Brands lost the lawful use of masses of consumer data profiles thanks to the General Data Protection Regulation (GDPR) – and rightly so. Much data was neither collected nor processed in compliance with the GDPR derogations of consent, legitimate interest, and the necessities of public interest and the law.

In addition, either by following poor legal advice or an extremely strange social contagion, many companies implemented a totally unnecessary re-consenting procedure which lost them even more data which they were storing and processing quite legitimately. It was also the most valuable type of data: groundtruth, deterministic, often personal data including consumers’ age, gender, location, interests, characteristics and behaviours. Granted, ensuring informed consent from the owner of every single data profile – whether consumer or business – is best practice, and shows an attempt to achieve unequivocal and clear cut compliance with data law.

However, often the data subjects targeted with re-consenting campaigns had already given their informed consent. Brands lost that consent when they asked consumers to re-opt-in or be deleted from their systems. And they then lost the data they were relying on to deliver the most relevant and targeted ad and content campaigns.