Is the EU GDPR the Y2K of Digital Marketing? – posted by Gigya

Remember the great Y2K scare of the late 1990s? Civilisation was supposedly going to grind to a halt at 12:01 a.m. on January 1, 2000, as computers programmed to only recognise two-digit year values reset themselves to 1900 and crashed. Otherwise rational people were hoarding freeze-dried food and making plans to hide in the woods on New Year’s Eve 1999.

The European Union’s General Data Protection Regulation (EU GDPR), due to take full effect in May 2018, could be the digital marketing equivalent of Y2K – in a good way.

The EU GDPR applies to all companies that do business in Europe so, in affect, virtually all large enterprises worldwide. There are extensive new rights for consumers regarding data protection and an individual’s right to control how their personal data is used. (Note that, in the European context, personal data goes beyond what you might understand to be personally identifiable information) And there are serious penalties for non-compliance, with fines topping millions of dollars for large enterprise offenders.

To help understand how the EU GDPR affects your digital marketing strategy and where Customer Identity and Access Management (CIAM) can play a role in achieving compliance, Gigya recently commissioned an in-depth white paper from KuppingerCole, a global research firm specialising in information security and identity and access management. The white paper, “GDPR and Implications for Consumer Identity Management,” is available now at

In the white paper, KuppingerCole Analyst Dr. Karsten Kinast writes, “The days of (organisations) creating independent solutions that manage their own identities, implement their own approach to customer journeys, and exist in isolation from other systems are long past. Customer identities are too important for businesses in the Digital Age, and from a regulatory viewpoint — in the light of the upcoming EU GDPR – the need for a unified, standardised Customer Identity Management infrastructure is no longer just an optional and attractive approach, but a necessary one.”

In short, Kinast declares, “Rely on platforms, not coding.”

So what does this have to do with Y2K? The disasters predicted in the late 1990s never happened, but not because the fear was unjustified. Rather, organisations around the world responded before the year 2000 with massive IT upgrades to root out Y2K bugs.

All this effort had an unintended and quite positive consequence. The investment in new infrastructure and business processes to prevent Y2K failures unleashed a productivity surge that was a foundation for economic gains in the 2000s.

The EU GDPR offers the same potential benefit. Organisations will be forced to move away from do-it-yourself CIAM solutions, as well as employee-facing Identity and Access Management platforms unsuited for tracking personal data. By adopting purpose-built CIAM platforms, these organisations will have new opportunities to build trusted relationships that turn unknown online visitors into known customers – deepening and extending the impact of their marketing and sales programs.

I look forward to participating in the global discussion on the EU GDPR’s impact. I encourage you to read the KuppingerCole white paper and to join a webinar on November 10 that Gigya is hosting with Dr. Karsten Kinast, an expert in European data privacy laws and co-author of the white paper.