7. Where in the world does this
matter? It’s not just EU!
International
Audience (including
EU)
Mainly US
Audience
(but some EU audience)
Just U.S.
Audience
(no EU audience)
GDPR APPLIES GDPR APPLIES GDPR DOES NOT APPLY
9. STEPS TO COMPLIANCY!
1. Take this seriously
2. Get data smart
3. Evaluate the gaps
4. Get legal consent
5. Devise & Deploy
6. Handle breaches
7. Review consistently
What Can We do to Prepare?
10. Get to it
The Opportunity
Better Customer Relationships
Stronger Control
Level Playing Field
Personal data is a human right
Renewed control over their digital identity
What Rights?
What is GDPR
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Why is this Important? It’s all about Consent!
Consent has changed - Consent must be explicit and consumers must be able to say no
If they say no can I just not offer content?
Not so fast…it’s a grey area
Controllers and Processors
A data controller is the entity collecting the data e.g. a publisher
A data processor is an entity that is doing something with a controller's data under their direction e.g. an advertising network
But different views and different lawyers would take a view on the roles and responsibilities
But one thing is for sure – liabilities are shared! If a pub uses a dmp that doesn’t comply and doesn’t take action, they are held mutually liable
If you process and/or store data from the EU then you have to comply.
US pub, no EU readers, not 1. Zero… You do not have to comply
US pub, 20% EU readers, that you monitor... Yep, you must comply
US pub, 20% EU readers, you don’t monitor, but you work with SSP or ad networks that target EU…Yep, you need to comply
US pub, firewall EU to not collect cookies and don’t deploy any non-compliant 3rd parties… Sounds pretty safe, but you have to be 100% sure your third parties don’t misstep
What about Brexit!?
Google had about 90billion in 2016 revenue – theres a greater than zero chance they could be fined 18billion dollars…
PR risk too – pubs are gate keepers – breach notification even if third party is the one that didn’t comply or had the data breach.
Do I need a Data Protection officer!?
This is not exclusive or legal advice!
Privacy by design – data protection from the onset of any and all development
At the end of the day – it challenges companies to be Accountable and Transparent
Build Trust with your readers, viewers, users. Become trusted and valuable partners in that value exchange.
Stronger control over third parties and vendors. Understand your value and the value of your customers and users.
finally
data reset with data rich orgs – this hopefully makes companies that work hard on this have an advantage.