The seemingly endless string of data breaches at tech companies and retailers has prompted new regulations like the General Data Protection Regulation (GDPR) in Europe and the forthcoming California Consumer Privacy Act (CCPA) in the US, placing a spotlight on brands’ data practices.

Beyond that, brands now have to navigate a fine line between consumers’ increasing concerns about privacy and personal data usage and consumers’ increasing demands for personalized marketing messages. For example, 50% of UK and US consumers are generally not willing to give up their personal data, but 47% also believe it’s “helpful” to receive recommendations based on browsing history, according to a July 2018 Gartner survey.

This requires brands to execute a complex balancing act: collecting only necessary information and communicating how data usage adds value to the customer experience, while deploying personalization built on that data. Moreover, Western governments’ shift from permitting self-regulation of digital practices to actively policing them to protect consumers’ rights and data has further reduced the margin for error. For example, brands operating within the European Union under the GDPR standard, which took effect on May 25, can no longer collect data traceable to a specific individual without explicit consumer consent.

Brands around the world cannot afford to apply yesterday’s models. Instead they must take a proactive stance, using European standards as a guide. For example, while a majority of Europe-based brands analyzed year over year now provide notices about cookies on their sites, only 11% of brands based in North America do so. In Europe, 88% now also provide a link to the privacy statement during account sign-up, compared to 71% of brands in North America.

Daily Insights in Your Inbox