• Richard Watts

GDPR: How does it impact the Performance Marketing industry & what are SwapUp doing about it?

Updated: Jun 20, 2018

Unless you've spent the last year out at sea, it would be almost inconceivable that you won't by now have come across the acronym GDPR, or to give it its full name: The General Data Protection Regulation.


At SwapUp, we consider GDPR to be a positive step towards empowering individuals to have control over how businesses can process their data. Read on to find out more about what GDPR is, how it will impact the performance marketing industry and what SwapUp are doing about it...



What is GDPR?


GDPR comes into full effect on 25th May 2018. The new European legal framework dictates how personal data is regulated in the EU, replacing existing legislation which is no longer considered fit for purpose. This is largely due to an unprecedented increase over the last couple of decades in the volume of personal data processed by companies all over the world.


The ethos behind GDPR is to give individuals, with regards to their data, the right to:


  1. Be informed

  2. Access

  3. Rectification

  4. Erasure

  5. Restrict processing

  6. Data portability

  7. Object


GDPR will apply to every business that processes the data of EU citizens, regardless of where in the world that business is based. Those who fail to comply will be subject to fines of up to €20m or 4% of company turnover, whichever is higher.


ePrivacy Regulation


Initially the EU parliament had also intended the ePrivacy Regulation - further legislation that specifically governs the use of electronic personal data - to come into effect at the same time, however this has now been delayed. When it does arrive, it is likely that the ePrivacy Regulation will be more stringent with respect to how businesses are able to process and share data that has been obtained online.


What types of data are covered by GDPR?


As expected, personal information including Name, Phone Number & Email Address is covered under the new framework, alongside sensitive data including Health, Genetic Data and Racial Identity.


However GDPR extends beyond this and also includes Non-PII (Non Personally Identifiable Information). This means that IP addresses, Cookie IDs and Device IDs - tools that marketers and businesses rely on to track users around the internet - are all now governed by the new framework.


Under what legal conditions can businesses still use this data?


The GDPR framework sets out a number of conditions under which businesses can now process personal data. The three conditions most commonly used in the digital space are:


  1. By obtaining consent

  2. Through legitimate interest

  3. Under contract



What does this mean for the Performance Marketing industry?


As an industry which is heavily reliant on using personal data to understand consumer behaviours and target accordingly, the potential impact that GDPR could have on conventional performance marketing practices is huge. Many of the large networks are doing their best to reassure clients that it’s business as usual, though the advent of 25th May has undoubtedly caused some concern.


A large proportion of companies are taking the legal position that they have a legitimate interest in processing personal data, provided that they also put in place safeguards for privacy. Currently it is unclear as to whether this approach will stand up to scrutiny by the ICO (Information Commissioner’s Office) in the UK, or relevant supervisory authorities elsewhere in Europe, especially when considering that ePrivacy Regulation is just around the corner.


What are SwapUp doing about GDPR?


At SwapUp, we consider taking the legal basis of legitimate interest to be light touch - especially when bearing in mind the penalties for getting it wrong.


Thankfully our unique model has been designed with the consumer at the heart of the process, and we have built in tools to obtain consent from individuals at the outset of the user journey. Our initial research suggests that in the UK, as many as 95% of consumers will consent to allowing their data to be processed by SwapUp, while the figure is slightly lower in other parts of Europe.


As a young and innovative company we are fortunate to be in a position where we can put consumer privacy and GDPR compliance first, at every stage in our development roadmap, rather than retrofitting older products around new legislation.


No partner using SwapUp - whether it’s a business paying an individual through our platform, or an advertiser targeting consumers - should fall afoul of GDPR.


If you’d like to find out more about how SwapUp can help you grow your business while ensuring compliance with GDPR, then please don’t hesitate to get in touch - we’d be happy to answer any questions.


Retailers - click here

Businesses - click here


You may also find the following resources concerning GDPR useful:


ICO: Getting Ready for the GDPR Resources

IAB: The Advertising Industry's Transparency & Consent Framework

EU GDPR Portal

Get In Touch

© SwapUp 2018. All rights reserved.

  • LinkedIn Social Icon