EU & GDPR: What Publishers Need To Know Before May 2018

Last updated: July 11, 2019 | by Kean Graham
EU & GDPR: What Publishers Need To Know Before May 2018

This post was most recently updated on July 11th, 2019

In our latest social video, we take a closer look at the EU and GDPR (General Data Protection Regulation) from a publisher’s perspective. Find out what this directive is all about, changes from the previous EU data regulations, how regulations will be enforced and tips for publishers on complying with GDPR.

Subscribe to our YouTube channel for regular ad ops tips and news videos over here.

Video transcript:

What is it all about?

The European Union’s (EU) General Data Protection Regulation (GDPR) is a policy aimed at providing data privacy rights for users residing within the EU while accessing apps or the internet and comes into effect in May 2018.

Worldwide businesses and publishers can be affected by GDPR as long as their audience is in the EU and they are collecting data from these users.

GDPR is not intended to replace EU cookie law.

Businesses that don’t comply can face fines up to 20 million Euro or 4% of the company’s global revenue.

What has changed from previous EU data regulations?

All personal identifiers such as geolocation data, device IDs, IP addresses and cookie IDs are considered private information.

Personal data can’t be shared without the user’s consent

Extraterritorial nature implies: companies based anywhere in the world could be fined for violating the regulation.

Data processors and owners are liable including publishers and vendors.

Any data breaches must be reported to authorities within 72 hours.

How will regulations be enforced?

Exactly how companies will be monitored is still uncertain.

Users can file complaints at Data Protection Authorities.

Regulators could conduct cookies sweeps and other mass tests to determine compliance.

What concerns do publishers and the advertising industry have?

Biggest concerns include how to be GDPR compliant and be able to monetize EU audiences effectively while still supporting advertiser user data demands.

Cookies are being restricted in certain environments which have tremendous effects on targeting, retargeting and other elements.

If users choose to withhold data, it could mean putting a lot of online businesses at risk, or it could be beneficial for publishers that already have access to the data.

How can publishers comply with GDPR?

Be sure to contact a GDPR specialist to determine compliance levels for your specific publisher business. Here are some general steps publishers should take.

Public authorities and “large-scale” processors of personal data must designate a data protection officer DPO or GDPR point person.

A Public authority will be determined on a nation-by-nation basis and“large-scale will include insurance companies, public transportation systems, banks, and telecoms.

Connect with ad tech vendors, communicate your data policy and review current data sharing arrangements according to GDPR.

Strip any personal data before you process it or share it with other entities.

The user needs to opt-in and give their consent for you to use their data.

Users must be told that they can withdraw consent at any point in time.

Figure out the best way to inform, collect and manage user consent.

If you collect data, you need to provide clear statements regarding the process you follow to collect the data.

Be sure to document all steps taken to manage the collection, use, storage and sharing of data and do regular audits to ensure compliance together with your DPO for GDPR.

EPrivacy Directive:


Recommended Reading

July 23, 2024

How much ad revenue can apps generate?

Read More
Traffic Cop
July 22, 2024

Webinar Recap: Protect Your Ad Revenue from Invalid Traffic

Read More
July 18, 2024

Best Header Bidding Networks of 2024

Read More

Trusted by 1,500+ publishers worldwide

10X your ad revenue with our award-winning solutions.

Let's Talk


Ready to 10X your ad revenue with the #1 ad management partner?

Start Now