Companies have long collected data on consumers to determine what people want and who their potential customers might be. But for anybody doing in business in Europe, how they go about collecting that data just got a lot more difficult. And corporate marketing departments are rushing to figure out what to do next. Last year, Nike held an Air Max Day “vote it forward” campaign to choose a new sneaker design. The company used data on which consumers voted for the winning shoe to target them with an exclusive offer to buy the winning pair, the Sean Wotherspoon Air Max 97.
What changed everything?
The General Data Protection Regulation, which puts consumers in the driver’s seat when it comes to protecting their private information online. Broadly speaking, in many cases, companies around the globe must ask European citizens for their consent before collecting personal information. They can collect only the data they need to do a specific job, and when they’ve got it, they face a host of restrictions on how they use it. Among other rules, they must also delete data when they’re done with it — or when consumers ask them to. That isn’t all. The rules for “third party” data also are getting more complicated. Many marketers don’t collect customer data themselves, so they use the information from other vendors, to help them target ads. Now they must make sure those vendors are in compliance with GDPR standards.