The European Union (EU) is enacting the General Data Protection Regulation (GDPR) on May 25, 2018. If your business markets to the EU, hopefully you’re well down the path of compliance, as the deadline is approaching quickly.
The General Data Protection Regulation establishes new requirements on companies that collect, use and share data from EU citizens. In addition, an EU ePrivacy Regulation will be enforced in 2018. It provides additional particulars and complements the GDPR on the electronic communications data that qualifies as personal data, such as the requirement for consent to using cookies and opt-outs. The scope of the ePrivacy Regulation will apply to any business that provides any form of online communication service, uses online tracking technologies or engages in electronic direct marketing.
Below are some helpful links that provide more depth on GDPR and the ePrivacy regulation:
- Understanding GDPR (IAB)
- GDPR Compliance Primer (IAB)
- Working paper on the definition of personal data (IAB)
- European Commission GDPR FAQ
- The new EU ePrivacy Regulation: what you need to know
- Factsheet: New EU ePrivacy Regulation
GDPR has broad implications that govern the data captured on EU citizens, and it impacts any organization collecting data on EU citizens regardless of where the data is collected or where the organization is located. Digital marketing programs are front and center in the regulation, and those programs must be compliant or else the advertisers risk stiff penalties – up to 4 percent of worldwide annual revenue.
If your organization has undertaken efforts to address GDPR, this information will not be new to you; however, we thought it would be helpful to share the specifics about how this may affect digital advertising programs and actions to consider for those elements and programs that are subject to GDPR:
- Leads (contact information collected by publishers and sent to companies)
- Pixels placed on your site for retargeting purposes
- Doubleclick/Google Analytics and other third-party tags collecting information about traffic and activity on your site
At MCC, we’re supporting our clients in a number of ways, including confirming media publisher compliance by requiring written notices of compliance plans and not running programs with partners who can’t provide that commitment. All partners must be in compliance in order to reduce the risk for clients. We’re also working with clients to help source opt-out or opt-in controls in compliance with the requirements of any or all EU jurisdictions. For lead transfers between publishers and clients, we’ll provide tools and quality control to ensure the secure transfer of that data in accordance with the regulations.
Is your company prepared for GDPR and the ePrivacy initiative? May 25th is bearing down on us all to be compliant. Let us know if we can help.