Skip to main content
28 May 2018

How does GDPR affect the business of agencies and brands?


The introduction of the new General Data Protection Regulation (GDPR) on May 25th, is removing the foundations of our industry which are creativity and communication.  In the last five years, the industry has been basing its revolution (and its salvation) on the holy grail of data compilation, which is ordering and analysis. 

The success in relation to the customers can no longer be only in the hands of the creative insights.  The data and the analysis can be predictive on many occasions about what interests the target and influences its behavior.  This data allows us to establish models of attaining business that are much more precise and, above all, measurable.  The models can locate the activity of communication and marketing in a  more strategic position that is focused on tangible sales results from the very first minute. 

The information is gold and, as such, large speculative operations have been generated around it. All of this information has accelerated the launching of a new regulation that seeks to protect the data that is recurrent.  In many occasions, without us realizing it, we are generating this data and sharing it openly with all kinds of companies. It is clearly a law that is part of the restriction but which, above all, seeks order and transparency.

That is the key aspect that we must keep in mind when dealing with the new regulation. To see this law as an opportunity for global improvement of processes and our industry.

A study from Capgemini among executives from several European countries (including Spain), pointed out that at the end of last year, 85% of companies would not be able to comply in time with the legislation that was enacted on May 25, despite having had two years to prepare. This number seems to have improved in recent months, although no analysis places it above 50%.

We don´t have the data for the agencies´ environment, but it can be very similar.  In the case of the agencies, we are talking about data that affects both their direct business (with the brands) and their indirect business that is generated from their own data storage capacity. 

By focusing on each one of the players, we can say that the scope and effect of the new law operates in somewhat of a distinct form.  The more digitalized the business and the more dependent on third party information they are, the more complex the operation will be for now, until the users get accustomed to giving permission, which will happen with time.

With the new regulation, the biggest difference from the old law, is that companies possessing personal data will basically have to document where the data comes from, such as the custody, and for what purposes they have it.  It is no longer to comply with a law, it is a change of mentality, since it is demanding that those who treat data as a proactive responsibility need to document all that treatment.  The law requires people to commit to: knowing and respecting data protection, establishing guarantees to fulfil their obligations; controlling their practical application, and being able to prove it.

Europe is clearly protected by this law and at the same time it makes some players, especially in the environment of American Martech, decide not to make the jump to Europe because of the restrictions of data management.

Without a doubt, this new law, for the moment, has achieved great business for law firms and, in short, for users who are specialists in taking advantage of these opportunities. But everything will end up being normalized and incorporated into our day to day lives, as we did with the dreaded LGPD or the blackout analog or with...

Submitted by:
Kika Samblás & Patricia Chávez
Partner MD & Consulting Director