GDPR is right around the corner! This policy will take into effect on May 25th, 2018, and will impact all EU traffic (even on US-based sites). The following list lays out the necessary steps that publishers should be taking in order to prepare:
1. Evaluate the significance of your EU traffic: If this makes up a meaningful portion of your revenue, please continue with the following steps. If your EU traffic is relatively small, then you may decide not to invest in a consent management solution. But please keep in mind, if you do not comply with GDPR, then Sharethrough (and many other ad tech partners) will not be able to monetize any of your EU traffic.
2. Determine your lawful basis: Review the Lawful Basis for Processing, and determine which option you align with. There are six options for publishers, but two of them are relevant: consent & legitimate interest.
3. Reach out to your vendors: Create a list of all your vendors and reach out to them to understand how they align with the new legislation, and which lawful basis they have chosen.
5. Right of access: Make sure you have a process in place to respond to data requests, as all users will have the right to request access to their information.
6. Partner with a Consent Management Platform or build your own solution: A list of all registered CMPs can be found HERE. For publishers that prefer to build this themselves, the IAB-approved GDPR Transparency and Consent Framework spec can be found HERE.
March 26th, 2018: Sharethrough's GDPR Webinar (register HERE to watch the recording)
April 2nd-13th, 2018: Sharethrough MSA addenda sent to existing publisher clients
May 15th, 2018: Sharethrough signed addendum due date
May 25th, 2018: GDPR takes effect, Sharethrough monetization ceases for impressions from EU users who do not provide consent
For more info and FAQs on preparing for GDPR, check out our other article here.