5 Reasons Why All Publishers Need To Take GDPR Seriously

on Sharethrough News, The Future Of Publishing

On March 26, we’re hosting our GDPR for Publishers webinar, to help publishers across the world get a handle on how they will be impacted by the EU’s new General Data Protection Regulations, a new set of ePrivacy rules that come into effect in May.

Here’s five reasons why this should be top of mind for any publisher (and why you should sign up for our webinar!).

This affects every publisher, not just EU-based ones

While GDPR rules directly impact publishers across the UK and EU, the rules clearly stipulate that any organization controlling or processing data about individuals while in the context of selling goods to citizens in the EU, whether on not they’re based there, has to follow the rules.

Put in to plain English: international publishers with even one EU visitor have to follow the same rules.

It covers a wide amount of data and puts a range of new conditions in place

GDPR data regulations cover everything from personally identifiable information, any online identifiers (IP address, location, cookies and RFID tags), to automated data fields, anonymized data and any sensitive personal data.

Under these new rules companies must follow a series of steps:

  1. Use decipherable terms and make consent as easy to withdraw as it is to give.
  2. Notify affected parties of any data breach in 72 hours.
  3. Give consumers the right to access their personal data.
  4. Comply with any request to erase irrelevant consumer data and cease its dissemination.
  5. Allow consumers to obtain and reuse their data.
  6. Publishers should build data protections when they design an IT system
  7. Publishers with more than 250 employees are obligated to designate a data protection officer.

Got all that? Maybe not. It’s a lot to take in.

The complicated flows of information in the ad-tech ecosystem will make compliance even harder

Take a look at this diagram and you’ll see that compliance isn’t exactly a straight line.


Certain tech can only be fired up at the right time, after consent is given. Consent information needs to be shared with SSPs. There’s a run of bureaucratic dominoes that need to be set correctly to make sure this doesn’t fall in on itself.

GDPR affects vendors (like Sharethrough), as well as publishers

Some vendors and publishers may be considered as processors of data and other's may be considered as controllers of data. At Sharethrough, We’ve added additional terms to our publisher and DSP contracts and put new systems in place to make sure consent info is passed along from publishers to DSPs and data management platforms. We’ve worked to ensure that only information that has been consented to be shared will be shared and that publishers who are integrated with SFP pass consent information along with the impression request.

The penalty for non-compliance is considerable

If a company is found to be non-compliant, they can be fined up to 20 million euros, or 4 percent of their global turnover, whichever figure is greater. No joke.

Sign up for our webinar here!