skip to main content

Infrequently Asked Questions About Data: Privacy and Compliance

  • Jed Mole

    Jed Mole

Created at September 14th, 2017

Infrequently Asked Questions About Data: Privacy and Compliance

When developing your data strategy it’s important to ask the right questions.

Without the right considerations, you won’t know what data you have, what data you can source, what data you can monetise, or how to measure, monitor and attribute across all your channels to form a complete strategy.

Of course, before all this, it’s important to build on a foundation of compliance and security. You need to ask the right questions about data privacy.

So what should you consider?


Initial Data Privacy and Compliance Questions To Consider


“What data privacy regulations, if any, do I need to be aware of?”

The main regulation that you are likely to be aware of is the upcoming EU General Data Protection Regulation (GDPR), which will be enforced from May 2018, and replaces the Data Protection Act 1998.

What is GDPR designed to do?
GDPR is designed to standardise and assimilate data protection regulations across the EU. Of course, while it will bring a good level of clarity and consistency, there will continue to be plenty of differences between countries’ data protection laws.

Who will GDPR affect?
GDPR will affect all those marketing within – and to – EU member states. From a web user’s perspective, GDPR means greater transparency and control; users will be more aware of the personal data they share with companies. From a marketing perspective, marketers won’t be able to use ‘implied consent’ or ‘soft opt-in’ – consent must be explicit. Equally, marketers will no longer be able to rely on warranties and terms in contracts with third-party providers; they’ll have to do their own due diligence.

You can learn more about the upcoming GDPR here.


“What can I do with my data?”

What you can do with your data depends on how it was collected, the type of data it is, and the reason it was collected.

It’s important to remember that you can’t treat all data the same, and equally important to know which of your data is first, second and third-party, as this typically determines the use terms that come with it.

What is first party data?
First-party data is information that your brand has collected itself about your customers and prospects (such as via a web form). A lot of this data will be personally identifiable information (PII).

When collecting first-party data from customers you must be clear about how that information will be used.

What is second-party data?
Second-party data is first-party data from another company, provided directly through a partnership agreement or trusted third party.

When using second-party data, never assume that the other brand’s data terms were the same as your own. Make sure the company you bought the data from was clear on their use terms and intentions when the data was collected.

What is third-party data?
Third-party data is data collected and curated by another company, in order to share it with brands and agencies to expand their databases.

When using third-party data make sure the data provider clarifies what you can/can’t do with its data.


Always Consider Privacy and Compliance In Your Data Strategies

These aren’t the only privacy and compliance considerations you’ll need to make when developing your data strategies; compliance impacts every instance of data collection, use and management.

For example, you should always make sure that any third-party intermediaries you work with, or partners you share data with, are data privacy compliant. This is crucial when monetising your data, sourcing data from a third-party provider, conducting lookalike modelling, or any other data trade.

While the above provides a brief insight into data compliance consideration, there are many other questions you should be asking. You can learn more in our full list of infrequently asked questions about data here.