With the right data governance framework, media companies can ensure data compliance and leverage their data management processes to drive business success.
When the European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018, it initiated a new era of data regulation by setting cross-industry standards for data transparency, privacy, and consumer control and imposing heavy penalties for compliance failures. Shortly thereafter, California passed the California Consumer Privacy Act (CCPA), authorizing a similar framework for regulating consumer data.
Data privacy regulations will become a fixture across industries in the coming decade, and the full impact of GDPR on the media industry is only now beginning to come into focus. As they begin to build compliance into their data management programs and pursue innovative ways to continue data-driven consumer engagement, media companies are under pressure to adapt quickly to avoid costly penalties and retain their competitive advantages. Forward-thinking leaders recognize that protecting consumers’ privacy is not only a way to stay competitive, but a way to be socially responsible.
Understanding PII and PHI
Tackling data compliance begins with a thorough understanding of the types and categories of regulated data. GDPR and CCPA regulate personally identifiable information (PII), a category that includes any information that could be used to identify an individual, such as data drawn from medical, employment, financial, or biometric records. PII encompasses various types of data, many of which necessitate adherence to unique requirements. For instance, PII partially overlaps with protected health information (PHI), or information related to an individual’s health status. PHI is already regulated by legislation like HIPAA, but is a relatively new concept in the media industry.
Many media companies adopt an omnichannel approach to customer engagement for their clients, and many collect, analyze, and share consumer data across multiple channels. Under GDPR, media companies will need to implement mechanisms for acquiring consumers’ consent for the use of PII and information security programs that protect data privacy and prevent data breaches.
Balancing First-, Second-, and Third-Party Data
To shield themselves against compliance failures, organizations need a balanced data strategy that includes first-party, second-party, and third-party data. GDPR and other similar pieces of legislation place stringent requirements on data sharing between organizations and third-party data providers. Third-party data is ubiquitous but often unreliable, and verifying how it was collected can be costly. As a result, the value of third-party data has decreased.
While some will still use third-party data moving forward, many media companies will need to invest in first- and second-party data to drive reliable — and compliant — results. Opportunities to measure consumer engagement using first- and second-party data continue to expand across multiple channels. Businesses operating in nearly every industry are gathering, synthesizing, and analyzing enormous volumes of data on consumers’ behavior from a range of discrete channels. Media companies use this data to drive audience segmentation and reporting and develop content and advertising strategies. However, advances in analytics have also made compliance a widespread problem, as building an omnichannel view from different sources represents a complex data governance challenge.
To protect PII, media companies must implement consent mechanisms across client websites as well as clear procedures for data storage and deletion. Protecting PII will require investments in technology and a defined data governance strategy that can facilitate the secure and compliant transfer of data across platforms and between providers.
The Stakes of Compliance
For companies across industries, failure to comply with regulatory requirements can significantly impact earnings, as GDPR violations may lead to fines of up to €50 million. From May 2018 to January 2020, the European Union recorded over 160,000 GDPR violations, and levied heavy fines against digital media giants — most notably, Google and Facebook.
Costly penalties aside, for many businesses, the true impact of GDPR noncompliance will come in the form of revenue losses from operational interruptions and reputational damage. For instance, the 2018 Facebook and Cambridge Analytica scandal cast light on the lack of accountability in data usage and sparked widespread demand for greater data transparency and increased government regulation. Data transparency and accountability have become essential to building consumer trust and protecting brand reputation.
As consumers become increasingly aware of their digital presences, media companies are under pressure to protect clients’ reputations and prevent disruptions to operations caused by noncompliance. Fortunately, the same measures that protect data privacy can also drive brand engagement and personalization, creating added value. Companies can demonstrate transparency and improve user experience by providing clear opt-out instructions that prompt consumers to update their marketing preferences. Looking forward, implementing information security initiatives and demonstrating transparency will be a key component of media companies’ value propositions to their clients.
The Benefits of Acting Swiftly and Efficiently
As the data compliance landscape becomes increasingly complex, compliance will become a matter of survival for many media companies. Overhauling data governance can require end-to-end improvements, and data compliance programs often run over-budget unless they are carefully managed. To plan appropriately, media companies will need to leverage technology-neutral resources and implement lean methodologies.
However, effective compliance initiatives also present an opportunity to develop or maintain a competitive advantage. By investing in technologies and processes that facilitate secure data exchanges between first- and second-party providers and strictly managing PII that traverses third-party providers, media companies can drive value for their clients and enhance their industry reputation.
Ultimately, effective compliance programs involve tackling the challenges of protecting PII by building a data governance framework that aligns an organization’s data needs with the right technologies. By assessing the impact of data regulations and investing in the right technologies now, media companies can boost their offerings and enhance their competitiveness in the industry.
