If your target audience is based in Europe, then it’s very likely that you’ve already heard about General Data Protection Regulation or GDPR. This is a new piece of legislation. It was created by the European Union in attempts to make it easier for EU country residents to protect their personal information online. Its rules officially went into effect on April 27, 2016. And by May 25, 2018, its rules will apply to all of the EU.

What makes this change so significant is how much of an impact it will have. In fact, this new piece of legislation is being referred to as one of the most important developments in data privacy regulations within the last two decades. While many Singapore business owners understand how these laws will affect Facebook SEM advertising efforts, not many are caught up on what effects it will have on Adwords. Let’s take a moment to discuss this topic.

The General Idea

As it stands, a user can search online without having to divulge any of their personal information. No matter what type of content you are looking for, you never have to leave any identifying clues to exactly who you are. That is, if you are not using any type of conversion or remarketing tracking. And this is chiefly because Google has all of the control in this case. They handle all of the user’s personal data and there are no other parties used to process this data.

If you are a big brand like Coca-Cola, then this is perfectly fine. This is especially the case if the only metric that matters to you is your impressions. However, if you own a small business, then you are definitely at a disadvantage because based on this metric, you know little to nothing about your target audience. For you, the clicks are just clicks which don’t teach you anything or help you to create your audience.

Remarketing, Cookies, and RLSA

If you are someone who uses Tag Manager, Google Analytics, or the AdWords Remarketing code on your website in order to build your bottom-of-the-funnel audiences, then things are about to change drastically for you. Under the new legislation, advertisers who use Adwords will be expected to obtain consent for the use of cookies where it is legally required as well as for the sharing, collection, and use of personal data for personalised ads for EEA users. This rule applies to conversion and remarketing tags.

It’s also stated that advertisers will be expected to clearly identify each party that could possibly receive, collect, receives, or use the end users’ information. What this inevitably means if you are a business owner who uses a Google product in order to track the on-site action of your prospects so that you can serve personalised ads anywhere down the line,  then you must first ask for the user’s permission to do this.

The Two Exceptions

This isn’t to say that this new legislation does not make room for exceptions. In fact, there are two: the first is customer Match and the second is uploaded Store Sales data. Google acts as both the processor and controller of the personal data, so they will be able to determine the purpose of this data while also processing all of the data that you control.

More specifically, under the new GDPR legislation, whenever Google handles end users’ personal data, the business owner and Google will both act as independent controllers except for the Store sales (direct upload) and Customer Match features. In these cases, Google will act as the business owner’s processor for the personal data that has been provided by the user. This means that you will be entirely responsible for ensuring that all of the data Google is processing complies with the new legislation.

Customer Match gives you the ability to upload a CSV file that is full of customer data so that you can better target certain groups within AdWords. This information usually includes private details such as the individual’s name, email, phone number, and zip code. So under the new legislation, you would need to be able to prove that you got opt-in consent from each of the individuals within your database. If you fail to do so, then Google will not be liable in any way.

Store Sales gives you the ability to import all of your offline transaction data to AdWords. Once this happens, Google then matches the transactions data with the information of the AdWords user in order to create a powerful audience for the purpose of upselling, optimisation, and cross-selling. Just as is the case with Custom Audiences, under the new GDPR legislation, you need to make sure that you get the opt-in consent of all individuals that are included in the database. This is because you have access to their financial information which is identifying.

Most advertisers aren’t using these particular tools. However, those who are, need to make sure that they can prove that the information they have was obtained by consent. Google is only the processor. The business owner will bare all of the liability.

What’s Next?

When it comes to data protection, this new piece of legislation is set to become one of the most ambitious and far-reaching consumer protection programs ever developed. There is no doubt that this implementation will lead to hardship for certain businesses such as those that provide their customers with “big data” products. However, what all Singapore business owners should keep in mind is that this new legislation has been developed as a means to protect the users’ rights in an era in which most aspects of our lives are being stored online. This makes most modern consumers extremely vulnerable, exposed, and primed for exploitation.

The Takeaway

This is a new era in search engine marketing. It’s no longer acceptable to simply collect users’ information and store it for future advertising purposes. According to the new GDPR legislation, you will be expected to ask for permission to store the information. Not only that, but you will be expected to let users’ know how else could possibly collect their information.

Business owners are expected to understand that Google only acts as a middleman in this process. Their products will help you to collect and store the information, but ultimately getting permission is the responsibility of the business owner. If you have not started making your preparations and changes to your digital marketing strategy, then it’s a good time to start right now as the regulations are just around the corner. Take a look at your AdWords account and landing pages for any possible impending changes.