The EU General Data Protection Regulation (GDPR) is a comprehensive privacy regulation that replaced the Data Protection Directive 95/46/EC, effective as of May 25, 2018. The European Union approved the GDPR with the goals of strengthening and harmonizing data protection regulation for individuals across the EU and strengthening the digital economy in the EU. The GDPR is directly applicable to member states without the need for implementing national legislation.
The GDPR generally applies to any business, whether or not it is based in the EU, that processes the personal data of EU residents. The GDPR applies to these businesses even if the goods or services that they offer are free.
What is the primary objective of GDPR?
One of the primary objectives of the EU Commission was to give EU residents control of their personal data. In addition, the Commission wanted to simplify the regulatory environment for international business by unifying the regulation within the EU. By harmonising the data protection regulations, the intention of the GDPR is to make it easier for companies to comply with these regulations.
Who is governed by GDPR?
The GDPR applies to most businesses that process the personal data of EU residents, whether or not those businesses are based in the EU. The GDPR applies to these businesses even if the goods or services that they offer are free. If you have data from EU residents, GDPR likely applies to you. Speak to your legal counsel if you have questions on how your business is affected.
What happens if you don’t comply?
Entities that do not comply with GDPR requirements may be fined up to €20mm or 4% of their worldwide revenue, whichever is greater. You may also be subject to lawsuits by affected data subjects.
What happens to my display advertising, website analytics tools, etc?
GDPR requires unambiguous, affirmative consent prior to setting cookies. This is a more robust standard for consent than has been applicable in the past. Current cookie banner implementations will no longer be good enough because they generally lack sufficient transparency, permit cookies to be set prior to obtaining consent, and do not obtain affirmative consent from the consumer. Therefore, you, or any vendor you work with (advertising, website analytics, etc.) that relies on cookie data from EU residents will need to have a consent management solution in place to continue business with minimal impact. In short: If you want to continue using targeting and analytics services that rely on cookie data, you must have a consent management mechanism in place.
How do I implement the IAB Europe’s Open Transparency & Consent Framework?
Choose a Consent Management Provider (CMP) that supports the Framework. For example, Quantcast Choice is free and offers a consumer friendly experience with a customizable UX, user