With the amount of digital information and data that businesses collect, process and store, the original and long-outdated Data Protection Directive is now set for a transformational update in May 2018, becoming the General Data Protection Regulation (GDPR).

Creative agencies and their clients that act upon personal data held on all individuals in the European Union, regardless of where they are based worldwide, will be affected by the new regulations. It is therefore essential that careful preparation is taken to avoid subsequent further issues.

The collection and handling of data

Data has been at the centre of GDPR discussions, in which personal data including fingerprints, text messages and general business information will be highly protected under the new laws. The constant flow of data, both between agencies and existing clients, and when sourcing new briefs from potential clients, is essential in ensuring projects are completed on budget and time.

As a result, agencies should look to become increasingly transparent about what will happen to the data, communicating this to clients. Internal and external privacy policies should also be aligned to the new rules, to ensure complete compliance before May. Although GDPR is on the lips of the entire creative industry, agencies should clearly communicate the changes and why this is being made.

Due to the new regulations that subsequently put the end user back in control, data will become much harder to access, which could lead to a restriction in how marketers effectively target end users, based on the personal data that has been collected, inevitably slowing the overall process. All data touch points in the relationship between agencies and their clients will have to be reviewed; We believe that the industry shouldn’t just accept that the process will slow down, but instead plan ahead to drive business development and sales.

Back to basics

If you are an agency that already holds a substantial amount of data, you’ll likely be in the middle of a ‘data detox’, ensuring the ways in which information is collected, recorded, stored and erased is completely transparent. It is important that the request for consent is kept separate from any other terms and conditions, and that there is adequate guidance and details on how to withdraw consent for individuals that this might apply to. Otherwise, a mass opt-out might be what awaits you, rather than keeping your ‘data individuals’ happy.

For agencies that are onboarding with new clients, the regulation update is a great opportunity for privacy protection guidelines to be built into the contracted agreements from the offset. By taking a more back to basics approach, agencies and their clients can ensure that this entire process is clear and concise, ensuring all parties understand the new regulations.

The data guru

A big focus for global agencies that handle and process a mass amount of data, is to hire a Data Protection Officer, who will have several responsibilities to make sure the business is abiding by the new regulations, while acting as a representative when data is discussed. The individual must know and keep track of when consent was given for the data, raise awareness internally and externally about GDPR within the business and manage the data protection obligations. Ultimately, the data buck stops with the Data Protection Officer.

A new world with GDPR

We are entering into a new era for data analysis; GDPR shouldn’t be seen as a hindrance for agencies and the clients. It should serve as an opportunity to review and refresh their internal processes, with absolute transparency promoted as a must throughout all areas of the data collection and handling process. The new regulation will transform the way in which all areas of the marketing matrix are managed and implemented; agencies should take the long-term approach to ensure complete GDPR compliance, instead of receiving the punishing fines that possibly await.


By Robert Berkeley, president of Express KCS

GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/

comments powered by Disqus