Evidon is now Crownpeak. To get the most updated content, information on new product releases, and the latest news, check out Crownpeak.com

Sign In Now

Please select which Evidon resource you need from the list below.

We’ve recently joined Crownpeak but rest assured, nothing’s changed for you. Learn more about the acquisition.

Think the GDPR Doesn’t Apply to You? Think Again!

June 8, 2017 – Audrey Trainor

Advertisers and their partners participating in the digital supply chain must pay special attention to the profiling provisions of the GDPR.

If there was an elephant in your living room, would you point it out? Or wait for someone else to notice? Well, let me be the first to shine a spotlight on that elephant- the General Data Protection Regulation (GDPR) needs to be front and center in everyone’s mind. As of May 25th 2018, the GDPR – a game changing privacy regulation with global reach – goes into effect.

The GDPR is a massive and complex European privacy law-the kind of law that makes most companies eternally grateful for their legal departments. The first thought through the minds of advertising partners might be “that doesn’t apply to me”. Well, this fact is only true if you don’t touch a single user in the E.U. The second thought might be- “I’m compliant with AdChoices! That is sufficient, isn’t it?”. The AdChoices program is a shining example of transparency and the need to adhere to it is still immensely important, but being compliant with the AdChoices program doesn’t mean that you are compliant with the GDPR. The GDPR brings with it an entirely new set of requirements, imposing rigorous data governance standards in the advertising supply chain.

Advertisers and their partners participating in the digital supply chain must pay special attention to the profiling provisions of the GDPR, specifically the “right to object to profiling”. This is a new right- it’s no longer considered best practice to have advertising partners understand all the personal data they collect, know how they use it, and protect it; it is a legal requirement and must have the appropriate processes around it.  Some say that ignorance is bliss, but ignorance also comes at a steep cost. The GDPR brings with it penalties of up to 4% of annual global revenue or 20 million Euro, whichever is more.

The goal of the GDPR is to give power and control over personal data back to the users. Users should decide how their data is used for any purpose, and terms of use buried 8 pages deep in a privacy policy will no longer be sufficient. This law requires companies to get the user’s affirmative, freely given, informed consent before any collection or profiling can be done. This is a mutually exclusive legal requirement- running in parallel with the AdChoices self-reg program and European cookie laws.

Valid consent under GDPR is a whole different ball game. Getting this right will require companies to have a comprehensive understanding of all 3rd party tracking happening on their sites- this means an ongoing audit supported by reports that can be used as compliance evidence. This will require a sizable effort from most advertising partners – to assess, organize, and clean up their databases before a breach of GDPR is noted, and enforcement is levied against them.

Please feel free to reach out if you’d like to speak more at atrainor at evidon dot com.

Not sure where to begin? Let us help!  Click here for more information.