General enquiries :
+44 (0)20 7602 6000

GDPR: The future of third party data

Thursday 20 December 2018 Data Insight & AnalyticsDemographic DataGDPR

Paul Winters's picture
By Paul Winters

Third party data has always been an essential element of data driven marketing. So how will GDPR affect the availability and use of this important source of intelligence about UK consumers?

First, some definitions. First party data is data you collect yourself about your customers; you are the data controller in GDPR terms and have a direct relationship with the data subject. Third party data is data you acquire about consumers from a third party; you are still the data controller of this third party data once you have acquired it, but it is not data you have obtained directly from the consumer through a direct relationship with them.

What kind of data are we talking about? It could be data that identifies a person, such as their name and address, email address, telephone number and online identifiers, such as cookies, IP address or mobile device ID. Or it could be attributes of people, such as age, gender, hobbies and interests, purchasing behaviour and so on.  

Third party data can originate from a variety of sources, including public registers such as the Edited Electoral Register, commercial sources such as magazine subscription lists and by collecting direct from consumers (“prospect files”, “lifestyle surveys”, etc). A range of marketing services organisations, including CACI, make this data available to brands in various combinations.

So, what about GDPR? Well, there is nothing in GDPR that prohibits the use of third party data for marketing. It just needs to be used in accordance with data protection principles. That means that data subjects have a right to know what is happening to their personal data and brands must be transparent and accountable to consumers in how they use personal data.

Helpfully, the UK Direct Marketing Association (DMA) has recently published some advice on the use of third party data for marketing. The DMA invited most of the leading suppliers of third party data, including CACI, to come together and debate the issues around the use of third party data for marketing under GDPR. The group has now produced some guidance that has been published by the DMA. If you're a member of the DMA, you can login and read the full report

The report summarises the benefits to brands, the economy and to consumers of the use of third party data. It goes on to look at three principle uses of third party data:

  • Linkage, where third party data is used to link together disparate data sets and provide a more coherent or consistent view of a customer’s relationship with a brand;
  • Analytics, where third party data can be added to a customer file and used to provide additional insight and intelligence;
  • Contact, where contact details of consumers can be obtained from third parties for customer recruitment.

For each of these three areas, the report gives several examples or “use cases” of how third party data is used to benefit brands and consumers. For each use case, the possible legal grounds for processing the data under GDPR are also suggested. In most cases, this will either be consent or legitimate interest.

In summary, third party data will continue to play a significant role in helping brands understand and communicate effectively with existing and potential customers. Just make sure you are open and transparent with consumers when you use it.


If you have any further questions relating to GDPR or third party data, get in touch.

Read our blog to learn more on the use of third party data after GDPR.

GDPR: The future of third party data


Add new comment