European data regulations are set to change compliance challenges, but few companies are ready for the shift. A study from Forrester estimates that three months before the European Union’s General Data Protection Regulation (GDPR) that takes effect on May 25, only 33% of North American companies are fully compliant.
They are, however, doing better than their brethren in Europe, where only 26% of European companies are compliant. Latin American and Asia-Pacific companies, at 29% each, also are more fully compliant than European companies at the time of this Forrester study.
The European Union’s GDPR is a global initiative, not just in EMEA, said Tim Mahlman, president of advertising and publisher strategy at Oath. "We have a GDPR team that works with each of the divisions within Oath to make sure we are compliant," he said. "We've looked at this even before the day [Yahoo and AOL] merged."
For Oath, compliance means policies around marketing, search, publishing, and technology.
"What you see happening in EMEA is just the first step that I think you'll see happen in more markets," he said. "Even Japan has taken steps for consumers in EMEA accessing Japanese sites."
Mahlman recently visited London, to underscore the importance of adhering to GDPR before it rolls out in May.
Oath's media team -- which runs the company's owned and operated properties, as well as the platform team, which spearheads the back-end technology -- have their separate communications team in charge of communicating messages to consumers about the rollout.
GDPR states that a consumer's data can only be used when given a company "explicit permission." Companies found to be in violation of GDPR face a fine of $24 million or 4% of annual sales, depending on which figure is higher, according to eMarketer.
The European Union put the GDPR in place to standardize existing laws that call for transparency in how companies collect and store personal data about EU citizens.
In June 2017, Sean Creamer, eMarketer reporter, spoke with Scott Meyer, CEO and co-founder of Evidon, and Todd Ruback -- the compliance services company’s chief privacy officer and vice president of legal -- about what GDPR will mean for marketers from outside the EU.
A study from PricewaterhouseCoopers suggest that 62% of U.S. companies said in 2017 they would spend more than $1 million preparing for GDPR.
During Alphabet's quarterly earnings call, Sundar Pichai, the CEO of Google's parent, told analysts and investors that the company is committed to complying with GDPR across all the services provided in Europe.