SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez nos Conditions d’utilisation et notre Politique de confidentialité.
SlideShare utilise les cookies pour améliorer les fonctionnalités et les performances, et également pour vous montrer des publicités pertinentes. Si vous continuez à naviguer sur ce site, vous acceptez l’utilisation de cookies. Consultez notre Politique de confidentialité et nos Conditions d’utilisation pour en savoir plus.
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Why is this Important? It’s all about Consent!
Consent has changed - Consent must be explicit and consumers must be able to say no If they say no can I just not offer content? Not so fast…it’s a grey area
Controllers and Processors A data controller is the entity collecting the data e.g. a publisher A data processor is an entity that is doing something with a controller's data under their direction e.g. an advertising network
But different views and different lawyers would take a view on the roles and responsibilities
But one thing is for sure – liabilities are shared! If a pub uses a dmp that doesn’t comply and doesn’t take action, they are held mutually liable
If you process and/or store data from the EU then you have to comply. US pub, no EU readers, not 1. Zero… You do not have to comply US pub, 20% EU readers, that you monitor... Yep, you must comply US pub, 20% EU readers, you don’t monitor, but you work with SSP or ad networks that target EU…Yep, you need to comply US pub, firewall EU to not collect cookies and don’t deploy any non-compliant 3rd parties… Sounds pretty safe, but you have to be 100% sure your third parties don’t misstep
What about Brexit!?
Google had about 90billion in 2016 revenue – theres a greater than zero chance they could be fined 18billion dollars…
PR risk too – pubs are gate keepers – breach notification even if third party is the one that didn’t comply or had the data breach.
Do I need a Data Protection officer!? This is not exclusive or legal advice!
Privacy by design – data protection from the onset of any and all development
At the end of the day – it challenges companies to be Accountable and Transparent
Build Trust with your readers, viewers, users. Become trusted and valuable partners in that value exchange. Stronger control over third parties and vendors. Understand your value and the value of your customers and users. finally data reset with data rich orgs – this hopefully makes companies that work hard on this have an advantage.
Digiday Programmatic Media Summit. Daniel Oakins. Grapeshot
Where in the world does this
matter? It’s not just EU!
(but some EU audience)
(no EU audience)
GDPR APPLIES GDPR APPLIES GDPR DOES NOT APPLY
What’s the liability?!
4% of GLOBAL revenue
STEPS TO COMPLIANCY!
1. Take this seriously
2. Get data smart
3. Evaluate the gaps
4. Get legal consent
5. Devise & Deploy
6. Handle breaches
7. Review consistently
What Can We do to Prepare?
Get to it
Better Customer Relationships
Level Playing Field