What is GDPR?
The GDPR (General Data Protection Regulation) is a comprehensive update to European Union laws about data protection and privacy that were established in 2012. The changes are aimed at installing stronger, more consumer focused laws on user privacy that allow web users to have more control over what data is collected and how it is shared.
GDPR establishes data rights for all European Union citizens, but applies to any organization that processes the personal data of EU citizens. The new rules expand the definition of personal data to include information such as location data, online identifiers (such as IP addresses) and other metadata.
In the new rules, personal data is defined as any information relating to an identified or identifiable person.
The incoming data protection rules apply to both data controllers (i.e. entities that determine the purpose and means of processing personal data) and data processors (entities that are responsible for processing data on behalf of a data controller — aka subcontractors), according to the EUGDPR website.
According to the EU’s executive body (the Commission), the goal of GDPR is:
The objective of this new set of rules is to give citizens back control over of their personal data, and to simplify the regulatory environment for business. The data protection reform is a key enabler of the Digital Single Market which the Commission has prioritized. The reform will allow European citizens and businesses to fully benefit from the digital economy.
The GDPR is the new normal for data control and security, and could soon be implemented in other countries outside of the EU. The new GDPR regulations are effective May 25.
Why is this important?
Consumer trust is essential to fostering growth in the digital economy, and RevContent has always supported industry changes that improve the user experience. We are also committed to better transparency and increased security for data.
The new rules put data control back in the hands of users, and we are advocates of empowering users.
Entities who are found to be non-compliant could be fined 4% of annual revenue or €20M (whichever is higher).
What have we done to get ready?
- RevContent has fully endorsed and supported the IAB Europe’s GDPR Transparency & Consent Framework. We are registering with their Global Vendor List and are working to integrate the technology to our system.
- We formed an internal GDPR compliance team which has confirmed and documented RevContent’s lawful basis for collection and processing, and which continues to work to ensure overall GDPR compliance.
- We increased AdChoices support and now proudly display their logo across all of our units.
- We added ads.txt support.
- There are now additional editorial controls for publishers.
- RevContent is “TAG Certified Against Fraud/Malware” by the Trustworthy Accountability Group.
- New, additional brand-safe placements throughout our network.
- We recently became the first Native Advertising Network to join the board of the Coalition for Better Ads.
How will it impact our publisher and advertiser partners?
Any entity who collects or processes data from EU subjects require a “lawful basis” for doing so. One way to obtain lawful basis is through consent. Another way is through legitimate interest. RevContent has ensured that it has a lawful basis for its activities as a third party on publisher sites. Publishers need to ensure that they have a lawful basis for their actions as well.
The new GDPR compliance process is a collective effort. Every party in the chain has their own GDPR compliance obligations, independent of the other parties in the chain. RevContent will be compliant with all of its obligations under the new GDPR standards, so if publishers are compliant with their portion of the standards, it will not impact our relationship.
If you would like more info from our team, please reach out to your rep to set up a call with the RevContent GDPR team.
How will this impact users?
RevContent assigns a UUID (Universally Unique Identifier) to all users that keeps track of their content preferences. These preferences help RevContent deliver more personalized content and allow users to customize what types of content display across the web.
If a user no longer wants personalized recommendations, they have the option to opt-out. Although RevContent will still deliver ads and content to users who have opted out, that content will no longer be personalized to your preferences in the way it was before the opt out.
The new privacy policies simplify language about how your information will be used and processed and EU users have the right to request the data that organizations collect on them and have the ability to request that it be deleted.
What do you need to do to be prepared?
As an advertiser or publisher, if your organization meets the new standards as laid out by EUGDPR.org, then you can be sure that RevContent is also in compliance with what is required for us.
Still unsure? Reach out to your rep to set up a call with our GDPR compliance team.