What does the GDPR mean for the digital advertising industry?

Programmatic advertising uses numerous sources of data and its success lies in being able to take that data and use it intelligently to deliver relevant, personalised ads to a brand’s target audience. In turn, the advertising budgets those brands spend directly supplement the free content and services that individuals learn from, enjoy and use to connect with one another online. With just a few weeks to go until the GDPR is enforced, many businesses still don’t have enough knowledge about how the new regulation will affect them and what action they should take as a result.

There is still much uncertainty about the way the GDPR will be interpreted by regulators, and there are also areas of the law that some consider ambiguous. At Sizmek, we’re discovering that many businesses have failed to prepare adequately for the law as it will be enforced. What will this mean for agencies, brands and advertisers, and what do they need to do as a result?

The opportunities of GDPR

There has been much scaremongering regarding the GDPR, with many industry voices saying it could result in targeted ads being removed and hinder the function of programmatic advertising altogether. However, brands and advertisers shouldn’t see the GDPR as a threat to the industry, but as an opportunity instead. The GDPR provides consumers, publishers and ad tech companies with transparency and control over what’s happening on websites and apps where people access free information and services that are usually supported by advertising.

As an industry, we are seeing calls to provide more transparency and clarity over where ads are being placed and why. In fact, most recently, Unilever threatened to pull advertising spend with tech giants in walled garden ecosystems. In a speech at the IAB’s Annual Leadership Meeting, the organisation’s CMO Keith Weed said the business “does not want to advertise on platforms which do not make a positive contribution to society”. What the GDPR delivers is an effective way to understand how data is used to deliver ads that support free content. With this understanding and transparency comes more control over what data can be provided or exchanged for free content.

The GDPR also presents significant financial implications for those who have not taken appropriate steps towards compliance. Penalties of up to 20 million euros or 2% of turnover have been reported widely in the media. But the brands that demonstrate compliance with the GDPR could also enhance their reputation as a result, by providing their consumers with more confidence in their ability to handle data and provide accountability.

Preparing for May 25

By May 25, many companies will not have made the necessary preparations or taken the right precautions in order to be ready for the GDPR. This will require detailed understanding of the requirements as well as the right resources and expertise, and the deadline is creeping up fast.

However, there are some simple points that brands and advertisers should follow to ensure they are taking the appropriate steps to fall in line with the regulation. Here is the GDPR Essentials Checklist:

  1. Document your lawful basis for processing personal data.
  2. Determine if you’re a data controller or data processor.
  3. Have a process for responding to subject rights requests
  4. Appoint a data protection officer
  5. Make sure privacy by design is built in to your systems, and that you’ve documented your work

The future of advertising under the GDPR

GDPR will ultimately provide more control and accountability for everyone, moving us to a world in which advertising is more transparent. In this new era marketers should take care to work with partners who have addressed regulatory compliance when it comes to the data they use for advertising campaigns. If they don’t, brands could not only face significant fines, but may even see a negative impact on their reputations, too.

The new regulations will form part of the industry’s move to a more open and transparent sector. This can only be a good thing for the businesses operating within it and the consumers who want to continue enjoying or sharing great content.


By Ari Levenfeld, Chief Privacy Officer, Sizmek

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/