zero party data and gdpr

Zero-Party Data and GDPR Raise the Stakes for Personalized Customer Experiences

Data privacy regulations have gained momentum in recent years as customers demand more transparency around how brands use their data. With the passing of the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) many marketers fear that they won’t be able to access personalized customer insights without violating privacy rights. However, privacy laws can benefit both businesses and consumers by allowing consumers to play an active, upfront role in their own data-driven experiences. These new standards may lead brands to consider how they can become less reliant on third-party data brokerage strategies and better leverage their owned first-party and declared data in their personalization efforts.  

First-party data is gathered by tracking and observing user behavior on a website and interpreted by marketers to build out segmentation and targeting efforts. Declared first-party data (deemed zero-party data by Forrester in its Predictions 2019: B2C Marketing Report) grants consumers even more control over how their data is shared with brands. Zero-party data is the information that is purposely given to a brand during an interaction, such as filling out a gated content form, participating in a questionnaire or even conversing with a chatbot. 

Laws like GDPR and CCPA focus on giving consumers ownership of their data by allowing them to access and delete their records if they do not believe a company should have the information. Brands now must treat consumer data more responsibly, recognizing that users have a choice in what they share. Today, customers expect brands to fulfill a certain “contract” by providing direct value, not frustrating spam. While some may fear that this legislation will slow personalization attempts, it actually provides greater opportunity for brands to prove their trustworthiness by offering better experiences to customers who want them. GDPR provides a mechanism for giving choice to people – and those who opt into personalization will be those who are highly engaged. Violating that trust with irrelevant or impersonal content will damage your brand reputation with your highest value audience.


Marketers should see GDPR and other regulations as an opportunity, not a limitation. They mark the starting point for brands to gain more control over their own data. When companies shift their approach to data to focus on first- and zero-party acquisition strategies, they raise the stakes around the quality and personalization of the experiences they’re providing. If they fail to deliver relevant, positive interactions for consumers, they risk having that data revoked and losing that customer relationship. Integrating first-party and zero-party data into a customer data platform (CDP) empowers marketers to build out robust, individual customer profiles of their most eager to engage customers. With this solid foundation of trust in place, brands can better orchestrate their interactions and activate this data across future channels and touchpoints, better ensuring that their messages are both welcome and thoughtful.

Omer Artun

Chief Science Officer Acquia

ÖMER ARTUN, PHD is Chief Science Officer at Acquia.  He was formerly the founder and CEO of AgilOne. He aims to help marketers understand and predict customer behavior and make marketing personal again. He previously held executive roles in marketing at Best Buy, CDW and was a consultant with McKinsey & Company. He holds a PhD in Physics and Computational Neuroscience from Brown University.