The latest Partisan Deep Dive examined how the new GDPR 2024/900 regulation will change the foundations of political data work in Europe. Featuring Florent Barré (Qomon) and moderated by Josef Lentsch (Partisan), the session explored what the regulation means for campaign professionals managing data-driven outreach and analytics in an increasingly regulated environment.

From compliance to strategy

GDPR 2024/900, which comes into force in October 2025, is more than a legal update — it is a structural shift in how political organisations can collect, process, and activate data. As Florent Barré explained, the new rules demand a higher standard of transparency and accountability. Every piece of campaign data must have a clear, documented purpose, and consent can no longer be treated as a formality.

For campaigners, this means compliance isn’t a back-office task. It shapes the very design of data strategy, from how voter files are structured to how audiences are segmented and targeted.

Redefining voter profiling

One of the sharpest changes lies in the treatment of behavioural and inferred data. Under GDPR 2024/900, these forms of profiling are now classified as high-risk, forcing political actors to justify their use on the basis of necessity and proportionality. Barré noted that this shift could steer campaigns away from opaque microtargeting towards more issue-based and contextual communication — methods that respect both privacy and message integrity.

Rather than seeing this as a limitation, the discussion framed it as an opportunity to make outreach more transparent, consistent, and trustworthy.

Compliance as a competitive edge

Several participants agreed that the most successful campaigns will be those that integrate compliance into daily operations. Data protection officers and legal teams are moving from the margins to the core of campaign planning, influencing how teams design voter journeys and test messages.

“Compliance is no longer something you add at the end — it’s how you design a campaign that lasts.”

Early alignment with GDPR 2024/900 can also become a strategic asset. Campaigns that can demonstrate ethical data use will find it easier to partner with tech providers, build public trust, and avoid costly legal risks in the heat of an election.

Shared responsibility across the ecosystem

The regulation also expands liability beyond political organisations themselves. Any agency, platform, or analytics provider processing campaign data now shares accountability for misuse. This creates new pressure on political tech ecosystems to formalise consent flows, strengthen contracts, and audit third-party tools.

For vendors, transparency is no longer optional — it is a business necessity. For political clients, choosing partners who meet GDPR standards will be critical for operational security and reputation.

Building trust through transparency

The webinar concluded on a clear message: data compliance and public trust are becoming intertwined. Campaigns that invest early in transparent practices — from consent management to clear data communication — will not only meet regulatory expectations but also strengthen credibility among voters and supporters.

"The real opportunity is not just to comply, but to rebuild trust in how political data is used.”

👉 The session underscored a decisive shift: data regulation is no longer a constraint but a design principle. Political organisations that adapt early will not only stay compliant but also redefine what responsible and effective digital campaigning looks like in 2026 and beyond.