The Pitfall of a Post-GDPR World: "Compliance" is Not Synonymous with "Quality"

Post GDPR, many tech companies are pushing a false equivalency between compliance and the quality of their products. It’s crucial to remember that GDPR compliance is not a form of differentiation, but the barrier of entry to doing business in data-driven marketing

September 10, 2018

Share this article

GDPR has had many advertisers and technology companies tossing in their sleep for months. In the lead up to the May 25 compliance deadline, a handful of ad-tech companies succumbed to these fears and abandoned parts of their business in the EU. That would lead us to believe that those who didn't give up -- those who can now boast about "compliance" -- are high-quality companies on the up and up.

If only that were the case.

Since the GDPR deadline, countless marketing departments have tried to make "GDPR compliance” synonymous with “quality,” an alarming false equivalency that undermines the intent of the GDPR and could potentially damage ad-tech and marketing data 9  ecosystems. Linking compliance so closely to quality can lead to problems. For example, hiring a licensed general contractor doesn’t always mean they’ll do a good job with a renovation. The certification certainly matters as a baseline, but there are other metrics you’ll have to look at to ensure a quality end result.

Like a business license, GDPR compliance is not a form of differentiation, but the barrier of entry to doing business in data-driven marketing. This is incredibly important to keep in mind going forward, not because GDPR isn’t important, but because we don’t yet know just how much compliance has affected a company’s entire business model. Some companies have done the bare minimum to comply, and others have made it the central focus of their business.

Right now, most companies that are collecting or processing consumer data in some form likely fall into one of three broad buckets: those who comply and deliver value to their partners; those who comply but offer a substandard data product; and those who don’t comply and either refuse to answer questions or outright misinform partners about their status.

The third category is going to disappear, quickly, as both partners and European regulators better grasp what compliance entails. Any party that says “we comply” and then tries to move on quickly is begging for closer inspection, in terms of both quality and their collection practices. Ad buyers should already able to smell that something’s not right when they talk to parties who can’t speak to compliance.

The challenge comes in differentiating between the two compliant groups. This gets harder if ad buyers remain passive and fall into the trap of thinking compliance is synonymous with a quality offering.

It’s safe to assume that some players in the space right now are hiding a substandard product behind their compliance claims. A brand that chooses to work with a company in this category may, in fact, be safe from GDPR-related penalties, but they may not get the kind of marketing results they want. Those GDPR fines are frightening, but campaign success is the primary goal!

The key is assessing the data product, which requires a return to one of the core tenants of GDPR: transparency. GDPR is driven in part by a demand for the public to know when their data is collected and how it will be used. Ad buyers in the post-GDPR world must now demand similar transparency from their partners if they want to accurately judge how a dataset can help their business.

For some firms, compliance might be nothing more than a band-aid. Yes, they met the standards, but the product and the insights that they sell may be flawed, offering little utility to buyers. Getting themselves in line with the standard may have bought them time, but if the industry pushes for more transparency, they’ll either have to adapt or their days will be numbered.

While GDPR certainly caused lots of hand-wringing, the fears that it would wipe out digital ad industry have largely subsided. We’ve actually seen quite the opposite, as evident in the ad-tech industry’s flurry of summer M&A activity, including AT&T’s $1.6 billion AppNexus, Salesforce paying a reported $800 for Datorama, and a MediaMath raising nearly a quarter of a billion dollars.

But getting past that period of doubt doesn’t mean advertisers can get complacent and somehow view compliance as a stand-in for a quality or valuable product. GDPR has had an impact on the landscape, but more than anything, it set the stakes for doing business. Marketers who truly want to get value out of data and their partners must maintain an intellectual curiosity to push past basic compliance and closely examine what they’re buying.  

This article was originally published on Martech Advisor.