I work in a creative agency, do I need to be worried about GDPR?

In our GDPR Q&A series we get answers from experts to your burning questions about data regulations and compliance.

I work in a creative agency, do I need to be worried about GDPR?

Do creative agency staff need to be worried about General Data Protection Regulation?

Maybe not worried. But definitely aware – at the very least in the context of what the impact will be on marketing activity. That’s because you are usually the ones coming up with the ideas, the strategy, and creating the physical manifestation of where a customer/prospect experiences the brand.

And it’s at the point at which the brand touches the individual that the driver behind GDPR legislation is most visible.

What do I mean?

GDPR is in place to keep us marketers honest about how we use the personal data that customers make available to us. This isn’t new news, the Data Protection Act has been telling us to do that for ages. GDPR just makes it a bit more explicit.

But as creative agencies have become more aware that data is a core part of their creative offering, and not a side order from the data department, their imaginations about the ways to use it has grown accordingly.

As someone who’s grown up in data businesses that can, on occasion, be very rules driven and structured about what’s physically possible in their thinking, this new approach of imagine the unimaginable for data use is incredibly valuable.

For example, using AI to discover cures for cancer (IBM Watson), using location to get a cab to you quickly (Uber), pre-ordering products for your fridge (Samsung), storing your medical data in the event it is needed in an emergency (Mexican Red cross) – all amazing, functional value adding uses of data. Who would argue with that?

Unless we go too far...

Brands using your cab journeys to create a history of your most visited restaurants, and using that to sell to advertisers as a side-line revenue stream. Or providing your household product use to health product providers, without telling you, so they can give healthcare advice. Or using that medical data provided to sell on to a health insurer for them to target you with medical insurance products.

They might be clever ideas but they discount the fundamental GDPR principles of only using data for that which it was provided, ensuring the right permissions have been sought to use it, and where data is being combined with other information, or being used for something new, brands need to be up front about it.

Long-term users of data are familiar with those aspects, but as the volume and breadth of data has grown, the speed at which it can be accessed has increased, and therefore the creativity of its use has expanded there are more and more people coming up with ideas with less and less awareness of the basic legal principles of appropriate data use.

Just don’t forget there’s a human at the receiving end of your campaign

GDPR is there to keep us in check about whether our creative thinking actually pushes a privacy, appropriate-ness, or just plain creepy, boundary.

And the ones coming up with the most creative uses tend to be you, in your creative agency. Thank you, we need you. Just keep it appropriate.

Sue MacLure is head of data at Psona.


Wondering how, or even if, you need to worry about GDPR compliance? Watch out for our series of GDPR Q&A pieces. Got a burning question you'd like answered? Send it to emily.tan@haymarket.com

Topics