Programmatic 101: GDPR, Explained

Privacy and data protection has long been a concern for those who use the internet — and with information and tracking technology getting more sophisticated, that protection becomes even more important. As a marketing and advertising professional, you need to be aware of those concerns — as well as the laws that regulate data privacy. One such law that all advertisers and marketers should know about is the General Data Protection Regulation (GDPR).


This new data regulation is one you’ve likely heard of, even if you don’t know the details. The GDPR goes into full effect on May 28th of this year, and affects data privacy for citizens of the European Union (EU). As a result of its scope, this regulation has serious implications for all advertisers and publishers with a global audience.


What is GDPR?


The General Data Protection Regulation replaces the previously established Data Protection Directive 95/46/EC. It was instituted to create more cohesion to data privacy regulations throughout Europe while giving citizens more control over their personal information and protecting from data breaches. While many of the key requirements from the previous directive remain the same, the GDPR establishes some significant changes to data privacy in the EU.


  • Wider Application – In the past, the application of the Data Protection Directive to organizations outside the Union was unclear. The new General Data Protection Regulation clearly states that it applies to all data that is processed by EU controllers and processors, as well as all organizations that offer goods or services to or monitor the behavior of citizens of the European Union.


  • Harsher Penalties – Companies that fail to comply with GDPR can be fined up to 4 percent of their annual turnover. For some organizations, this represents a significant amount of revenue.


  • Stronger Data Rights – Breach notifications must be made to affected individuals within 72 hours that an organization is aware of the breach. Subjects of collected data also have a right to access the information that has been processed on them and the right to request that information be erased.


The IAB Europe Framework


In response to the upcoming deadline for GDPR, Europe’s Interactive Advertising Bureau developed a framework to help advertisers comply with the new regulations. Its technical specifications are designed to simplify and clarify the process of consent and data collection for both corporations and consumers. In addition, the framework is intended to create more relevant advertising experiences for individuals, resulting from better-targeted ad campaigns. IAB Europe’s framework should particularly help third-party organizations who don’t have a direct relationship with consumers.


Industry Response to the Framework


Third-party vendors and agencies, who the framework more distinctly helps, have been more likely to embrace it. The unified take on consent simplifies the process and makes it easier to get consent as an unknown partner. Some publishers, on the other hand, feel that IAB Europe’s framework puts more responsibility and risk on them when it comes to getting consent for each third-party ad tech partner.


Publisher Involvement


Under the new regulations, it will be up to publishers to take action in response to GDPR – working with their technology partners to ensure full compliance. As a publisher, you will also need to decide which ad tech partners will help you achieve your advertising goals while meeting the data privacy requirements of the General Data Protection Regulation.


The new EU GDPR will likely mean additional work on the part of your organization to meet its requirements — from changing your consent process to reviewing data collection from your ad tech partners. In both the short and long term, ensuring that your advertising practices meet the new privacy laws will benefit both your company and your customers — in and outside the European Union.


April 10, 2018


Marketing, The Winning Curve