GDPR Launch: Will Consumer Say “Yes” to Access?

person Ron Trenka

CIO and Founder — Ai Media Group

Ideally, greater transparency around data will result in more effective marketing, thanks to increased trust.

Digital marketers have been bracing for the new EU General Data Protection Regulations (GDPR) for so long (since at least 2013), that it’s hard to believe that, as of May 25, 2018, the new rules are actually in effect.

We’d say “buckle up, it’s going to be a bumpy ride”—but we know that as a digital marketer, you’re likely already riding this rocket:

  • Your legal team has crafted new fine print regarding user consent for personal data (and if your team hasn’t done that, please stop reading this and get them started immediately).
  • You realize that GDPR applies to any business, no matter its size or where it’s based, if it sells goods or services to, or tracks the behavior of, EU data residents.
  • You know that heavy fines for data breaches can be assessed (potentially up to $24 million or 4% of a company’s global annual turnover for the previous year).

GDPR is, of course, an enormously long and complex set of regulations. For more information on its contours, see (International Association of Privacy Professionals) and

At this stage, as marketers and their legal teams get themselves up to speed on GDPR’s intricacies, we are hearing lots of discussion about two points.

Limited Access

Of course, top of mind for digital marketers is the question of what GDPR will do to the reach of their campaigns. Under the new regulations, users must explicitly consent to have their data shared in specific ways—and opt-in is compulsory (no more “implied consent” or “soft opt-ins”). For many marketers, of course, this is already a best practice, one that helps build trust with customers and prospects.

But how will consumers react when active opt-ins become universal? Recent survey results are conflicting—and a lot depends on how the question is asked—but there are indications that the consenting audience will be limited. Only 21% of users can be expected to say yes to a dialogue that asks whether their browsing habits could be shared with a brand and its analytics partners, according to one survey. And a July 2017 survey of 11,000 EU online users found that fewer than 20% would be happy for their data to be shared with third parties for advertising purposes.

On the other hand, research also shows that many consumers appreciate digital marketing that’s targeted to their interests—which is of course possible only when advertisers have information about their online behavior. Ideally, greater transparency around data will result in more effective marketing, thanks to increased trust between marketers and individuals.

Return to Vendor?

Another hot topic among marketers is the question of third-party data, in which U.S. advertisers invested more than $10 billion in 2017. That data has often been collected without people’s permission, as was recently brought to the public consciousness by the Cambridge Analytica/Facebook scandal.

Now, in order to comply with GDPR, third-party data processors can use people’s PII (personally identifiable information) only with their consent. Further, it is incumbent on marketers to assess and monitor all third-party vendors to be sure they are compliant.

The issue is, to say the least, complex. Let’s say you run an ad for on a national news site that has, correctly, asked each individual visitor for consent regarding whether and how their data can be used. Now the news site must not only abide by the user’s wishes, but also forward information about those preferences to you, so that you too can be in compliance. Each of the 30 or so vendors or trackers on’s site must be informed and do the same.

In short, to comply with GDPR, you are responsible for seeing that every third party you work with, and each of its downstream users, is in compliance. (The same holds true for any Google product you may be working with.) At Ai Media Group, we are proud to say we’re fully in compliance with GDPR. It’s an assurance you should receive from all of your vendors.

As the GDPR journey unfolds, it will test the mettle not only of marketers, but of risk managers, IT security staffs and data managers. With perseverance, the end result should be reputation enhancement, more streamlined data management, a reduction of risk — and better marketing.

Until that day comes, be sure your engines are running. The GDPR countdown is over — and we have liftoff.

Ron Trenka is CIO and cofounder of Ai Media Group, a New York City-based media company that specializes in defining, managing and executing online marketing strategies.

Amid ongoing concerns about the Coronavirus (COVID-19), Ai Media Group is closely monitoring the latest reports from the CDC and is taking a number of precautionary measures for the health and safety of our clients and colleagues. For the latest information on the virus and preventative measures, please visit the CDC website at