Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ABM Display Advertising Success in the World of GDPR [PPT]

430 views

Published on

In this webinar, see the specific impacts of GDPR on B2B companies as they plan, budget, launch and measure success from ABM advertising programs that reach and engage the 500 Million+ citizens of EU countries and the UK. Our panel of experts will cover the IT, Legal, Marketing, Data and Technology Provider side of GDPR compliance. All of these dimensions need to be addressed as you plan for the world of GDPR.

Published in: Marketing
  • Be the first to comment

  • Be the first to like this

ABM Display Advertising Success in the World of GDPR [PPT]

  1. 1. ABM Advertising Success in the World of GDPR #
  2. 2. Speaker Introduction: Mani Iyer Mani Iyer • CEO, Kwanzoo Inc - Leader in ABM Advertising for B2B Enterprises • Serial Entrepreneur, Startup Advisor • Founded/sold e-learning platform business to Oracle • Senior Tech/Marketing Executive at Oracle, CA/Ingres, Microsoft • MS CS, University of Wisconsin • BS EE, Indian Institute of Technology
  3. 3. Speaker Introduction: Sid Yenamandra Sid Yenamandra • CEO & Co-founder, Entreda –Cybersecurity Risk Mitigation Software • Serial Innovator, Advisor and Technology Entrepreneur • VP of Product at Plato Networks (acq. by Netlogic/Broadcom) • Head of NSA-funded crypto acceleration program • BS EE & CS, UC Berkeley
  4. 4. Introduction: Francoise Gilbert Francoise Gilbert • Shareholder/Partner, Greenberg Traurig LLP, Silicon Valley, California (USA) • Practice focused on Information Privacy & Security, Data Science, and Emerging Technologies • Author & Editor, Global Privacy & Security law (two volumes, 3,800 pages, 68 countries) Aspen/Wolters Kluwer Law & Business) • Founding Member & Lead Counsel, Cloud Security Alliance • CIPP/US, CIPP/Europe, and CIPM certifications from the International Association of Privacy Professionals (IAPP) • Admitted to practice law in California, Illinois and France
  5. 5. What is GDPR - Overview • EU General Data Protection Regulation EU 2016/679 (GDPR) - Signed: April 27, 2016; - Enforced as of: May 25, 2018 • GDPR expands scope and jurisdiction of prior data protection laws • Replaces the EU 1995 Data Protection Directive, and supersedes all national laws that implemented the 1995 Directive in the EU and EEA Member States - EEA = EU + Norway+ Iceland + Lichtenstein • “Regulation” means one single law throughout the EU/EEA territory. - Not really. GDPR allows member states to add, or supplement provisions
  6. 6. Why is the GDPR relevant outside the EU/EEA? • GDPR will apply to numerous non EU/EEA entities • Two ways to assert jurisdiction • Entity is established within the EU/EEA • Processing of personal data by any controller or processor established in the EU/EEA • Entity is not established in the EU/EEA, but • Is a data controller (determines the purpose and means of the processing) or a data processor (processes data on behalf of a controller) • Is processing personal data of data subjects who are in the EU/EEA • And the processing activities are related to: • The offering of goods or services to individuals within the EU/EEA, even if no payment is required; or • The monitoring of data subjects’ behavior in the EU/EEA
  7. 7. GDPR Data Processing Principles Lawfulness, fairness, and transparency • Processed lawfully, fairly and in a transparent manner Purpose limitation • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is compatible with those purposes Data minimization • Adequate, relevant and limited to what is necessary in relations to the purposes for which the data are processed Accuracy • Accurate, and where necessary kept up-to-date; ensure that inaccurate data are erased or rectified without without delay
  8. 8. GDPR Data Processing Principles Data retention or storage limitation • Personal data must be kept in a form that permits identification of data subjects for no longer than necessary for the purposes for which the personal data are processed; • Exception for archiving for public interest, scientific or historical research purposes, or statistical purposes Security, integrity, and confidentiality • Personal data must be processed in a manner that ensures the security of the personal data, including protection against unauthorized or unlawful processing, and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
  9. 9. Data Processing Principles; Fines Accountability • The data controller is responsible for; and must be able to, • Demonstrate compliance with the Principles (in the prior slides) Inability to demonstrate compliance (through written policies, record- keeping, etc.) may expose to a fine of the higher of • Up to EUR 20,000,000 or Up to 4% of the entity’s total annual global gross revenue, in the most serious cases
  10. 10. Lawfulness of the processing Processing (collection, use, sharing, …) is illegal unless one of the following occurs: • Data subject has given consent to the processing of his/her personal data for one or more specific purposes • Processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject before entering into a contract • Processing is necessary for compliance with a legal obligation to which the controller is subject • Processing is necessary in order to protect the vital interests of the data subject or of another natural person • Processing is necessary for the performance of a task carried out in the public • Processing is necessary for the purposes of the legitimate interests of the controller or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data.
  11. 11. Responsibilities of Data Controller Controllers Must: • Keep written records of their processing activities (expect if less than 250 employees) • Be able to demonstrate that the processing is performed in accordance with the GDPR; • Implement appropriate technical, physical & administrative security measures • Disclose promptly breaches of security • Conduct appropriate due diligence when selecting processors, sub-processors • Enter into written contracts with processors regarding scope of data uses, and protection of personal data with specific provisions
  12. 12. Responsibilities Data Processors A data controller that engages a data processor must: • Use only processors that are able to guarantee that the processing will meet the requirements of the GDPR and ensure the protection of the rights of the data subjects • Enter into a written contract that meets specified requirements • Provide written instructions to the processor regarding the permitted activities • Processor may not engage another processor (“subprocessor”) without prior authorization of the data controller • If processor engages third parties, processor must have written contracts with each sub- processor incorporating restrictions similar to those in the controller to processor contracts
  13. 13. Cross Border Data Transfers Transfers of data outside the EU/EEA are prohibited unless an exception applies Measures that can be used to legitimize transfers: • Binding corporate rules • Standard contractual clauses or other contractual clauses approved by a data protection authority • Privacy Shield • Approved code of conduct or certification mechanism Several derogations, e.g.: • Individual gave explicit consent • If transfer is occasional and is necessary to comply with contractual obligations
  14. 14. Rights of the Data Subjects ▪ Right of access ▪ Right of rectification ▪ Right of erasure (“right to be forgotten”) ▪ Right to data portability ▪ Right to restrict the processing of their personal data ▪ Right to object to the processing of their personal data
  15. 15. Rights of the Data Subjects ▪ Right to object to the processing of their personal data for direct marketing purposes ▪ Right to not be subject to a decision based solely on automated processing, including profiling ▪ Right to lodge a complaint with a supervisory authority ▪ Right to an effective judicial remedy where data subjects rights have been infringed as a result of data processing in non-compliance with GDPR ▪ Right to mandate a non-profit organization whose statutory objectives are in the public interest and that is active in the field of data protection, to initiate a complaint on behalf of the individual
  16. 16. IT COMPLIANCE & GDPR
  17. 17. GDPR constituents and data workflows Data Processor Data Collector Data Subject Company delivers tools used to collect web analytics data Beneficiary of data for web analytics. Responsible for collecting, aggregating, comparing web analytics data Every person is considered a data subject. Entitled to access, correct or disallow data collection Sample Workflow: Data Processor Data Collector Data Subject Generates consent request Consent received Consent provided Consent saved Data use report saved Consent + Guidelines passed to processor Data Processor uses data as instructed
  18. 18. User consent is a big deal … • Consent is the biggest item that all marketers are grappling with • Communication needs to be transparent, easily identifiable as marketing material and who it is from, and include clearly marked opt-out functionality • Opt-out functionality is super important • B2B organizations already have cookie policies in place. All users must be presented with simple opt-in/opt-out cookie consent choices • List purchase is still viable under new regulations as long as the list owner has the permission to use the data for that specific person
  19. 19. So, how do we get GDPR compliant? • Nominate a data protection officer • Document all aspects of your company’s interaction with data • Pay close attention to data subject rights … data portability, right to be forgotten, erasure etc.
  20. 20. ABM ADVERTISING & GDPR
  21. 21. ABM Job Title Targeting Process Flow North America & UK Target Accounts ABM Ads Served Customer Ad Creation, Program Setup, and Media Execution Programmatic Ad Buying ABM Engagement Reports DSP ABM Cookie Database Accounts, Job Titles, Functions, and Level Filters Data Management Platform 1Billion+ B2B Cookies Website Tracking Tags on Customer’s Website + Microsites Email Delivery + Platform Dashboards + CRM Screens + Data APIs Engagement Data Collected
  22. 22. Kwanzoo Account Coverage Today (Before GDPR) 200M 1 Billion+ Kwanzoo (Integrated with ODC|BlueKai ) Most Other Vendors Reachable Contacts (Based on Cookie Data & Device IDs) Reachable Regions with IP Database Kwanzoo (multiple 3rd party IP providers) Most Other Vendors Access 5x more contact data with Kwanzoo
  23. 23. The ABM Advertising Ecosystem: Roles Under GDPR Advertiser or Agency (Representing Advertiser) Controller Publisher Controller ABM Display Platform Processor Publishers or Platforms capturing 2nd Party EU User Data for Advertisers (or their Agencies) Joint Controller Data Marketplace Hosting 3rd Party Data Providers Processor 3rd Party Data Providers feeding EU User Data into Data Marketplaces Controller Data Management Platform (DMP) Hosting 1st Party and 3rd Party Data Processor Demand Side Platform (DSP) Processor Ecosystem Participant GDPR Role
  24. 24. ABM Ad Targeting Options Before and After GDPR Before After ABM Job Title Targeting: • US • UK ABM IP Targeting • EU • All Other GEOs ABM Job Title Targeting: • US ONLY ABM IP Targeting • EU • UK • All Other Geos
  25. 25. ABM Reporting Before and After GDPR Before After EU: • Account Engagement Insights from IP targeted ads UK: • Account Engagement Insights from IP and cookie-targeted ads • Aggregate Buyer Insights from cookie-targeted ads EU: • Account Engagement Insights from IP targeted ads UK: • Account Engagement Insights from IP targeted ads only
  26. 26. Q & A
  27. 27. How long does it take for a firm to get GDPR compliant? Is this going to be a major overhead?
  28. 28. Why is the GDPR relevant to US based advertisers?
  29. 29. Most companies have relied on implied consent for most marketing. What is the effect of the GDPR on implied consent?
  30. 30. What are the primary obstacles created by the GDPR to advertising and marketing?
  31. 31. What rights are granted to individuals under the GDPR?
  32. 32. What technical changes are needed to honor an individual’s request to exercise her rights under the GDPR?
  33. 33. The GDPR requires that the processing be “lawful” -- what does it mean in practice?
  34. 34. We understand there are significant fines and penalties for non- compliance. Who determines these fines?
  35. 35. Can we review the key definitions under GDPR? How do they apply within the marketing and ad-tech ecosystem?
  36. 36. What are the IT elements “IT best practices” that need to be in place to ensure GDPR compliance?
  37. 37. What specific steps do B2B marketers need to take with their ABM ad programs to ensure compliance? Any final thoughts?
  38. 38. #Contact Us... ❖ info@kwanzoo.com info@entreda.com gilbertf@gtlaw.com ❖ www.kwanzoo.com www.entreda.com www.gtlaw.com ❖ @Kwanzoo @entreda @francoisegilbrt
  39. 39. APPENDIX
  40. 40. But I am not selling to EU citizens directly. Do I still care about GDPR? [APPENDIX]
  41. 41. How does GDPR affect site Cookie Policies? What about IP addresses? [APPENDIX]
  42. 42. What’s the difference between Directives (issued earlier) and Regulations (coming into effect) in terms of how they are administered or applied? [APPENDIX]
  43. 43. What are data privacy rules in use today in the UK and EU? How are they changing under GDPR? [APPENDIX]

×