What GDPR means for you and data privacy

GDPR, Data Privacy and What it Means for You

Finding the Light at the End of the Regulatory Tunnel

As a marketer or brand advertiser, there’s a good chance you’ve come to think of “GDPR” as a bad word—a digital marketing apocalypse of sorts—designed to make your marketing world even more challenging than it already is. There is another side, however—consumers and their data—and the EU government is doing something about it, starting May 25, 2018. True, it’s not the first time they have taken action by protecting the privacy of their citizens. In 1995, the Data Protection Directive formed the initial framework for data protection, but that was a directive and GDPR is a more strictly enforced regulation that will fundamentally change the relationship that brands and businesses of all kinds have with consumers vis-à-vis data.

If you are thinking, “I don’t need to pay attention, I don’t do business in the EU,” you may want to keep reading. Not only will this change have far-reaching influence and impact all around the world—as any business that either markets to EU consumers or monitors their information will be held accountable to the measures—but it will likely only be a matter of time before tech giants like Google and Facebook stop putting forth the effort of catering to both GDPR compliant and GDPR non-compliant entities.

So, pay attention now or scramble later,  but the penalties for not complying could cause serious financial damage to any business who violates the regulation, with fines of €20 million or 4 percent of their annual revenue, whichever is greater.

The catch? While the regulation clearly spells out that EU citizens (aka, “data subjects”) need to receive clear direction around giving consent and must be able to request, transfer and completely erase their personal data at any time, what is not quite is clear for businesses is HOW to comply.

What Aspects of Marketing and Advertising will be Affected?

Knowing that the “how tos” of complying are a bit murky, especially for businesses outside of the EU, the best thing to do is educate yourself about the parts of your world that will soon be affected. There will still be a lot of unknowns at first, as we won’t have full clarity until litigation begins.

GDPR infographic


Personally Identifiable Information (PII) or “personal data,” as it is referred to in GDPR, can only be used by businesses with the express consent of the data subject. The definition of consent is still in a grey area but personal data includes, but is not limited to, the following:

  • Cookies 
  • IP addresses 
  • Location data 
  • Device ID

What we do know about consent is that it must be freely given, rather than implied. For example, pop ups that say, “by using this site, you accept cookies” will no longer stand as acceptable means of consent.


Both demand-side and sell-side platforms will feel the impact. Publishers who have relied heavily on programmatic advertising face a challenge, but also an opportunity. Reputable publishers will stand a better chance of getting consent because they are a trusted source. The scale will still likely decrease, due to not everyone giving consent, but the quality of the data will stand to increase. And, higher quality is directly proportional to greater competition, which could potentially increase CPMs.


There still seems to be a bit of a discrepancy around what constitutes “unambiguous consent” in the world of ad retargeters. Back in January of this year, while Apple was busy limiting ad tracking in Safari, retargeting firms AdRoll and Criteo were both attempting to get consent by serving in-browser messages that opt users into ad tracking once they close the messages. While both received backlash within the industry for these somewhat risky tactics, we will have to wait and see what sort of action is taken on something like this, post-May 25th.


Data management platforms are among those who will be most affected. They mainly process third-party data through cookies, without a lot of transparency, since it is not currently required. However, this is about to all change and DMPs will be facing more legal obligations around obtaining third-party information and be forced to rely on first or second-party data.

Becky Burr, chief privacy officer for Neustar, told Digiday in January that she believes GDPR will have a significant impact on DMPs and ad tech companies in general. This is because ad tech companies are known to process data based on inferred consent through opt-out mechanisms, neither of which will be acceptable under the new regulation.

If the GDPR is the Challenge, Content Targeting is the Solution

Clearly, GDPR makes it incredibly difficult to go about with the status quo. With all of its regulations protecting individuals’ rights to privacy, mandating unambiguous consent along with accountability and consequences for businesses attempting to collect data, GDPR will change adtech forever. While it may be positive for consumers, especially at a time when data breaches and other instances of data misuse seem to be running rampant, it will make a marketer’s job much more challenging.

Content targeting turns this challenge into an unique opportunity. Instead of relying on consumer information, like the kind that’s specifically being regulated by GDPR, content targeting will allow you to more accurately and relevantly associate your brand with engaging and brand-safe digital video content.

Zefr is one of the only companies out there doing this today with video content – and at an incredibly massive scale across all of YouTube. What makes our technology so unique is that we’re able to navigate the YouTube ecosystem, creating brand associations with video content based on our knowledge of that content at the very granular video-level. Therefore, it’s less about matching up brands with specific audiences and more about syncing them up with the appropriate content. Where there’s a good fit with great content, engaged audiences follow.

Content Targeting Drives Significant Lifts in Purchase Intent, Favorability and Recommendation Intent

Persuasion metrics - content targeting

In many ways, content targeting will be the solution as more restrictive data privacy regulations start to take hold around the world (because, let’s face it, GDPR is only the beginning). It will soon become a staple in any marketing plan and, ultimately, we see content targeting becoming its own industry. As the world around us continues to change, we, as marketers and advertisers, must become a lot savvier as to how we engage with consumers. The rules of engagement are changing before our eyes. In fact, they changed well before GDPR was even talked about, as consumers have become much more aware, generally speaking, of how brands use their information to target marketing messages to them. And as they’ve become more aware, they’ve become a lot more skeptical, making it imperative that advertisers prioritize relevance.

Content Targeting is up to 25% Less Intrusive

Ad intrusiveness by target

So, while you’re preparing for GDPR – which is not an “if” but rather a “when” – just know that your hands are not tied. These regulations might make it tougher to reach certain consumers as easily as it once was, but it will also make you better at creating real and meaningful connections with your target audiences than ever before. That’s really at the heart of content targeting. It’s about relating to consumers through the content they love. This is why content targeting matters – and why we’re certain it will be help you find the light at the end of this regulatory tunnel.

Learn more about how Zefr can help you master video content targeting for your brand.

Published by

Richard Raddon

Rich is co-founder and co-CEO of ZEFR.