The Impact GDPR & Cookie Consent Changes Will Have on Online Advertising

The Impact GDPR & Cookie Consent Changes Will Have on Online Advertising

GDPR is fast approaching and many people are still unclear on every way it will affect them. This blog will talk through the key points affecting online advertising, who is responsible for what, and how to ensure minimum disruption possible to your online advertising. However, this isn’t legal advice.

Key GDPR Areas Relating to Online Advertising:

What They Mean:

  1. Personal Data can only be used with the express consent of the consumer

This basically means you cannot use information about a user without them actively agreeing to it. The soft consent banners we are used to seeing that say “We use cookies – by using this site you are agreeing to the use of them” are no longer good enough.

This includes any information you have on that user – email addresses, payment information, IP addresses, device IDs, location data and most importantly cookies.

  1. Consumers have a “right to be forgotten” and a right of “data portability”

This means users have the right to change their mind at any time and either request their personal information back or ask for it to be erased.

  1. Maintaining data security

Once you have got consent for the data, you must protect it and keep it secure. If a data breach were to happen, you need to report it to the ICO (Information Commissioner’s Office) within 72 hours to all users.

GDPR introduces a duty on all organisations to report certain types of personal data breach to the relevant supervisory authority. You must do this within 72 hours of becoming aware of the breach, where feasible.

If the data breach is likely to result in a ‘high risk of adversely affecting individuals’ rights and freedoms’, then you must also inform the individuals affected.

How Will GDPR Affect Online Advertising?

GDPR will affect remarketing/behavioural campaigns across PPC and social media platforms including Facebook and Instagram. Activity such as remarketing campaigns, RLSA and customer match will all be affected by the new cookie consent requirement.

The good news is that a lot of the responsibility falls to the platforms themselves. The majority, including Google and Facebook have already made the necessary changes to ensure they are already compliant with GDPR. They are responsible for the collection and protection of the data, provided you have ticked off the cookie consent part. Advertisers still need to obtain clear cookie consent from users by providing information on how the cookies are used and having a clear ‘opt-in’ option. Your privacy policy needs to clearly outline this and be updated to ensure it is GDPR compliant.

However, if you are using your current customer emails as a targeting method (for example using customer match on AdWords), then you are responsible for the cookie consent and how the data is handled. If you are found to be using email data without customers consent for marketing purposes you could face a severe fine of up to €20,000,000 or 4% of your group worldwide turnover.

Obtaining Cookie Consent

There are a number of GDPR complaint ways to obtain users consent. Some sites may stick to a small banner to keep disruption to the user journey down to a minimum. Others may go for a large invading banner to attempt to gain as many cookie consents as possible. As long as the copy provided makes it clear that the user has the choice to opt-in to cookies and control their preferences it shouldn’t mean the end of cookies.

The Effects of GDPR

We all know remarketing is a winner across all marketing channels, and it may sound like GDPR is putting a stop to this way of targeting but in the long run, it will actually improve it. Now that users have to opt-in to the use of cookies, the audience data collected will be of much higher quality and much more receptive to personalised advertising.

However, there is no getting away from the fact remarketing strategies will need to change before GDPR comes into effect on 25th May 2018. The audiences will be higher quality, but they will also be much smaller. This will make things more competitive amongst advertisers so bid prices and ad costs are likely to increase.

Here are some of our recommendations for an effective strategy going forward:

  • Make sure you are GDPR ready before the 25th May

Don’t stick your head in the sand to try and escape GDPR because it won’t work! There are hefty fines if you are not compliant by this date so try and be ready as early as possible. We can help make sure you have everything ready and in place to ensure you are GDPR complaint. We have a number of GDPR services including email marketing re-opt in campaigns and privacy policy document review.

  • Keep testing

Whether that be with your budget and bids, or the way you are obtaining cookie consent. Stay ahead of the curve and don’t just copy everyone else!

  • Expand your audiences to try and compensate for the shrinking cookie pools

If you are targeting website visitors in the last 7 days – make sure you are also covering visitors from the last 14, 30 and 60 days. If your lookalike audience was set at 1% before, increase that to 5% and go from there.

Want More Information on GDPR?

We are hosting a FREE GDPR Marketing Event in collaboration with Raworths solicitors on Tuesday 1st May. Hosted at The Tetley in Leeds city centre, you’ll hear from solicitor Phil Parkinson, a GDPR expert, and members of Team Zeal who will take you through what you need to do from a marketing and advertising perspective to be GDPR compliant. Just email events@wehavezeal.com to reserve your place by Friday 27th April.

More From the Blog