The General Data Protection Regulation (GDPR) is set to be imposed from 25th May 2018 in EU. Preliminary debates about the regulation began in 2012. By April 2016, the GPDR was formally adopted by the EU Parliament, with a two year alteration period.
GDPR is expected to bring a great change in the way in which programmatic advertisers connect with EU consumers. The EU General Data Protection Regulation (GDPR) brings in game-changing guidelines in the field of data privacy regulation and if your business will not follow these new set of rules, you may face some serious penalties. Therefore, it is important that you keep yourself up-to-date of these changes.
Impact of GDPR on the programmatic advertising industry
At its principal, the GDPR reports consumer concerns about data privacy and security. Some of the most noticeable changes for programmatic marketers include:
- In most cases, “personal data” can only be used with the direct consent of the customer.
- Clients have a “right to be forgotten” and a right of “data portability”
- Administrative and record-keeping necessities
What constitutes ‘consent’ for the use of ‘personal data’ under the GDPR?
- Consent must be freely given by the customer. Consent cannot be masked.
- Pre-ticked boxes are no longer allowed.
- Passive notices such as “by using this site, you accept cookies” are not biddable with the GDPR.
- Consent cannot be secreted in long Terms & Conditions; it must “be open in a manner which is undoubtedly unique from the other matters, in an understandable and simply reachable form, by clear and plain language.”
- Consent is not compulsory if it’s achieved in this manner.
- The customer has a right to remove their consent at any time. “It shall be as easy to remove as to give consent,” the regulation reads.
Scope of GDPR
These set of new guidelines will increase protection of EU citizens’ data. This is of supreme importance if your organization does business within the European Union or collects data on EU citizens, irrespective of your physical existence in the EU. This applies also to the non-EU companies which offer services to the EU citizens. The entire worldwide ad tech network, comprising publishers, agencies, DMPs, DSPs, ad exchanges and everyone else in digital advertising will be under the GDPR radar. In case of non-compliance, hefty fines will be charged.
The level of the fines:
The level of the fine depends on the enormity of the breach. There are different levels of fine. An extreme penalty of up to 4% of the yearly total turnover of the organization or €20 million, whichever is higher, can be charged upon the lawbreakers. This can cause a severe loss to your company’s incomes. This will be charged in case of the utmost serious breach of the policy i.e. absence of necessary and an unmistakable consent from the consumers which will be considered as the intrusion of the private data security policy.
Reduced quantity, increased quality
The quantity of data used for programmatic buying will possibly drop. Not each EU customer will give straightforward consent, but the quality of data figures will increase. Those who give consent are confirming that they understand and are okay with the value proposal. As there is a chance for increase in CPMs as marketers focus on more planned and clear spending.
It is a “rule” and not an “instruction”
The EU is huge and consist of many member nations. Thus, there are numerous divisions of data privacy regulations amongst these member nations. In order to address this matter and go with the data protection laws across the EU, the Data Protection Directive 95/46/EC was taken into effect on 24 October 1995. But, as it was only an “instruction”, it left some space for explanation while changing into separate national law. Taking into concern this fact, in combination with the quickly changing aspects of data in today’s digital advancement, an update to the present data protection laws was long called for. GDPR is set to fix these problems and make data protection even stronger.
These guidelines will give you a heads-up on the future GDPR, and help you prepare in advance to handle it well.