GDPR stands for General Data Protection Regulation. It regulates how vendors (companies) can access, process and share personal data of users. Therefore we must ask users for their consent.
Important: Please not that we can not give legal advise; legal aspect of these FAQs may change over time and new restriction may come into place. Therefore you should always contact your lawyer for any legal advise!
The General Data Protection Regulation (GDPR), is a regulation in the EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.
In connection with the GDPR is the ePrivacy Directive. The ePrivacy Directive will help regulate the handling of personal data, in particular for electronic communications. The guideline has not yet been finalised and therefore can still be changed.
GDPR became "active" on the 25th of May 2018 in the European Economic Area (EEA), meaning every company that is based in this area, which deals with EU citizens data, needs to comply with these rules as well as companies outside of the EEA dealing with customers from that particular area.
Personal data is any information that has a direct or indirect reference to a person and that enables identification of the person concerned. Examples of direct personal data include name, address, telephone number, email address etc. All other data such as age, gender, hair colour are also considered to be of personal data.
Personal data requires a separate protection. Users needs to clearly give their consent before their data is processed, stored or shared. Unless a contract or legitimate interest make it necessary.
For online advertising, GDPR has meant:
1. The setting of cookies is no longer possible without consent. The tracking of actions based on cookies is no longer possible, unless the user has given their consent to do so.
2. The storage of personal data is no longer possible without consent. In the context of online marketing, this particularly concerns the IP address of visitors.
3. The transfer of personal data requires consent. As for example OpenRTB or in the form of placeholders, data from visitors such as their IP addresses can no longer be passed on.
If you are a publisher/website owner, advertiser etc. Where personal data is being processed you will need to ensure that visitors give their consent in order for you to store their data.
If you are unsure if your company needs a CMP or not, please get in touch with us - we will help you find the right solution for your company!