Adtech and GDPR What to consider when choosing your partner

Similar documents
Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

GDPR compliance: some basics & practical to do list

Knowing and Implementing the GDPR Part 3

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

EU General Data Protection Regulation (GDPR) Achieving compliance

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

Data Processing Clauses

Accelerate GDPR compliance with the Microsoft Cloud

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

Google Cloud & the General Data Protection Regulation (GDPR)

Data Protection Policy

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

The GDPR Are you ready?

NHS R&D Forum Privacy Policy: FINAL v0.1 May 25 th 2018

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

Our agenda. The basics

GDPR and digital advertising: Strategies and best practices for implementing GDPR compliance

PS Mailing Services Ltd Data Protection Policy May 2018

April 2018 Page 1 of 14

Privacy Policy of

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

General Data Protection Regulation (GDPR) NEW RULES

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

GDPR Compliance. Clauses

General Data Protection Regulation (GDPR)

Data Processing Agreement DPA

DATA PROTECTION BY DESIGN

GDPR: A QUICK OVERVIEW

THE GDPR PCLOUD'S ROAD TO FULL COMPLIANCE

Magento GDPR Frequently Asked Questions

Proposal for a model to address the General Data Protection Regulation (GDPR)

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

GENERAL DATA PROTECTION REGULATION (GDPR) CLIENT INFORMATION GENERAL DATA PROTECTION REGULATION CLIENT INFORMATION

GDPR- the new General Data Protection Regulations. Staff PDM- 2 nd May 2018

DATA PROCESSING TERMS

Our Data Protection Officer is Andrew Garrett, Operations Manager

How will GDPR legislation affect B2C digital marketing?

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Legal basis of processing. Place MODE AND PLACE OF PROCESSING THE DATA

IAB Europe Guidance CONTROLLER-PROCESSOR CRITERIA. IAB Europe GDPR Implementation Working Group. Version July Working Paper 05/2018

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria

PRIVACY POLICY OF THE WEB SITE

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Data Management and Security in the GDPR Era

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

A GDPR-ready call center software like Freshcaller will help you adhere to the following GDPR requirements:

Forms. GDPR for Zoho Forms

GDPR: A GUIDE TO READINESS

GDPR - Are you ready?

Privacy Policy and GDPR Compliance

NOTICE OF PERSONAL DATA PROCESSING

WEBSITE PRIVACY POLICY

IEEE GDPR Implementation & NTC

Data Processing Agreement

General Data Protection Regulation (GDPR) FAQ

PRIVACY NOTICE STORM RECRUITMENT UNIT 11, 2 ND FLOOR CHARLESLAND CENTRE, GREYSTONES, CO. WICKLOW 1. INTRODUCTION

How the GDPR will impact your software delivery processes

Whitepaper on EU Data Protection October 2014

POLICY. Art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

PROJECT BACKGROUND AND RATIONALE

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Emergency Compliance DG Special Case DAMA INDIANA

Introduction to the Personal Data (Privacy) Ordinance

Preparing for the GDPR

GDPR & FOSS. Marc Jones CIPP/US, CISSP Compliance Engineer & In-House Counsel

ANGAZA PRIVACY POLICY. Last Modified: May/24/2018

DLB Privacy Policy. Why we require your information

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

1. Type of personal data that we collect and process?

General Data Protection Regulation (GDPR) Key Facts & FAQ s

Data Processing Agreement

Demonstrating data privacy for GDPR and beyond

INCLUDE-ED PRIVACY POLICY

Website Privacy Policy

Fluid Metering, Inc. Privacy Policy

EU-US PRIVACY SHIELD POLICY (Updated April 11, 2018)

FAQ about the General Data Protection Regulation (GDPR)

Privacy Notice and Consent Form

Understand & Prepare for EU GDPR Requirements

Creative Funding Solutions Limited Data Protection Policy

SURGICAL REVIEW CORPORATION Privacy Policy

Requirements for a Managed System

Privacy Policy. For purposes of this Agreement, Site refers to the Company s website, which can be accessed at

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

Privacy and Data Protection Draft Personal Data Protection Bill 2018: A Summary. For Private Circulation Only August 2018.

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan

Transcription:

Adtech and GDPR What to consider when choosing your partner 1

Agenda What to avoid and What to do Where is Adform on GDPR Posibilities for advertisers 2

This is about GDPR, not the unknown eprivacy update GDPR GDPR has been passed and is actually in effect. Only enforcement waits to May 2018 Most of GDPR is relatively clear except for how EU courts will interpret certain parts Online marketing is fine under GDPR without consent eprivacy Consent for online marketing can change with the new eprivacy regulation Still undecided and the outcome completely unpredictable Will be looked at by the parliament in late October and negotiated the following months The final result should not be expected before mid 2018 Implementation unlikely before 2019 especially if it has major implications 3

Data processor what it means Data Processing Data Processor Any activities Personal Data is subjected to Any 3 rd party which processes personal data on behalf of the controller Data Controller The entity originally controlling the data Controllers bear primary responsibility for ensuring that processing activities are compliant with EU data protection law. - Ensure compliance, appropriate technical and organisational measures of Processors - By default to process only the minimum amount of personal data necessary The controller must be able to demonstrate, compliance with the Data Protection Principles. Rec.85; Art.5(2) 5

Actions - What to do and not to do 11

Our advice on what to avoid first Having datasets in shapes or ways which look bad if breached Non-compliant Privacy Policies, Consent forms and Opt-out Passing it to anyone in ways that would look bad if breached Not being able to answer requests from clients and consumers Passing safe data (pseudonymous) to partners holding directly identifiable information IT temporarily blocking your Adtech and Martech tools in May 12

Your first actions should include Read and understand summaries of GDPR Document all Personal Data, Processing and Processors Change your data, habits and providers accordingly Limit the use of non-iso certified, non-eu hosted and PII based platforms Safeguard consumers can act on the Right to be Forgotten Create Breach and Consumer Request Processes Check own properties for violation. Update Policies and consent boxes 13

A DMP reduce complexity and risk All data collected and profiled in a single place - Right-to-be-forgotten in a single place - Consumer Rectification right and insight in a single place - Data Portability in a single place - Tracks of where data is passed in a single place Pass only IDs to external platforms instead of raw personal data Audit only a single provider on all of the above Full-stack use of DSP, DMP, Ad-serving, DCO, Attribution, etc. minimize the risk and GDPR burden of sharing personal data - Allows contractual and legal ownership of all systems used 14

Adform s GDPR Readiness 15

Adform is legally equipped to be a Processor of personal data Adform is ready for GDPR Our unique positioning reduce compliance concerns for our clients Adform fulfills the GDPR Processor requirements Adform is ISO 27001 certified thus secure and able to be handle personal data according to regulations for such All EU consumer data is kept within the EU Uniquely, Adform does not store or touch any PII Unlike most competitors, we do not store PII: Combination of tracking activities with PII storage could lead to Opt-in requirements, and thus major impediments in digital advertising Adform is only a processor of pseudonymised personal data leading to limited risks for clients, reduced requirements and a true Privacy-by-Design set-up All EU data subjects served and processed only in EU Our three Danish datacenters serve and store all EU data No data is sent to 3 rd parties or out of the EU

Adform has been operating as a data processor for 5 years Large German Finance and Telco clients has viewed access to IP addresses as PII and enforced strict requirements on Adform Thus we were 95% ready for GDPR but have spent 1½ years understanding and documenting it Our current focus is on in-depth client workshops and guidance Constantly improving our GDPR readiness pack and checklist 17

Adform is GDPR ready Key GDPR requirements Privacy By Design Fully avoiding sensitive data and subjects Encrypt data whenever required Privacy Impact Assessments Designed to be a Data Processor ADVs /DPAs ISO 27001 Certification Overview of all Company PII Breach Notification to Authorities Right To Be Forgotten Data Portability Feature Designated Data Protection Officer Adform readiness 18

Supporting rights to insight, rectification and portability me.adform.com offers data subjects to receive the personal data that they have provided to a controller Data is provided in a structured, commonly used and machine-readable format Purpose is to empower the data subject and give him more control over the personal data concerning him 20

Possibilities for advertisers 21

Benefits and posibilities for businesses in GDPR Allowing European businesses to expand across borders - No need to to notify other national data protection authorities about the data they are processing Cutting costs - Eliminate the need to consult with local lawyers to ensure local compliance the franchised shops A level playing field for European and non-european companies - Any company, regardless of whether it is established in the EU or not, will have to apply EU data protection law should they wish to offer their services in the EU Benefits for individuals, benefits for businesses - Data portability promotes competition and encourages new businesses in the marketplace 22

Full-stack benefits: Forrester Key Findings Benefits of Adform s integrated marketing platform that enables customers to consolidate and internally manage activities for digital advertising: 10% increase in return on ad spending Reduced search advertising -10% Reduced cost vendor governance -10% ROI 126% 23

Jan.Danielsen@Adform.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback