Six months remain until the General Data Protection Regulation (GDPR) comes into force, transforming the way organisations collect, store, and process the personal data of individuals in the European Union, forever. Hefty fines and repercussions await those failing to comply; but what opportunities will the new regulations bring?

To find out, GingerMay PR brought together senior professionals across the media and advertising technology industries. Hosted by founder Victoria Usher, guests at the roundtable included Public Policy Consultant Nick Stringer; Richard Reeves of the AOP; Jon Mew of the IAB; Steve Chester of ISBA; Tanya Joseph of ISBA; Alex Timbs of Oath; Tobin Ireland of Smartpipe; Chris Bennett of Pixability; James Shoreland of Initiative; Adam Graham of The Marketing Group; and Keith Goldthorpe of Immediate Media.

Policy expert Nick Stringer kicked off discussions with an overview of the GDPR. The new law, he explained, must not be misinterpreted as a replacement of the ePrivacy Directive (aka ‘Cookie Law’). Uninformed businesses perceive the GDPR as a variation of existing legislation, but – while the GDPR builds on existing EU data protection law – it brings all data used in digital advertising within its scope. Therefore, it should not be approached in a blasé fashion. Why? Because the GDPR applies equally across EU markets, will have a global impact, and failure to comply with it carries a maximum penalty fine of up to €20m (£17.88m) or 4% of total global revenue of the preceding year, whichever is greater.

Legal ramifications aside, how are media and advertising companies interpreting the GDPR? According to Jon Mew, CEO at the Internet Advertising Bureau (IAB), advertisers are concerned but optimistic. The regulation will shakeup the digital advertising industry significantly, which relies on data to serve relevant ads to the most appropriate consumers. However, it also presents a necessary opportunity for advertisers to build more transparent relationships with consumers and benefit the digital ecosystem in the long run.

Tanya Joseph and Steve Chester from ISBA were concerned that many consumers do not realise that advertising funds many of the ‘free’ online services and content platforms they enjoy. The key opportunity of the GDPR lies in facilitating a value exchange between consumers and brands to create a basic transaction where consumers understand that they are trading their personal data for better experiences. Keith Goldthorpe, head of information management at Immediate Media, felt that consumer education on data is currently dependent on location and was hopeful that the GDPR will address this. Consumers in Germany, for example, are much more knowledgeable about their personal data than consumers in the UK and the US.

The opportunity to develop trust with consumers was at the heart of the roundtable discussion. For Adam Graham, CEO at The Marketing Group, the ad tech industry has been sophisticated, but clumsy with data practices, for too long. Chris Bennett, managing director Europe at Pixability, said clamping down on the use of data in the advertising industry is akin to parenting; there comes a point when you need to set clear boundaries and enforce rules before things spiral out of control. For the publishing industry in particular, the GDPR has the potential to reverse the negative impact seen by growing practices like ad blocking, which spawned from a lack of openness and education.

Tobin Ireland, co-founder and CEO of Smartpipe, hopes that the GDPR will force the advertising industry to accept that current data practices must change. Too many companies are spending time with lawyers discussing the impending regulations when they should be taking action to rebuild their products in a privacy-compliant way. US companies, in particular, appear to lack understanding that the regulations will affect any business dealing with data from European citizens.

Jon Mew believed that users would be happy to share their personal data with advertisers if they understood what they were receiving in return. Problems arise, according to Jon, when data is extracted from consumers without their knowledge or without communicating why. Richard Reeves, managing director at the Association for Online Publishing (AOP), cited Netflix and Amazon Prime as key examples of users being willing to pay for content if they can put a value on what’s being given to them.

James Shoreland, chief client officer UK & EMEA at Initiative and board member at IAA UK, felt the industry hasn’t done enough to make the value exchange clear to consumers since the introduction of TV advertising. The commercial break is a historic example of an easy-to-understand value exchange between consumers and brands, and this simplicity seems to have been lost amid the complexity of emerging technology and the digital age.

Alex Timbs, international head of data and attribution at Oath, envisioned a future where consumers have unrestricted access to their personal data and the power to easily remove the information businesses hold about them. Alex believes that the GDPR will force businesses to provide consumers with transparency on how their data is being used and collected. For Steve Chester, it is also important that the industry better communicates to consumers how their personal data is being stored and protected. No one is ‘unhackable’ in today’s world, and all businesses have a social responsibility to treat consumer data like it’s their own.

While it remains clear that the GDPR provokes a range of reactions across the media and advertising industries, the key takeaway from the roundtable was that businesses of all sizes and sectors have a collective responsibility to manage consumer data ethically, consensually, and transparently.