Why Publishers Need to Prepare for GDPR and How to Go About It

By OpenX in Publishers|August 16, 2017

May 25, 2018 – that’s the day the General Data Protection Regulation, commonly referred to as GDPR, kicks in. GDPR gives EU citizens more protection and control over the way their data is collected and how it might be used. Most companies across the board will need to heed GDPR, but digital media will experience the largest impact. It is imperative that publishers pay close attention to GDPR, as non-compliant companies can face fines for serious breaches of up to 2% of the company’s annual global earnings, or €10 million, whichever is greater.

The GDPR website has the comprehensive overview of why these regulations are being put into place and how companies need to adjust their business practices to accommodate the new regulations. Below we’ve outlined the top takeaways for publishers who are still grappling with GDPR compliance.

How GDPR will affect publishers:

  • While GDPR was passed by the EU Parliament and is designed to protect EU citizens, the regulation extends to all companies that have an establishment in Europe and global companies that do business in Europe.
  • GDPR requires unambiguous consent from end users before their personal data can be processed. Publishers should have clear opt-in/opt-out processes in place and explain what data is being collected and why.
  • Under GDPR, location-based data, online identifiers, IP addresses, and more are considered personal data.
  • Publishers will need to look into updating current business practices in order to respond to customer data inquiries promptly, erase customer data if requested, and report data breaches, all in compliance with GDPR requirements.

GDPR checklist:

  • Have a go-to GDPR and data protection point person who can connect with teams throughout the organization from legal to ad ops to ensure the business is tracking towards compliance.
  • Review and update documented procedures, including contracts with vendors and buyers, for things including the data you acquire and how that data is accessed.
  • Carry out a thorough technical assessment of your data security and management protocols.

For a more comprehensive look at what GDPR requires of publishers, head over here to learn more and ensure you are fully compliant by the deadline.

*This document is a guideline and does not represent legal advice. Seek the advice of your legal counsel with regard to meeting the requirements of the GDPR and other laws relevant in regions where you operate.