General Data Protection Regulation, or GDPR, may be the biggest story in online marketing in a decade, but its effect on marketing has been vastly overstated and confused.

That confusion isn’t surprising; while GDPR legislation is not as lengthy and complex as some other laws and regulations, it is still opaque. A mixture of vague statements and simple misunderstandings about ad technology seem to have driven much of the language used in making the new rules, and many marketers are learning that compliance is quite easy – even if it creates costly hassles for themselves and annoyances for their customers.

We’ve been here before.

Americans may not be familiar with the “this site uses cookies” pop-up that appears on European websites, a legal requirement established by the EU in its prior attempt to ensure privacy and limit (mostly Americans’) innovation in European markets. Most users will simply click “accept” and go about their day; the legislation, most agree, was a failure.

GDPR is much more beefed up than that, and the penalties of noncompliance are very steep. So there is an incentive to comply, especially if you’re a smaller company, because you’re an easier target for regulators and you likely lack the technology and infrastructure to ensure immediate compliance. These penalties are why GDPR must be taken seriously.

In particular, active consent is the primary focus of GDPR, and early commentators noted this would be the hardest stumbling block for publishers, platforms and third-party data providers. How can you get people to consent, the naysayers wondered? Of course, the precedence in the cookie pop-ups was there, and the answer was obvious: Give consumers an incentive to consent, and they will consent.

Early data demonstrates this to be the case. Incentives to allow data mining and trading, especially from Google and Facebook, have allowed them to operate as usual, although they were ironically the targets of the regulation.

Fortunately, smaller marketers can learn from their example and comply with the law while also gathering the same amount of data as they had in the past.

If you want to tackle this new hurdle, join OneTrust CEO Kabir Barday as he discusses the legal, security and regulatory ramifications of GDPR and emerging GDPR-compliance best practices. At his session, “GDPR and EU Privacy for Marketers: How to Tackle Consent and Preference Management,” marketers can learn how to continue marketing in the EU legally without suffering a significant knock to ROI or dramatically increased costs in complying with the law – or with the consequences one can endure by not complying.

This article is brought to you by &THEN, DMA’s annual event. Click here to join the leaders of the marketing community and advance your data and marketing mastery in Las Vegas, October 7-9.