The General Data Protection Regulation of 2018 threw many digital businesses through a loop. With tighter restrictions on data privacy, many online business owners feared they would experience decreases in effective consumer outreach, digital marketing, advertising, and market research.

While methods for capturing data on target audiences have become more stringent because of GDPR, it has also encouraged advertisers and publishers to comply with the intent of producing a boost in transparency and consent.

In this post, let’s look at what a year of GDPR has taught us about data security.

1. Compliance doesn’t always mean security

It goes without saying that if a business violates GDPR compliance, it’s possible data is not secure, according to GDPR rules. However, it’s also possible for a business to meet all of the checkmarks of GDPR compliance, and still have security issues. Why? Because, according to Forbes, data protection in the GDPR regulation is not inherently a security term.

GDPR requires businesses to comply with rules that protects the rights of individuals in regards to personal data, but doesn’t necessarily require businesses to secure that data.

Sounds confusing, but it’s an important distinction to understand. Businesses looking to ensure security should also:

  • Remember compliance doesn’t automatically equal security.
  • Understand the ins and outs of who is controlling your consumer data.
  • Only work with service providers that commit to GDPR compliance rules and offer full transparency into how data is collected and stored.
  • Review both your privacy and security policies.

Businesses that seek for GDPR compliance and data security will be more equipped to handle consumer data and any potential breaches.

2. GDPR is leading to more second-party data deals

With GDPR, this last year has seen a bump in contextual targeting, programmatic deals, and second-party data partnership deals, according to Digiday.

With new regulations, advertisers are steering away from third party data deals and looking to negotiate more effective second-party data deals. Advertisers want better ways to combine their customer data with publisher’s data to reach their known customers and find more potential customers. Not to mention, they want to do it in a way that keeps their organization GDPR compliant.

The closer organizations can keep the data they use for outreach to the original capturer, the more they can ensure the data is good, accurate, and collected with permission and in ways that comply with GDPR.

In the future, we can expect to see this trend continue.

3. Increased focus on consent with first party data

Not only are advertisers and marketers looking to broker better data deals, but they are also tightening the ropes on how they collect data. In other words, marketers are putting smart practices in place that ensure consumers know they are sharing data, are okay with sharing data, and want to receive messages from a particular organization.


This includes notifying website visitors they use cookies to collect data, using a double opt-in feature for email marketing, and updating privacy policies.

Wrap Up

While it’s important to note that GDPR doesn’t automatically mean security, GDPR has bolstered organizations look into making their data collection processes more secure. The added benefit is consumers know they have rights and you know they are okay with you collecting data—data that will be useful in your research and marketing efforts.