The final implementation of these regulations occurs on May 25th, so now is a good time to fully understand the implications on advertisers, media agencies, and digital vendors alike.
The GDPR in its simplest form is a set of regulations that covers all foreign companies and their processing of data that is collected from EU residents. It provides uniform and strict guidelines on how, when, and where a company can collect, distribute, and use the digital information it gathers. With the intense rise in value of personal data in the digital world, these regulations act as a set of rights to protect residents of all EU countries. This personal data includes information such as name, email address, posts on websites, and even IP address.
The regulations affect a multitude of entities in the digital space. Any company with a website now has to be much more stringent on the data collection that occurs when users visit their site. Advertisers and media agencies have to ensure that they are following the necessary protocols when storing and using any data that is collected in a manner that meets the GDPR. Finally, digital vendors on both the DSP and DMP side need to utilize the proper procedures when targeting digital campaigns along with the ever-present collection and storage of data.
Agencies have a responsibility to not only educate their clients and ensure they are following protocols, but also to only utilize partners who are fully integrated and able to handle the regulations that have been set forth. The primary method of complying with the GDPR is to include clear and explicit language that allows online users to “opt-in” to the standard data collection that occurs. Note that this is much more stringent than previous regulations as “opt-out” language was generally the norm. In addition, companies will no longer be able to include terms and conditions that include complicated “legalese” in order to hide the “opt-in”.
When it comes to the digital vendor side, DSPs and DMPs each have their own set of unique challenges. At MayoSeitz Media, we have ensured that all DSP partners are equipped to handle the changes. These DSP’s have worked to ensure that any digital strategy that is implemented in an EU country includes tactics that follow the GDPR guidelines. This generally means omitting some of the common data sources such as: IP address, re-targeting, and purchase data targeting. DMPs have an even greater challenge since they are entirely in the business of collecting digital data. In order to ensure that any DMP partner is compliant, it is imperative that they not only have their own form of “opt-in” consent but that they are also utilizing a Data Protection Officer, have updated security and data access policies, and allow subject access to the data that has been collected.
Nearly everyone who does business in the EU is affected in some way by the GDPR. Agencies have an onus to educate their clients and vet the DSPs and DMPs that are being utilized. With the inclusion of the “opt-in” consent, all of these entities can make an effort to continue data collection. However, it remains to be seen how many people in the EU allow companies to collect and utilize personal information. If the number of “opt-ins” is far lower than expected, we should plan to see the industry educating people on the long term and short term benefits of allowing this data collection.