The following list lays out the necessary steps that publishers should be taking in order to comply with GDPR:
1. Evaluate the significance of your EU traffic: If this makes up a meaningful portion of your revenue, please continue with the following steps. If your EU traffic is relatively small, then you may decide not to invest in a consent management solution. But please keep in mind, if you do not comply with GDPR, then Sharethrough (and many other ad tech partners) will not be able to monetize any of your EU traffic.
2. Determine your lawful basis: Review the Lawful Basis for Processing, and determine which option you align with. There are six options for publishers, but two of them are relevant: consent & legitimate interest.
3. Reach out to your vendors: Create a list of all your vendors and reach out to them to understand how they align with the new legislation, and which lawful basis they have chosen.
5. Right of access: Make sure you have a process in place to respond to data requests, as all users will have the right to request access to their information.
6. Partner with a Consent Management Platform or build your own solution: A list of all registered CMPs can be found HERE. For publishers that prefer to build this themselves, the IAB-approved GDPR Transparency and Consent Framework spec can be found HERE.