Perhaps the most confounding part of a global data-based marketing campaign isn't the technology, analysis, or even cultural differences. It's the complex array of rules on consumer data privacy throughout the world — an array of regulations that vary from country to country and region to region. And it's a particular headache now, thanks to looming changes in privacy law in the EU known as the General Data Protection Regulation (GDPR).

Passed in 2016 by the European Parliament and slated to take effect in May 2018, the GDPR is an 88-page data privacy law that will replace the Data Protection Directive previously adopted in 1995, which had established a set framework for individual laws that were then enacted by each member country. "The GDPR weaves the 28 different laws into one," says Simon Morrissey, partner and head of data and privacy at Lewis Silkin, a London-based law firm. For marketers, the most relevant aspect is how the law addresses the collection and protection of consumer data, from personally identifiable information inputted by customers to similar data inferred about them through the use of data profiling techniques.