Industry Report

TBR - To ensure GDPR compliance, the advertising ecosystem should consider EU-based vendors


In this report, Technology Business Review Inc. analysts Stuart Williams and Zach Rabel summarize the impact of European Union’s General Data Protection Regulation (GDPR) on the digital media ecosystem.

GDPR, or General Data Protection Regulation, affects all industries and enterprises operating in in the digital media ecosystem — including publishers, advertisers and tech vendors — regardless of whether they consider themselves consumer-facing or data-driven. The goal of GDPR legislation is multifaceted. Key elements include greater transparency, education, and choices for consumers regarding the collection and management of personal data.

And the stakes are high. Even if marketing teams aren’t actively conducting business in the European Union, they’re on the hook should engagement and data collection occur in the region. Noncompliance will result in penalties of up to 4% of gross revenue, or €20 million, whichever is greater.

As enterprises navigate new regulations, change management remains a challenge. TBR believes internal executive teams would be wise to add chief privacy officers (CPOs) or appoint data protection officers (DPOs) as the GDPR applies to any organization that processes or stores large amounts of personal data, whether for employees, individuals outside the organization, or both.

To keep pace with all that’s needed to stay compliant, companies that aren’t expressly required to appoint a DPO may opt to partner with vendors that maintain deep roots in the EU market. Find out more, including ways EU-based vendors can offer a wealth of resources, like knowledge about regulations and relationships with individual legislators.