The U.S. Data Privacy Report highlights a lack of preparedness among U.S. businesses for GDPR compliance, revealing that many organizations have only taken minimal steps and exhibit uncertainty about the legislation. With upcoming U.S. privacy laws like the CCPA, the report emphasizes the need for companies to engage in comprehensive data protection measures and establish a continuous compliance framework. The document also discusses opportunities for brands to enhance customer trust and optimize data handling through better policies and practices.

1. U.S. Data Privacy Report
Patchy preparation for GDPR shows U.S.
businesses are unprepared for new legislation
In collaboration with

2. US Data Privacy Report2
About the presenters
Jim leads Ebiquity's digital analytics practice in the US helping clients leverage data to
improve marketing decisions and to build strong customer engagement. With over 20
years experience, he specializes in marketing transformation engagements. Prior to
joining Ebiquity he led the Publicis Sapient's Business Consulting practice in Europe
and the Middle East.
Ian Thomas has been actively involved in Digital Analytics since 2000, when he co-founded
one of the UK's first web analytics firms, helping to define the online advertising and web
behavior measurement industry, and pioneering techniques in campaign attribution. From
2006 to 2018 he worked at Microsoft in Seattle, helping the company to understand its
customers and their usage of its products and services through data and analytics.
Jim Mason
Sr Partner, Ebiquity
Ian Thomas
Digital Analytics Association Board Member
Chief Data Officer, Publicis

3. US Data Privacy Report3
About the Digital Analytics Association (DAA)
The DAA is a not-for-profit, volunteer-powered association whose
mission is to make analytics professionals more effective and
valuable through professional development and community. Its
vision is advancing the profession of using data to improve
business.
The DAA was founded as the Web Analytics Association in 2004.
The organization has almost 5,000 members around the world,
representing a broad spectrum of expertise. For more information
about the DAA, or to become a member, visit the DAA website at
www.digitalanalyticsassociation.org

4. US Data Privacy Report4
About Ebiquity
Ebiquity is a leading independent marketing and media
consultancy. Our ambition is to help brands harness the power of
data, analytics, and technology to improve marketing outcomes.
With 18 offices globally, we offer full coverage of the world’s
largest advertising markets. We work with 70 of the world’s top
100 advertisers which provides unrivaled visibility into marketing
and media trends.

5. US Data Privacy Report5
AGENDA
What will we
cover today?
Introduction to the study
The state of GDPR compliance
The opportunity for brands

6. US Data Privacy Report6
Introduction to the study

7. US Data Privacy Report7
Introduction
About the report

8. US Data Privacy Report8
Introduction
Ebiquity and the Digital Analytics
Association (DAA) fielded a survey on GDPR
in late 2018 and early 2019 (closed in
February 2019).
The responses come from DAA members
and Ebiquity clients. Respondents represent
60 different US organizations, ranging in
size from Fortune 50 enterprises to mid-size
companies. Responses were from various
levels within the organization, from CEOs to
Managers. Most responses were from
personnel at the VP/Director level.
The survey

9. US Data Privacy Report9
The State of GDPR Compliance

10. US Data Privacy Report10
The State of GDPR Compliance
Preparation
Not surprisingly, most organizations
surveyed have taken action to support
GDPR compliance.

11. US Data Privacy Report11
The State of GDPR Compliance
Confidence
The story becomes more interesting when
we dig into respondents’ confidence in the
suitability of the actions taken.
The general sentiment is: “I’ve done some
stuff, but I’m not sure I’ve done enough…”

12. US Data Privacy Report12
The State of GDPR Compliance
Some of the hesitancy appears to relate to
uncertainty about the bounds of the legislation.
Brands are waiting on precedent and further
judgments to understand more fully what GDPR
means for them. These penalties will further clarify
the implications of the law for brands.
Uncertainty
Closed
63%
Ongoing
37%
Total
281,088
Complaints
144,376
Data breach
notifications
89,271
Other
47,441
European Data Protection Board
National Cases
Number of cases per type, May 2019
Source: EDPD, “1 Year GDPR – Taking Stock” May 22, 2019

13. US Data Privacy Report13
The State of GDPR Compliance
The lack of confidence also appears to be related to the limited actions
organizations have taken to ensure they are GDPR compliant.
Most companies appear to have done the bare minimum to comply with GDPR. Many
are yet to take comprehensive steps to improve their collection and processing of
customer data. Instead, they have simply been trying to avoid falling foul of the law.
Minimum standards

14. US Data Privacy Report14
The State of GDPR Compliance
Achieving compliance
Just over half of respondents in our survey (53%) currently ask for consent to
track EU visitors. The remaining 47% made a calculated decision that it was
easier to block European traffic, disable tracking, or simply remain non-compliant.

15. US Data Privacy Report15
The State of GDPR Compliance
Work remains
It is clear that many companies have taken only minimal steps to shield
consumer data, and substantial work remains to prepare for forthcoming
US data protection and privacy laws.
The solutions put in place for GDPR compliance are inadequate to protect
consumer data privacy more broadly.

16. US Data Privacy Report16
The State of GDPR Compliance
Verification
Interestingly, even the companies that have taken steps to be compliant still have
more work to do. Less than one-third of organizations surveyed have performed
‘complete verification’ of compliance.

17. US Data Privacy Report17
The State of GDPR Compliance
GDPR fatigue
We’ve seen many organizations with GDPR fatigue.
After a pressured race to meet the deadline, there has been a pause as
organization’s catch their breath. Inertia and complacency have set in, and
organizations are hesitant to do more – after all, few people have really been
penalized yet.
Many companies appear to have considered GDPR compliance to be a one-time
event rather than an ongoing process and “the new normal”.
But the work has just begun and organizations can not stop. Those organizations
that did not leverage GDPR to build solid data privacy programs have considerable
work ahead to prepare for upcoming US legislation.

18. US Data Privacy Report18
U.S. Legislation

19. US Data Privacy Report19
U.S. legislation
Sentiment
Given that US data privacy legislation is
coming soon – with the CCPA already
passed and federal legislation likely – we
wanted to gauge attitudes to this kind of
data protection legislation in the United
States.

20. US Data Privacy Report20
U.S. legislation
CCPA
Based on our experience, it is clear that few
companies understand the true implications
of CCPA and potential federal legislation.

21. US Data Privacy Report21
U.S. legislation
California
California Consumer Privacy Act (CCPA)
Takes effect on January 1, 2020
Applies to almost all large companies.
Consumers have the right to request access to their data
and to request the data be deleted.
Consumers have the right to opt out of the ‘sale’ of their
information to 3rd parties. Note that ‘sale’ has a broad
definition of “monetary or other valuable consideration.”

22. US Data Privacy Report22
U.S. legislation
Nevada
Nevada Senate Bill 220 (SB-220)
Takes effect on October 1, 2019
Narrower in definition than CCPA, but it gives consumers
the right to opt out of the sale of their personal information.

23. US Data Privacy Report23
U.S. legislation
GDPR and similar laws don’t just create a new legal compliance environment for
business that wish to use personal data for marketing or analytics – they create a
new ethical framework for thinking about the collection and use of this data.
The DAA encourages our members, and any organization that is using personal
data, to think about the broader ethical implications of the use of this data, and
the role it plays in their business
As compliance with multiple privacy and data protection laws becomes ever more
complicated, it is the organizations that can demonstrate that they have a good
set of principles for using this data, and not over-using it, that will be looked upon
favorably by regulators and the public at large.
A new ethical framework

24. US Data Privacy Report24
The Opportunity for Brands

25. US Data Privacy Report25
1of
7
Review the customer experience,
understand which touchpoints are
most critical, and consider the
data required to optimize those
touchpoints.

26. US Data Privacy Report26
2of
7
Engage in a dialogue with your
consumers to better understand
the value exchange they are
willing to have with your brand
and the current level of trust in
your handling of their data.

27. US Data Privacy Report27
3of
7
Actively communicate data
privacy policies to consumers
clearly and plain English.

28. US Data Privacy Report28
4of
7
Audit the existing data flow to
confirm how data is captured,
procured, processed, and utilized
within the experience ecosystem.

29. US Data Privacy Report29
5of
7
Appoint a marketing and/or business
lead for data privacy and compliance
activities. This area needs to be more
than just a legal focus.

30. US Data Privacy Report30
6of
7
Establish a sustainable structure for
compliance that leverages leading
data protection software and
automated testing.

31. US Data Privacy Report31
7of
7
Shift to greater use of 1st-party
data for marketing activities.
This change may require further
changes to an organization’s data
architecture as well as how they
capture and connect data sets.

32. US Data Privacy Report32
Download the report
Request a copy of the upcoming report below
www4.ebiquity.com/data-privacy*
*Digital copies of the report will be available on June 18th

33. US Data Privacy Report33
Questions?

34. US Data Privacy Report34
We are a leading independent marketing and
media consultancy. Our focus is on helping
brands make better informed marketing
investment decisions.
The DAA is a not-for-profit, volunteer-powered
association whose mission is to make analytics
professionals more effective and valuable through
professional development and community.
Thank you for your time