Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR Compliance in Digital Advertising (dmexco 2017)

408 views

Published on

Talk for dmexco 2017

Published in: Internet
  • Be the first to comment

  • Be the first to like this

GDPR Compliance in Digital Advertising (dmexco 2017)

  1. 1. GDPR Compliance in Digital Advertising GDPR Compliance Stefan Krätschmer Head of Innovation and Implementation in Digital Advertising
  2. 2. GDPR Compliance in Digital Advertising General Data Protection Regulation 1. Enforcement date: 25 May 2018 2. Personal data belong to people who reside in the EU 3. Location doesn’t matter 4. Fines: 20 million euros or 4% of the annual worldwide turnover, whichever is greater
  3. 3. All admetrics’ products are GDPR compliant GDPR Compliance in Digital Advertising
  4. 4. GDPR Compliance in Digital Advertising Familiarise yourself with GDPR
  5. 5. GDPR Compliance in Digital Advertising Is your business subject to GDPR? — Do you need to comply? Are you subject to GDPR? — Do you collect or process personal data?
  6. 6. GDPR Compliance in Digital Advertising Are you sure you know the answer? — Feeds from partners might contain personal data, e.g. mobile device IDs for retargeting — GEO IP and blacklists mean you use IP addresses (personal data) — Server logs might contain IP addresses
  7. 7. GDPR Compliance in Digital Advertising Audit 1. Collect all data that you take in and list all partners that send it to you 2. Collect all ingestion points for user data, such as ad tags, tracking pixels, and so on 3. Check the fields and identify personal data
  8. 8. GDPR Compliance in Digital Advertising Data minimisation “Personal data shall be: [...] adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed” Art. 5 GDPR
  9. 9. GDPR Compliance in Digital Advertising Joint liability You’re still at risk of being held responsible if one of your partners is not compliant.
  10. 10. GDPR Compliance in Digital Advertising Check your partners 1. Legal work, e.g. data processing agreement 2. How data is sent? 3. Do they have a DPO appointed? 4. Can they demonstrate compliance? – Is it encrypted? – Is it sent via email? – Is it available via a simple FTP access? – Privacy policies – How they deal with consents (get, revoke) – How they erase personal data, including erasing it from the backups – Get a list of data they’re sending. What is personal data there? How they handle it?
  11. 11. Compliance is not a one-time event GDPR Compliance in Digital Advertising
  12. 12. GDPR Compliance in Digital Advertising ‘Privacy by design’ “[...] the controller shall [...] implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles [...] in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.” Art. 25 GDPR Data protection by design and by default
  13. 13. GDPR Compliance in Digital Advertising Get consent 1. Directly from users 2. Make sure partners have it, e.g. pixel integration or a case in a legal agreement
  14. 14. GDPR Compliance in Digital Advertising Consent — Valid — Not revoked
  15. 15. GDPR Compliance in Digital Advertising No consent — Fall back — Turn off features/metrics Flexibility is insured by the ‘privacy by design’ approach
  16. 16. GDPR Compliance in Digital Advertising ‘Privacy by design’ 1. Encrypted data that you send in a secure way 2. Possibility to erase data on request, including data from the backups 3. Access policies: 4. Handle data breaches. All data breaches must be reported to the supervisory authority within 72 hours – Who can access the data – How employees are getting access – When and who revoke access, etc.
  17. 17. ‘Privacy by design’ is vague GDPR Compliance in Digital Advertising
  18. 18. ePrivacy is being revised GDPR Compliance in Digital Advertising
  19. 19. GDPR Compliance in Digital Advertising Thank you. GDPR Compliance in Digital Advertising Stefan Krätschmer Head of Innovation and Implementation https://admetrics.io contact@admetrics.io sk@admetrics.io

×