What Is the GDPR and Are You Ready?

One of the toughest challenges advertisers face is keeping up with the ever-evolving technology landscape. Most recently, how advertisers collect and share consumer data online has been called into question in the European Union (EU). A new data privacy law, known as the General Data Protection Regulation (GDPR), went into effect May 25, 2018, and is the latest effort to give people more control over their digital data and how it’s used. This is great for consumer privacy, but how will it impact your advertising? Although hotly debated, the GDPR does not signify the end of digital advertising in the EU. However, it will certainly have an influence on the entire digital ad industry, not just EU-based organizations. So what is the GDPR, who does it impact, and what should you consider to protect your campaigns? Terms to Know



What is the 1995 Data Protection Directive? It was one of the first large-scale efforts to define what and how personal data could be used by companies and advertisers. The GDPR replaced this directive in 2018. Personal data identified in the directive included a person’s name, photo, email address, phone number or personal ID. However, member states or individual countries could alter or supersede this directive. What is the GDPR? The GDPR standardizes data protection laws across all 28 EU countries and imposes rules on controlling and processing personally identifiable information (PII). Under GDPR, the definition of personal data was extended to include pseudonymous data, like online identifiers, IP addresses, and mobile device IDs. This requires companies to gain (or regain) approval from European customers to collect, use or share their data for advertising purposes. Who are data subjects? Individuals located in the EU whose personal data is collected and processed by companies or other entities. Anyone located in the EU who shares personal data online, including data shared through cookies and advertising IDs. Who are controllers? Companies or other entities who collect information from users and decide how to process or use that data. Publishers and website owners are common controllers. As the data source, controllers shoulder the burden for ensuring GDPR compliance. Who are processors? Companies or other entities that process personal data on behalf of a controller. Goodway Group is a processor of first- and third-party data for advertisers. At Goodway, we only process pseudonymous data. Who Does This Impact?

  • Companies located within the EU
  • Companies that provide goods or services to consumers within the EU
  • Companies that monitor consumers or their behaviors in the EU

Protecting Yourself – What To Consider?

Review Your Data Processes With Legal Counsel

If your company has any EU connection, review how you acquire, store and share customer data with your legal counsel. They will help ensure your website, as well as any other digital extension of your business, collects and uses that data in a GDPR-approved manner.

Leverage an IAB-Europe-Approved CMP

Communicating the GDPR with consumers and obtaining their consent are key. Use an IAB-Europe-approved Consent Management Platform (CMP) to apply a value exchange that’s GDPR-compliant and entices site visitors to share their information.

Evaluate Your Current Campaigns

Do a thorough assessment of the targeting and tracking methods you use on any current EU-focused display or SEM campaigns. Don’t forget to also check your seasonal campaigns scheduled to run later in the year. How Does Goodway Ensure GDPR Compliance?

Focus On Our Operations

In response to the GDPR, we assembled a task force to update our operations and policies to meet new data protection requirements. We are also in the process of adapting the IAB Europe’s GDPR Transparency & Consent Framework, and we are registered on the Global Vendor List.

Partner With the Best

We only work with GDPR-friendly partners, including The Trade Desk and Google. We maintain high standards for our partners to both safeguard your campaigns and make the process of legally collecting and using your customer information easier.

Limit Exposure

We require all advertisers targeting the EU to confirm consumer consent was achieved in alignment with GDPR compliance and to post privacy policies meeting GDPR requirements. Our partners will not accept or keep any EU-targeted data points that do not include the consumer’s consent, protecting both Goodway Group and our advertisers. We also restrict tracking on EU campaigns until you confirm and accept liability for GDPR compliance. Now that you know what the GDPR is, you can start assessing your campaigns and adjusting your EU strategy for the future. And continue to keep on top of what’s happening in ad tech by subscribing to our blog today.