This post was most recently updated on July 11th, 2019
In our latest social video, we take a closer look at the EU and GDPR (General Data Protection Regulation) from a publisher’s perspective. Find out what this directive is all about, changes from the previous EU data regulations, how regulations will be enforced and tips for publishers on complying with GDPR.
Subscribe to our YouTube channel for regular ad ops tips and news videos over here.
The European Union’s (EU) General Data Protection Regulation (GDPR) is a policy aimed at providing data privacy rights for users residing within the EU while accessing apps or the internet and comes into effect in May 2018.
Worldwide businesses and publishers can be affected by GDPR as long as their audience is in the EU and they are collecting data from these users.
GDPR is not intended to replace EU cookie law.
Businesses that don’t comply can face fines up to 20 million Euro or 4% of the company’s global revenue.
All personal identifiers such as geolocation data, device IDs, IP addresses and cookie IDs are considered private information.
Personal data can’t be shared without the user’s consent
Extraterritorial nature implies: companies based anywhere in the world could be fined for violating the regulation.
Data processors and owners are liable including publishers and vendors.
Any data breaches must be reported to authorities within 72 hours.
Exactly how companies will be monitored is still uncertain.
Users can file complaints at Data Protection Authorities.
Regulators could conduct cookies sweeps and other mass tests to determine compliance.
What concerns do publishers and the advertising industry have?
Biggest concerns include how to be GDPR compliant and be able to monetize EU audiences effectively while still supporting advertiser user data demands.
Cookies are being restricted in certain environments which have tremendous effects on targeting, retargeting and other elements.
If users choose to withhold data, it could mean putting a lot of online businesses at risk, or it could be beneficial for publishers that already have access to the data.
Be sure to contact a GDPR specialist to determine compliance levels for your specific publisher business. Here are some general steps publishers should take.
Public authorities and “large-scale” processors of personal data must designate a data protection officer DPO or GDPR point person.
A Public authority will be determined on a nation-by-nation basis and“large-scale will include insurance companies, public transportation systems, banks, and telecoms.
Connect with ad tech vendors, communicate your data policy and review current data sharing arrangements according to GDPR.
Strip any personal data before you process it or share it with other entities.
The user needs to opt-in and give their consent for you to use their data.
Users must be told that they can withdraw consent at any point in time.
Figure out the best way to inform, collect and manage user consent.
If you collect data, you need to provide clear statements regarding the process you follow to collect the data.
Be sure to document all steps taken to manage the collection, use, storage and sharing of data and do regular audits to ensure compliance together with your DPO for GDPR.
EPrivacy Directive: https://digiday.com/uk/what-is-the-eu-eprivacy-directive/
Here’s the course that 300+ pubs used to scale their ad revenue.