A full year of GDPR has taken a toll on AI-based marketing, but remnants of unidentified data could be still out there, experts feel

EU’s General Data Protection Regulation (GDPR) came into force on 25 May 2018. The goal of the regulation was to help EU citizens control their personal data, the way it is collected, used and shared. The GDPR’s roll-out alerted the tech companies, data brokers and marketers, who previously had free rein over collected data that they collect.

As modern-day marketing is based on the intersection of data and AI, a year later, significant updates have been made in marketing-oriented tools. Under the GDPR, clarity around consent for data collation and usage has explained globally that a No means a No. clearly consent has become a mandate.

To be able to do trade with EU, globally enterprises needed a major rework on their data applications and policies- clarity was needed on where customer data was stored, and which data reflects personally identifiable information. That included explaining how AI was using their data and provide the right to opt out of AI-driven decision making in favor of human adjudication for “significant” outcomes.

Though the data available now is less, experts suggest that less data only means efficient use of data and that marketers can’t “brute force” the solution, but instead think about the aspects which are essential for the end-goal.

Since GDPR suggested that companies are supposed to limit on how long they hold on to data and also delete on individual requests, the use of AI in this process made it complicated. Experts question that if data is removed upon request since it has already been used to train an AI app, has it truly been deleted?

Since the roll-out of the regulation, over 59,000 data breach notifications have been served, out of which 91 fines were issued. The largest in these was a EU50 million fine against Google.

Marketing automation, PR and lead generation are the areas where marketers have to double-check if they comply with GDPR standards. According to IAPP-EY Annual Governance Report 2018, less than 50% of survey respondents believed that they were ‘fully compliant’ with the GDPR, and one in five admitted that a full GDPR compliance is impossible.

One of the findings of the report also was that acquiring and maintaining business relationships became a key driver of GDPR compliance; B2B-focused businesses are far more likely than B2C and even than blended firms to have full-time privacy professionals working in their privacy programs. The most amount of funding to compliance to GDPR was spent in investing in training and appointment of DPO.

Experts believe that this step back might pave the way for increased data quality and as trust grows back, there again can be free-flow of data throughout the EU and beyond. The GDPR may seem like a burden in its early stages; it will become a sustainable approach as companies build trust, fostering both innovation and accountability.