Skip to main content
Following years of planning, it has finally come to this: just over 200 days to prepare and ensure your organisation is ready for the General Data Protection Regulation (GDPR).
Coming into effect on 25 May 2018, the new regulation will force all organisations to make significant changes to how they collect, process and store consumer data. Given the industry’s reliance on data, and the overwhelming fines for breaches, compliance is the only option for any company offering goods or services to EU consumers.
Despite this, the GDPR shouldn’t be regarded as another onerous chore. Rather than aiming for the minimum level of compliance, aim for the gold standard and use the process as an opportunity to get closer to your consumers.
So, with just six months left to go, what can and should advertisers be doing to ensure they don’t fall foul of the new rules.
Last week, over 90 members packed into ISBA HQ to hear how global organisations such as Google, GroupM, AppNexus and PwC are working towards compliance, both internally and with their clients. We also heard from James Snook, Deputy Director, Data Protection Policy at DCMS, plus while Harpreet Thandi of Ferrero and Jonny Maitipe of Nationwide provided insights from an advertisers perspective.
Insights and Actions from the Event:
Make use of available tools:
There are a number of tools available online to help organisations prepare and ensure their data is adequately protected.
Ensure your contracts are GDPR ready:
ISBA will be re-launching our Creative Services Contract later this year. The updated versions will be amended to include new clauses related to the GDPR and will ensure all relevant services are fully compliant. For more information on this or any aspect of your contracts, please contact Debbie Morrison.
Google has also planned to roll out new contracts relating to GDPR, making their terms consistent across products.
Questions to ask your vendor:
The role of technology cannot be underestimated and the tools you select will play a crucial role in determining whether you remain compliant or risk breaching the rules. With that in mind, six key questions were outlined at the event at all brands should be asking of their technology vendors:
Stay on top of Profiling Issues:
On the issue of profiling, members can keep track of developments by tracking the opinions of the EU Article 29 Data Protection Working Party.
Review the Data Protection Bill:
During his keynote, James Snook, Deputy Director, Data Protection Policy, DCMS, discussed the Data Protection Bill, which confirms a new legal framework for GDPR to ensure that we are aligned with the Regulation in the UK. Further information about the DPB can be found here, however, if you have any specific questions regarding the bill that you would like to raise directly with Mr Snook and the DCMS, please contact me.
ISBA will be following up with a further GDPR event (February 2018, details TBC), by which time Google will have provided more GDPR tools and Google will have rolled out new contracts relating to GDPR. The ICO should, by then, have published GDPR Guidance on Accountability and Consent.
For more information on any of the above, please contact me.
Marketing Services Manager, ISBA
Additional resources on the GDPR can be found here.
Other areas of interest raised during ISBAs GDPR event include:
The full suite of Google’s Privacy tools for both business and consumers:
View AppNexus' presentations slides here.