Skip to main content

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice

How the General Data Protection Regulation continues to impact commerce and consumers

Tara DeZao, Log in to subscribe to the Blog

In fall of 2017, the legal teams from AdTech and MarTech – that had combined to form the industry moniker MADTech – were preparing furiously to comply with the impending landmark General Data Protection Regulation (GDPR). This EU law, implemented on May 25th, 2018, imposes obligations onto organizations that target or collect data related to consumers in the EU. It’s the most comprehensive data privacy law ever to be enacted and has had global reverberations because it imposes significant fines on the law’s violators regardless of where a business is based.

Complicating the data economy even further, Google Chrome (which boasts a massive amount of traffic on the web) has plans to deprecate the third-party cookie in 2023. It's a mechanism that many organizations use to personalize marketing and connect consumer experiences online. The long-term effects and impacts of these factors remain nebulous, which has caused many organizations to re-think their data strategies.

So, we’re now four years into business functionality under GDPR. How has it been impacting commerce and consumers?

Legal woes and fines continue to pile up

This legislation has impacted technology companies especially hard, specifically organizations whose business models rely on monetizing or utilizing external data for marketing. Law firm DLA Piper issued a report in January 2022 highlighting that fines related to breaches of the law this year skyrocketed to seven times more than the previous year, amounting to 1.2 billion dollars. Fines this large have the potential to damage business functionality for years to come making the stakes for compliance high.

Adding to the data ecosystem’s woes, Belgium’s Data Protection Authority just ruled that the way many organizations have been obtaining consent to collect consumer data actually violates GDPR. Many businesses who collect consumer data online use what’s known as a “cookie wall”. It’s the banner that activates when consumers visit a website asking for consent to collect their cookies and was specifically developed to help businesses stay in compliance with GDPR.

The core of this battle is the question of whether consumers should be able to agree before they have actually seen the content. This will be an ongoing battle and may displace the third-party cookie as a viable data source prior to their deprecation in 2023.

Consumers care more than ever about transparency

The impact on businesses has been so widely discussed and measured that we often forget to look at the heart of what drives data privacy regulation: the consumer. By the time that GDPR was implemented in 2018, consumers had reached their limit with data privacy breaches and felt uncertain about how various kinds of their personal data were being used for marketing and beyond. The tech industry waited too long to be transparent and as a result, consumers began to conflate innocuous activities (such as using anonymous browsing data to serve display ads online) with real privacy breaches like exposing consumers’ credit card information. Fear, uncertainty, and doubt were the by-product of this perfect storm which meant that consumers, especially in the EU, welcomed the regulation.

Just before the implementation, Pega surveyed 7,000 consumers across seven European countries to gauge their attitudes toward the legislation before it came into effect, revealing that a majority of European consumers will likely embrace their new data access rights under GDPR.

Consumers, unsurprisingly, want transparency into how their data is being used.

Our 2018 survey revealed that of the rights GDPR affords EU citizens, 47% of the surveyed consumers said that the most important right was to be informed about which stored data is about them. Another 22% said that erasing their stored data was the most important right.

And we now know that this sentiment has only gotten stronger since the law was enacted and that there was real follow-through on consumers erasing their data.

Cisco also confirmed these trends about consumer trust in their most recent Consumer Privacy Survey – 86% of those surveyed over the last three years said that they care about data privacy and protecting others, and they want more control over their personal data. Additionally, of the respondents in the EU, an average of 16% said that they have actively requested changes or deletions of their data.

Moving forward: Alternative solutions and resourcing data from within

GDPR.eu published the most comprehensive checklist as a resource to help organizations confirm compliance with GDPR. Ideally most businesses are readied and compliant with the law. Just as important is that the research above illustrates that consumers want to be informed and want businesses to be transparent with how their data is used. Brands that do this voluntarily and explicitly will benefit long-term for committing to build trust with consumers. The path to this end begins with auditing your data strategy and knowing what types of data your organizations uses and collects for marketing. It’s important to know the source of data, why and how it’s collected, how it’s processed, cleaned, or disposed of. Understanding this will make it easier to transition to more sustainable data futures.

Third-party cookie alternatives are emerging to fill the gaps looming for many organizations that do not want to run afoul of GDPR and whose businesses will be highly impacted by third-party data deprecation. For example, in 2020, Forrester Research defined a new type of data, zero party data as “data that a customer intentionally and proactively shares with a brand, which can include preference center data, purchase intentions, personal context, and how the individual wants the brand to recognize her.” The efficacy of using emerging types of new data sources is yet to be determined, however where consumers can really opt-in because they choose to share their data and not just to see content is one of the more sustainable ways brands will overcome challenges posed by data deprecation.

Ultimately, the most effective reliable data is the data that sits inside your business's own walls: data that your company owns. And artificial intelligence backed technologies are now capable of activating data from all over organizations, not just the marketing departments. Data that sits outside of marketing in areas of the business (like customer service, finance, operations etc.) often goes wasted because traditional marketing technologies cannot aggregate and activate it.

Consumers care about trust, and brands should care just as much. Learn more about how to utilize owned data to connect more deeply in a trusted way with your customers in this business brief.

Check out these Pega blog articles for more information about GDPR:

Pega paid media manager

It’s time to own paid channels. Give customers the experiences they deserve and maximize your return on ad spend with first-party data.

Learn more

Own paid channels, own the competition

It’s time to break down siloes and deliver a seamless customer experience across the entire journey.

Learn more

About the Author

Tara DeZao, Pega’s Product Marketing Director for AdTech and MarTech, helps some of the world’s largest brands make better decisions and get work done with real-time AI and intelligent automation.