Data privacy: What should marketers be doing to prepare for regulation?

"Good marketers aren't spammers, and these regulations simply maintain the high standards they already hold of themselves," says Harold Giménez, VP of Technology at Iterable, on upcoming data privacy regulations.

Date published
September 10, 2019 Categories

Data privacy is a hot topic right now, and rightly so. The Facebook + Cambridge Analytica scandal brought the issue of data misuse to widespread public attention. And, the introduction of laws like GDPR and the California Consumer Privacy Act, rather than quelling fears, have only added to the growing perception that our data has not, up until now, been private. 

So, what does this mean for marketers? The marketing industry lives and breathes data—will this have to change going forward? Or do good marketers have nothing to worry about?

We caught up with Harold Giménez, VP of Technology at Iterable and a data privacy expert, to hear his take on these issues. 

Just how severe an impact are laws like GDPR and the California Consumer Privacy Act having on digital marketing?

Web technologies contain rich and flexible capabilities, making it relatively easy to track and collect data about individuals online. 

This, in turn, has lent itself to somewhat ingenious use by digital marketing and other industries, which has led to an environment of acute concern over online privacy by consumers everywhere. 

The GDPR and CCPA put in place regulation which aims to put individuals in control over their personal data, so that they are empowered to consent to the collection of the data. Consumers also maintain certain rights about access and even deletion of data on the entities controlling and processing it. 

This means that capturing data for marketing purposes in a way that isn’t transparent to individuals, and which does not comply with these regulations, can lead to fines. Marketers need to change the way they capture, store and make use of personal data as a result, and this can be a challenge for some technology stacks.

Given the wealth of consumer data that’s already “out there,” especially for those of us who have been using the internet for over a decade, are these laws too little too late?

Better late than never! Remember that GDPR and California’s CCPA give you the right to ask for the personal data collected on individuals, as well as the right to delete this data. 

What are the key steps that marketing companies need to take to comply with such regulations?

First, marketing companies need to ensure that subscribers opt-in to receiving promotional or marketing messaging in an unambiguous way. 

They also need to explicitly state what information they’re collecting and the intended use for this information. Then, systems must be developed whereby marketing companies must be able to supply personal data to an individual upon request (data portability), and furthermore, procedures with which to permanently delete all personal data (the right to be forgotten). 

Depending on complexity of systems, these may be challenging. 

In Iterable’s case, as a data processor, we provide our customers with an easy mechanism to request data be deleted about any individual. Data controllers, such as our customers, must be able to delete data from any and all processors and remove data from their systems upon a request to be forgotten. 

Do you think marketers can be as effective given these new constraints? If so, how?

Marketing is not about casting a wide net and hoping for the best. It’s more about connecting people with the right product or service in a way that’s relevant at the individual level.

If anything, these constraints will allow brands that are committed to true growth marketing—not hacking or cheap tricks—to really shine.

Will data protection concerns make it harder for marketers to prove their ROI?

Absolutely not. Modern growth marketers don’t find data protection to be a blocker to proving their ROI whatsoever—instead, they see it as an opportunity to validate their worth. 

Good marketers aren’t spammers, and these regulations simply maintain the high standards they already hold of themselves.

How can consumers be sure that companies are actually complying with these regulations?

(For example, Symantec’s State of European Privacy Report found that 90% of businesses believe it’s too difficult to delete customer data and 60% don’t have the systems in place to do so.)

Start by asking for access to your data. If this takes too long, that’s not a good sign.

Do you think we’ll see further data protection regulations being introduced in the near future?

No doubt about it, but these will be regional laws that may or may not apply to your business. The most pressing concerns for companies right now are GDPR and the CCPA.

Thanks for taking the time to answer our questions, Harold! If you’d like to learn more about Iterable, visit

Exit mobile version