The new GDPR regulation is now in force, and Facebook has made a slew of announcements to comply with the strict European law. These changes would affect European users in the early stages before being implemented globally. Ensuring GDPR compliance seems to be priority number one for the Facebook team. The components of the update will be the same for all users, but European users should see slight detail modifications in the policies. The Chief Privacy Officer and VP – Facebook, also said that there would be no differences in the protection offered to users across the globe. Thanks to the reach of these laws, legal experts say GDPR is set to become the worldwide de facto standard for privacy and will help other countries develop their own regulations.
In addition to raising the bar, these new rules present challenges for Adtech and Martech players working discreetly in back offices to target users and collect data. GDPR states that companies need a legal basis to collect personal data, including cookies, mobile advertising profiles, and IP addresses. The new regulations impact many companies in Adtech and should accelerate the consolidation in this space with a small group of trusted partners who have a proven track record of investing in quality and security. GDPR has also claimed a few victims, with marketers saying that it will be a challenge to operate an Adtech business that is data-driven in a highly legislated market.
Getting compliant starts off by establishing an internal working group to drive the compliance effort, and taking the advice of lawyers in the US and EU. The working group needs to build out comprehensive data maps, review the policies in place relevant towards data collection and protection, develop new policies, update the product and technology roadmaps and follow it with training programs for everyone. As one challenge is Adtech players getting consumer consent, the solution may involve publisher partners obtaining consent, since they are the data controllers. Reviewing agreements of all technology partners that have access to personal data is also necessary for a smooth transition towards getting GDPR compliant. Sensitive data processing requires alignment of your controls with the policies of data processing agreements.
To make sure compliance is achieved, a level of collaboration between technology partners and brands is required for GDPR compliance. All members of the ecosystem need to monitor regulatory progress and adjust as needed, which will make a brand feel confident despite the shared liability. The top of the chain, or the business deploying the technology, will hurt the most with any GDPR breaches, with both the data controller and the data processor having to take responsibility. As monetary penalties will be very high, it will help to ‘follow the data’ from when it is sourced till when it is shared, and make sure all obligations are fulfilled. Even if a company is not directly affected by GDPR, it could be likely that one of its customers is. They will surely ask you to be GDPR compliant so that they continue to use your service. GDPR compliance will also be a competitive advantage as it builds trust with customers, fulfills all obligations and gives you the competitive edge by knowing customers buying choices.
GDPR will be a global standard and organizations should be taking compliance very seriously. Although compliance can be a time-consuming and costly process, a company should not take a wait and watch approach. A small company might think the chances of them appearing on a European regulators radar are pretty slim. Even then, liability exists and risk should be managed with an active effort towards GDPR compliance. So, start off by evaluating your information handling and governance methodologies, and follow this by collecting new replacement consents for all your old personal data. And make sure you document all this. Share in the comment section below, how you have managed your transition towards GDPR compliance.