Clarifying the implications of the GDPR for the activities related to marketing was the goal of the conference "GDPR, communication and marketing activities: what really changes in Italy. Instructions for use ", which was held in Milan on 22nd March.
The deadline of May the 25th, starting from which the GDPR will be fully implemented, is getting closer and the operators' concern about the actions to be taken to ensure compliance with the new European Data Protection Regulation is growing accordingly.
On the stage of the event, organized by UPA (Utenti Pubblicità Associati - Associated Advertising Users) and by the FTCC law firm, lawyers and representatives of the institutions, but also users such as Ferrero, Alitalia and Heineken.
"The GDPR - comments Lorenzo Sassoli de Bianchi, President of UPA - represents an opportunity for marketing operators who will be able to acquire and maintain the users' consent over time, profiling their audience better and creating a lasting relationship of trust. We move from a Big Data logic to a Small Data one. We will have less data but more profiled and precise".
In essence, the GDPR paves the way for a new competitive environment, a responsible data market that will trigger a process of natural selection among economic operators. In this, the role of technology is fundamental. "The fluidity of data within the system is so important when they are usable - he continues -. This is why technology must evolve: to allow people to express their consent in ways other than the traditional ones."
GDPR and profiling: the value of the Data Management Platform
"The Regulation is a real Copernican revolution - explains Giovanna Bianchi Clerici, member of the Board of the national Data Protection Authority -, a revolution necessary to keep up with a technology that evolves faster than the rules.
With the GDPR our perspective towards personal data protection changes completely. We no longer speak of the protection of a right but of the impact of the data treatment on the physical person. We no longer speak only of data but of metadata, that is, digital traces and web navigation behavior".
One issue that was discussed a lot during the event was the consequences of the GDPR on profiling. A hot topic for marketing operators, especially in light of the growing importance of the so-called automated processing of data - through cookies, cross-data, inferential models, fingerprints, facial recognition and modern profiling technologies like NeoData's DMP, the only vendor invited on the stage of the kermesse.
The co-founder and COO, Tommaso Giola, with the help of a pool of experts, generated a very interesting round table.
GDPR: what changes and what does not change
It is Paolina Testa, lawyer of the FTTC study, who schematizes what are the new features introduced by the GDPR:
- More detailed information on the purposes of processing and the rights of data subjects
- New consent formula (profiling requires explicit consent)
- For sensitive data, moving from written consent to explicit consent (often given electronically)
- The obligation of prior notification is abolished
- New accountability measures are introduced (data treatment register, impact assessment on data protection and identification of the Data Protection Officer)
However, Pierluigi Cottafavi, a lawyer of the same firm, clarifies that "if the consent to the processing for marketing purposes has been collected in compliance with the Privacy Regulation, it will be sufficient to communicate to the interested parties what additional rights are guaranteed, without the need to require consent again ".
GDPR and reconciliation of customer profiles
Perhaps the most burning issue for the audience of managers attending the conference seems to be the reconciliation of client profiles.
Neodata's Data Management Platform allows you to do it easily. "Think about companies who want to get a unique identifier to track and analyze the behavior of a user, regardless of whether the information on the profiled individual comes from the CRM, the mobile app or a web page. What should they do to make sure they're compliant?" Asks Giola.
Systematic treatment activities, such as those to guarantee the client's unique view, require the company to comply with the accountability measures.
Above all, they oblige you to provide interested parties with information on the methods and purposes of the processing and to request specific consent for each platform used along the data treatment chain.
At the end of the day, a message of encouragement from the office of the national data protection authority arrives: "At the base of the GDPR - concludes Bianchi Clerici - there is a very realistic approach that promotes a new culture of data. The most important aspect for marketing operators was and remains the monetization of data as well as the extraction of value. But there will also be a new dimension of competitiveness, linked to compliance, which will allow the market to clearly distinguish between virtuous and negligent companies".