GDPR efforts, “It’s really about putting people in control of their personal data.”

That would be the personal data that content creators rely on to develop personalized content to engage audiences, to target specific offers to specific users, or to make broad strategic decisions about editorial direction. So yes, the GDPR matters to content creators who hope to serve customers better in an environment in which customers will likely share fewer of the exact datapoints that could allow a content creator to design, develop, and deploy the right message at the right time.

Walters describes the paradox. “It’s a vicious circle,” he says. “Customers want relevance and personalized experiences and will punish brands that don’t provide them. And yet, we’re dramatically more anxious, worried, and informed about what’s happening to our data. We’re reluctant to share the personal data brands need to provide that hyper-personalized experience.” How to resolve the conflict that is present for consumers regardless of which part of the world they live in? By gaining back the consumers’ trust that your organization will treat their data carefully. Luckily, the EU has provided a 99-point plan for doing just that.


From Obligation to Opportunity

“GDPR is a really good opportunity to deep clean under the sofa and get rid of all the dust bunnies,” says Bailie. It’s a chance to take all the varied “data pockets,” as Bailie calls them—the customer view that marketing holds, the slightly different lens through which accounting views the same customer, and the one that the content team has cobbled together—to create a single, integrated, and accurate view, with only as much data as the customer feels comfortable sharing. “What if you had a ‘single source of truth’ about your customer?” asks Bailie. “You could serve the customer better and create better engagement.”

No one believes that will be easy, of course. Bailie says that for Scroll, as for most other GDPR-compliant organizations, the path to doing it right involves “tortured conversation.” She says, “We had to have long, earnest discussions—do we delete client data after a year? Store and encrypt it?” She emphasizes that the goal has to be doing it right—“not just ‘what’s the minimum we need to do to slide by.’ You have to take a longer view.”

But the outcome of those arduous discussions and resulting decisions can be higher-quality data and a single unified vision of each customer, shared within the organization. Done properly, perhaps the more important outcome of a thoughtful GPDR implementation is the customer’s belief that your company takes his or her privacy concerns seriously and is a worthwhile steward of that data. Or as Bailie puts it, “You can be the company that stops annoying customers!”




Page 1 of 2

Related Articles

Attitudes about chatbots play out in how digital strategists and implementation firms look at chatbots in the user experience mix.
What does it take to reach the top of the SEO chart around the world?
Regardless of industry and company size, global content effectiveness relies on three pillars: global reach, local relevance, and personal resonance. These are the key enablers, as well as serious challenges. Since global content strategies are built and executed according to business factors, most success stories are based on these pillars. They push globalizing organizations to synchronize global content value chains with agile product or service lifecycles.
Globalizing your mobile content often involves more heavy lifting than many companies realize. Customizing your digital content for foreign audiences and localizing your app or site requires careful planning. Cutting corners, ignoring the preferences of a given country, and making insular assumptions can backfire. But the right strategies can pay major dividends.
Although Master Lock has done a majority of its business within the U.S., its market was growing in Europe, Latin America, and Japan. Similar to most global brands, Master Lock found that if it wanted to continue growing its market share internationally, it needed to start catering to non-English speakers on the web. And the more the brand grows, the more complex that task becomes. The company needed a partner that could help it translate and localize massive amounts of web content on an ongoing basis. Enter MotionPoint.
English is still the most-studied second language in the world and the most popular language online. More people speak and understand English today than ever before. This might give an impression that publishing useful, usable content in English is a good strategy to acquire new customers globally, but is this really the case? Let's take a look at the numbers.
The term "artificial intelligence" (AI) was first coined in 1956, but it is only recently that the technology has become more available thanks to new hardware, datapoints, and accessible software solutions. Natural language processing (NLP) and predictive algorithms are already inside billions of devices in our pockets, homes, cars, and workplaces. Algorithms power the experiences and content we digest on a daily basis.
When fake news threatens real news, the origin of content begins to matter more. It's no longer a question of how you can use content to enhance consumers' perception of your brand and their trust in it—it's a necessity.
At the end of 2017, with the General Data Protection Regulation (GDPR) looming, research suggested that U.K. small businesses had spent an average of 600 hours each preparing for it.