- Posted by Admin
- On June 14, 2018
As one of the most effective regulations from the European Union, GDPR represents the data protection law in the recent times for organizations worldwide. With the enforcement deadline (May25th2018) in place, organizations feel the need to comply with the various approaches acknowledging to every detail. As of 25th May, the GDPR regulations is now officially enforceable.
What is GDPR?
GDPR is an EU supervisory that replaces the 1995 Data Protection Directive that applied to the whole of EU earlier. The GDPR is a set of regulations that protect the personal data breach without proper consent. Now, GDPR is the binding activity that is applied to all countries and organizations to which they are subject to comply.
The basic of GDPR as a law,
- Data Collection and Use Must be Minimized
- All Data Processing Must Receive Consent
- Data Transparency, the Right to Portability, and the Right to Be Forgotten
- The EU Could Level Severe Fines
The seven principles governing to the data protection law,
“Notice—data subjects should be given notice when their data is being collected;
Purpose—data should only be used for the purpose stated and not for any other purposes;
Consent—data should not be disclosed without the data subject’s consent;
Security—collected data should be kept secure from any potential abuses;
Disclosure—data subjects should be informed as to who is collecting their data;
Access—data subjects should be allowed to access their data and make corrections to any inaccurate data
Accountability—data subjects should have a method available to them to hold data collectors accountable for not following the above principles.”
The impacts of GDPR,
As many companies might see this as a compulsory obligation, we are most certain that living in this digital era, every individual has their rights to protect their data from the third parties. From a marketing perspective, In GDPR there is an evident difference between a B2B (Business to Business) or the B2C (Business to Consumer),
- “The processing must relate to the legitimate interests of your business or a specified third party, providing that the interests or fundamental rights of the data subject do not override the business’ legitimate interest.”
- “The processing must be necessary to achieve the legitimate interests of the organization.”
The impacts of GDPR on DSPs,
- In order to get the consent, DSPs have to rely on the ad supply chain as they are not directly connected to its end users.
- GDPR insists on giving the option of opting-out, from having their personal data being used. DSPs will face the drawback in data storage for ad-targeting, as cookies and IP addresses play a major role in real-time bidding.
- Advertisers who rely largely on targeted programmatic ads will be obligated in getting the consent from all their vendors and users.
- Bring in a DPO (Data Protection officer) who ensures to follow all the rules and regulations as per the law and manages data efficiently.
“Core DSP services are in the same bucket as SSPs – processing trades on behalf of customers – so there is little need to get direct consent. However, many DSPs have developed proprietary data sets or cross-device graphs, and these will be very hard to maintain under the new regime unless you’re Amazon or Google. DSPs may also be required to curtail services, such as log delivery and lookalike modeling, in the same way as buy-side ad servers.” – according to AdExchanger.
GDPR demands that personal data only be used with explicit permission from individuals. This could become problematic for DSPs because they rely on audience data to target ads, and 50 percent of European internet users said that if given the option, they would opt out of seeing retargeted ads, according to a survey conducted by HubSpot – Compared to other industry players such as retargeting firms and data management platforms, DSPs are far from being the only sector to feel the pressure from the GDPR regulations.
The following links might be useful for additional information on GDPR
- The EU GDPR Portal
- The United Kingdom’s data protection self assessment
- The Bird & Bird Guide to the General Data Protection Regulation
- Bloomberg Law’s Analysis of “The Final European Union General Data Protection Regulation”