GDPR (General Data Protection Regulation) is an EU law that bring about changes in the way marketers obtain, store, manage, and process such personal data. This legislation strengths and unifies data protection for all EU citizens. This will impact on all companies and enterprises operating with personal data of EU citizens in the digital media ecosystem, even if the company is not located in the EU. This affects publishers, advertisers and tech vendors. The main goal of this law is to include greater transparency, education, and choices for consumers regarding the collection and management of personal data.
Even though GDPR was developed by the European Union, which implies that supposedly only its members are eligible to comply with the law, their impact and consequences will affect the whole world. GDPR aims to bring consistency around privacy and data protection. One of the main changes that the law sets out is that now users can demand companies to reveal the personal data they hold. European citizens could not only have access to their personal data but also ask sites to delete it or change it.
In addition, this law introduces some new rules regarding data breaches. Any data breach will need to be informed to a supervisory authority and their clients within 72 hours. No processing of sensitive personal data will be allowed without a user’s explicit consent. This means that clear and specific information about data types and purpose should be provided to the user before any processing takes place. This is also known as ‘prior’ consent and all consents must be recorded as evidence that consent has been given.
When did GDPR come into force? How does it affect businesses?
GDPR Transparency & Consent Framework was launched on 25th May 2018. As an agency that optimize and monetize digital products, we want all our publishers to be aware about the serious consequences that GDPR may bring if it is not applied. That is to say that, if that under GDPR, they couldn’t legally add filters so specific that the target audience is narrowed down to an individual person without explicit end user permissions. Companies will also need to pay close attention to where they get information and which partners they trust to comply with GDPR. This means that Publishers could lose out on ad revenues if the intermediaries can’t collect data for targeted advertising. Apart from that, the fines for not complying GDPR could be up to 4% of the total worldwide annual turnover.
How do I prepare for GDPR?
GDPR compliance should be a top priority for all our publishers. This measures must be implemented before July 25, 2018. New tools called Consent Management Platforms (CMP) have been developed in order to carry out this update. This tools will help you to add a consent function to your website. At Embi Media, we recommend using Cookiebot by Cybot to make this adjustments in your site. Cookiebot live up to the new regulations by scanning your site and providing clear and specific information on your cookies. It will help you ask your users for consent before collecting and storing cookies. This platform will perform full monthly scans to detect all tracking in place on the website as well as detection of where data is being sent to and where in the source code the cookie can be found. It also gives you a simple way to allow the users to change or withdraw their consent. Another function of this tool is storage of user-consents in a cloud-driven environment, which are downloadable and can be used as proof. Ultimately, this CMP can ask your website visitors for a consent that covers all your domains. If you operate multiple websites from different domains or your website operates from several sub-domains by authorizing this option users will only be asked for consent the first time they visit any of your websites.
Although we can’t tell you what your website consent message should say because it will largely depend on your approach to monetization, how you use personal data and the third party services you work with we can give you a basic example. In order to enhance, personalize, and support user’s experience on the site, information is collected, used, and shared to develop content targeted to user interests. This information will be used by partners to tailor content and ads, track user’s preferences, analyze traffic, and provide similar services and content.