Data privacy: how to make sure your marketing strategy complies with the regulations

In this context, a number of data privacy regulations have been created around the world. Their goal? Ensuring that every user has the right to protect and access their personal data.

This can be a tricky topic for marketers, and even more so for those who navigate different types of data, in different countries.

This article will help you understand the most important data privacy regulations, and how they affect your marketing activities.

What does data privacy mean?

Data privacy: the great principles

Data privacy refers to the set of rules governing the use of users' personal data in the context of a professional activity. 

Each country has its own regulations, which can make it difficult for companies to comply.

However, all these regulations share the same basis, namely: 

• Consent: users must be informed in a very clear manner of how their data may be collected, stored and used, and must give their explicit consent for this data to be collected, stored and used.
• Legal terms: the regulations define the consequences and legal obligations for companies that collect and use this type of data.
• Users' rights: users can access their personal data at any time, and can request to modify, rectify, delete or retrieve them.
• Data security: every company must inform the authorities as soon as possible when a personal data breach has been detected on its side.

What kind of data is implicated?

Any type of personal data is concerned by the rules related to data privacy. Thus, any data allowing to identify directly or indirectly a person enters this regulatory framework.

These personal data can be... 

• Their last name, first name, email address, and phone number
• Any type of demographic data (profession, gender, age...)
• Any type of geolocation 
• Data related to the way a user uses the Internet (IP address, behavioral data...) 
  ‍

Note that even data that has been shared at the user's initiative is affected. The same applies to internal company data (any data related to your company's employees).

Who is concerned by data privacy?

Any company that collects, stores or uses personal data about its users is concerned by data privacy.

In fact, you should know that most regulations are positioned from the user's perspective. This means that they apply to companies that use personal data of users located in the region to which these rules apply.

In other words, even if your company is not located in the region to which the regulation applies, or stores its data in another country, if your users are located in that region, you are also affected.

That's why it's important to be aware of the different regulations and to comply with them.

What are the regulations that supervise data privacy?

Find out here the different regulations you need to know about in terms of personal data protection, in order to put your marketing practices in compliance in an optimal way.

The data protection policies you need to know about

In Europe, it is the GDPR (General Data Protection Regulation) that acts as the regulation. This is a European Union regulation that came into force in 2018, and is enforced by the respective, competent national authorities.

It stipulates that companies must, among other things... 

• Ask users for their explicit consent when they collect their personal data
• Have a register in which they explain how this data is collected, stored and protected at all times
• Allow users to modify, rectify, delete or retrieve their personal data
  ‍

In California, it is the CCPA (California Consumer Privacy Act) that must be enforced. This regulation, which went into effect in 2020, is quite similar to the GDPR, but specifically governs how companies store and share the data of California residents. These users must be informed of how their data is collected and have access to it at any time to request its deletion.

Finally, in Brazil, it is the LGPD (Lei Geral de Proteção de Dados) which came into force in August 2020 that governs the concept of data privacy. This law, also directly inspired by the GDPR, determines how companies collect, process and disclose the personal data of users residing in Brazil.

The regulations concerning data transfer outside of the EU

If your company needs to transfer data outside the EU, it is necessary that you comply with the regulations in force.

In France, for example, the CNIL (Commission Nationale de l'Informatique et des Libertés), in Germany the BFDI (Bundesbeauftragter für den Datenschutz und die Informationsfreiheit) and in the UK the ICO (Information Commissioner's Office) do not need to give their authorization for a data transfers outside the EU since the GDPR came into force if they are based on ...

• Standard contractual clauses ("SCC"), which have been defined by the European Commission
• A code of conduct approved by the EU
• EU-approved internal rules for a particular company
• An EU-approved certification
  ‍

However, be aware that the regulations state that both the company exporting and the company importing personal data must assess how to comply with the specific regulations of the country to which the data is being imported.

Navigating the numerous data privacy regulations that exist globally can be challenging for marketers, as they must ensure compliance while still providing a good user experience and optimizing campaign performance. To achieve this balance, it is crucial to have a strong consent management platform (CMP) in place, as well as advanced tracking across all platforms and monitoring of results through analytics. Let us assist you in selecting, implementing, and optimizing the right CMP, as well as setting up and monitoring advanced tracking, to ensure compliance with data privacy regulations.
Zbynek Zapletal, Director Programmatic & Tech Development DACH & CZ

‍

What are the incoming changes? And how do they affect the market?

As the concept of data privacy continues to be the subject of new laws and regulations, it is crucial that you anticipate upcoming changes in this area.

nLPD: a new law for data privacy in Switzerland

In Switzerland, as of September 1st, 2023, companies will have to comply with the nLPD (New Data Protection Act). This law is also aligned with the GDPR, in order to maintain the free flow of data between the country and the EU, and to ensure the protection of users' rights.

It includes the main ideas of the GDPR:

• Users must be informed about the collection of their personal data (not just sensitive data, as the law mentioned earlier).
• Companies must create a data register.
• They must also promptly inform the Federal Commissioner for Data Protection and Transparency when a security breach is detected.
• The principles of Privacy by Design and Privacy by Default are introduced by the law.

Data transfer between the USA and the EU

In early October 2022, the U.S. president announced that a new regulation will be put in place regarding data transfers between the United States and the European Union, so that this data is as well protected as it is under the GDPR. 

This new regulation replaces the two previous draft frameworks, “Safe Harbor” and “Privacy Shield”, which were invalidated by European justice.

This regulation... 

• Introduces a new Court of Data Protection Review under the responsibility of the US Department of Justice
• Stipulates that the United States limit access to Europeans' data by its authorities to what is "necessary" and "proportionate"
  ‍

Gamned supports you in data privacy matters.

As you can see, global privacy laws undergo continuous developments. Consumers are taking control of their data and demanding more targeted and personalized communications. 

Given the importance of data privacy and consumer consent, it is essential that businesses prioritize these factors in their data collection, storage, and usage practices.

At Gamned, we support our customers on these topics by ensuring that you implement a correct and optimized consent management across all regions, as well as a proper tracking and analytics ecosystem.