Shopping for a GDPR Expert? What to know before you commit

Shopping for a GDPR Expert

As the deadline for the GDPR fast approaches, many companies, publishers, and entrepreneurs are beginning to put final touches on their response to the biggest update to consumer privacy law in decades.

While many businesses are taking the new GDPR seriously,  there’s an ‘elephant in the room’ regarding GDPR compliance that is important to address.  

In the midst of all the changes, many companies are looking for advice. But despite the hundreds of consultants and agencies claiming the contrary, there is no such thing as a GDPR expert, nor is there some mysterious “GDPR certification” that will guarantee compliance for your business.

Given the massive uncertainty publishers, agencies, and advertisers face under GDPR, many consultants and ‘experts’ have rushed to position themselves as an authority. While many of these consultants and thought leaders are well-intentioned, GDPR on top of the ePrivacy Directive are incredibly complex and nuanced pieces of legislation and are very much open to interpretation. This is becoming incredibly evident in the various consent solutions being deployed on websites globally in response to the law. Furthermore, those who boast they have all the answers are portraying an inaccurate view of the GDPR regulations – the truth is, no one knows what’s going to happen with 100 percent certainty.

All in all, it’s essential you’re able to differentiate between fact and fiction. Taking a cautious yet proactive approach to the new regulations will ensure you are in the best situation to adapt and remain flexible enough to change your approach as needed. Let’s explore the situations you may come across when shopping for a GDPR expert, and some helpful tips of what to know.

The Case of Conflicting Expert Opinions

Whether you’re in marketing, sales, or part of your publisher’s legal team, chances are you have come across a few ‘expert’ roundups or interviews where thought leaders in the advertising space share their opinions on GDPR.  

And while many of these thought leaders, agencies, and publishers are well-intentioned, it’s not uncommon to read one thing and hear an entirely different story moments later, which makes it increasingly difficult to ensure your organization is taking the right course of action.

In the case of conflicting information, who should you trust?

The truth of the matter is, no one really knows how GDPR will ultimately play out over time. Therefore, it’s essential to take a long-term approach to continuous tweaking and improvement for your own organization’s response to GDPR. GDPR will likely affect all areas of day-to-day operations, and your framework must be constantly monitored and updated to ensure compliance.

To ensure you are within the GDPR guidelines and avoid hefty fines, it’s important to seek information from a variety of sources and go beyond the surface level. As much as we would love for a simple blog post to be able to tell you everything you need to do, your business must adapt according to its unique and specific situation.

Committing to gathering information from a variety of sources and verifying your findings internally is a great first step to ensure GDPR compliance.

GDPR Experts – do they exist?

As the lead for our GDPR transparency and consent project, I often have the privilege of being invited to speak on podcasts, seminars, and open mic discussions to share Quantcast’s thoughts on GDPR. Quite often, the organizer of the event will introduce me as an expert on GDPR. My response is always “I’m no expert.” GDPR has too many unknowns for experts. And even though my team and I have spent endless hours learning the intricate ins and outs of GDPR over the past year, it would be misleading to suggest we have all the answers. We’re mostly well-informed conjecture specialists.

That isn’t to say you shouldn’t trust anyone, there are of course plenty of reputable organizations and thought leaders who have a strong understanding of GDPR, but it’s important to acknowledge that even the most involved with GDPR have an incomplete picture of its upcoming effects.

To assist in ensuring you are being guided by reputable consultants and organizations, here are a few key tips to guide you through deciding on any consulting relationship.

Dos and Don’ts if shopping for a GDPR Expert

Do

  • Be skeptical of anyone calling themselves a GDPR expert, or saying they have all the answers
  • Avoid companies offering “guaranteed” or “one-stop-shop” compliance (hint: it’s not possible)
  • Look for evidence of helping brands and publishers adapt to previous legal changes
  • Seek those willing to understand and guide you through the challenges your business might be facing
  • For publishers specifically, be wary of solutions that put other organizations between you and your audience, or that limit your choices in how you run your business
  • Look for multiple sources of data and perspective

Don’t

  • Be tempted to pay large sums for ‘too good to be true’ solutions
  • Invest in tools that will require hefty ongoing changes if you’ll have to foot the bill
  • Think you’re in this alone. You’re not!

Of course, this isn’t an exhaustive list, but a great starting point in vetting an organization which is both trustworthy and reputable.

Blindly trusting the advice of an ‘expert’ to make sure you are GDPR compliant could end up being a costly mistake. Leverage the expertise of reputable GDPR counsel of course, but know the work doesn’t stop with them.

Consumer Consent and The Path Forward

So why all the confusion? One of the biggest causes of uncertainty surrounding GDPR regulations is the fact that legislators are surprisingly quiet regarding these new changes taking place. We suspect more guidance will be given once the regulations are official, but the lack of communication has resulted in many organizations presenting their best-educated guess.

Furthermore, the future of GDPR and its long-term effects will be largely determined by how the consumers will react. While tech and big business have been investing time and energy learning about these new regulations, the consumers that will ultimately be affected are likely less aware of GDPR’s complexities and how it can impact their online experience.

For instance, how will consumers respond to these effects taking place? How will they respond to GDPR consent solutions? Do they understand the updated rules on “consumer consent?” Do consumers know the difference between walled gardens vs. tech and publishers?

This change to consumer protection law will continue to affect the way we do business for many months and years to come. And while no one has all the answers, one thing is certain; our work is just getting started.

As an active participant in solving for GDPR, Quantcast hosts a library of resources in our online Knowledge Center. Continue to check in for updates and materials as GDPR developments occur.