In case you have been on a round trip to Mars lately, the General Data Protection Regulation (GDPR) takes effect on May 25th. The online publishing sector, amongst others, is bracing itself for these significant regulatory changes.
A quick Google search for GDPR yields thousands of results. However, understanding how these rules apply to your business can be quite challenging. Our new ebook, “A Publisher’s Guide to GDPR Compliance”, will help online publishers understand the actions they need to take to comply with the GDPR.
This eBook will educate you about the various aspects of GDPR, with added emphasis on the hidden aspects specifically affecting online publishing operations, especially the topic of third party services and their impact on GDPR.
LEARN ABOUT GENERAL DATA PROTECTION REGULATION (GDPR)The GDPR is gaining momentum due to the magnitude of its impact and legal implications it carries with it, which is putting enormous pressure on decision makers in the online publishing and digital advertising industry.
Simply put, the legal consequences of violating the GDPR guidelines have to be taken seriously. Non compliant GDPR organizations may be fined between 2%-4% of their annual global turnover or up €20 million, whichever is higher. Repeated violations can raise the level of legal penalties to the €40 million range.
In a nutshell, the GDPR requires online publishers, eCommerce websites and all entities with a web presence to perform the following actions while interacting with European (EU) citizens based in Europe:
Online publishers are defined as Data Controllers under the GDPR and carry full responsibility for all data breaches.CLICK TO TWEET
As per the GDPR, online publishers will also be required to perform mandatory Privacy Impact Assessments (PIAs), also known as Data Protection Impact Assessments (DPIAs). This process has been created for publishers to assess privacy risks created by the collection and processing of sensitive PII data.
UNDERSTAND THE IMPORTANCE OF USER CONSENTThe new EU data protection framework has three more legal elements that online publishers (i.e – data controllers) need to take into consideration.
The ePrivacy DirectiveThe old “Cookie Law” has evolved. While consumers were required to accept the use of cookies every time they visited a website, they rarely had any real control over what PII data is being collected via their browser, and what was stored — or in some cases even sold to third parties.
As per the new ePrivacy Directive, browser settings will allow website visitors to accept or refuse cookies, as well as other ‘identifiers’. Only “non-privacy intrusive cookies”, used to enhance performance and improve user experience, can be implemented without user consent.
The Interactive Advertising Bureau (IAB) Europe has also released a new framework aimed at standardizing the process of obtaining user consent.
Online publishers (data controllers) will get to select which Ad Tech vendors (data processors) they wish to continue collaborating with from a centralized list of authorized global vendors. These third party vendors will need to submit an application to appear on this list and pay a predefined admission fee.
Full compliance can’t be achieved just by working with IAB Europe compliant vendors. Online publishers also carry the responsibility of obtaining documented consent from the consumer (data subject) on all vendors’ behalf, not to mention the real-time management of these permissions.
Consent Management Platforms (CMPs)CMPs enable online publishers to micromanage user consent. More and more businesses are adopting CMPs to manage the consent aspect of getting PII data from their clients. Besides setting and monitoring the statuses of user consent, they allow the management of preferred vendor lists.
Despite not being a mandatory tool for GDPR, CMPs are being adopted by data controllers on a massive scale to optimize user consent management.
MONITOR YOUR THIRD PARTY SERVICESThird party vendors are becoming increasingly necessary for modern online publisher to remain profitable. These services are basically autonomous components that are working independently, which can be challenging to monitor, further complicating the GDPR compliance aspect.
Your PII data can also potentially reach new data processors in the form of fourth and fifth party services. Hence, a proper GDPR audit should go beyond first party software on the website and include third party services in Ad Tech and MarTech stacks for a through inspection.
Although there are several ways to determine which services are running on your site, not all of them will highlight the fourth and fifth party dependencies.
GET YOUR FREE EBOOK NOWOur eBook will also shed some light on where the online industry will go after the GDPR takes effect. In our “Privacy and Monetization” section, we’ll cover the current trends in the online advertising industry and show what top players in the market (i.e. – Google) are doing behind the scenes to adapt to the GDPR.
Get the full GDPR eBook
Top 10 Social Media Reporting Tools
Without effective social media reporting, the resources invested in collecting and analyzing the data are wasted. Sure, you can create a social media report in a spreadsheet or tables in a document, but that takes precious time. Why waste it when you can automate most social media reporting tasks with one (or more) of the tools we’ve picked for you?Marketing Automation vs Sales Automation
It’s clear that organizations looking to scale up embrace automation tools and solutions to boost their marketing and sales operations. However, they often miss the distinction between these two methodologies.Top 10 QMS Software for 2020 by Industry
When it comes to manufacturers, quality assurance is crucial if you want to stay competitive — not only because the quality is what people seek but also because it’s required for regulatory purposes in many industries.