GDPR Compliance

The GDPR comes into effect on May 25th, 2018.

This page is for informational purposes only. We strongly encourage you to seek independent legal counsel to understand how your organization needs to comply with the GDPR.

What is the GDPR?

The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law on data protection and privacy for all individuals within the EU. The GDPR primarily aims to give control to EU citizens and residents over their personal data and how it is processed.

Who does the GDPR apply to?

The GDPR applies to any organization that processes the personal data of EU data subjects, regardless of whether the organization has a presence in the EU or whether the processing is conducted within the EU.

It is likely that the GDPR affects your organization if you: collect, store, manage, or analyze personal data of any type, including email addresses.

What are the key aspects of GDPR?

As disclaimed at the top, we suggest you perform your own research and get legal advice on how the GDPR will affect your business, however below are key points to consider:

FAIR AND TRANSPARENT PROCESSING

When data is collected, it must be clear as to what is being collected and the purpose for collection and processing.

RESTRICTION TO THE INTENDED PURPOSE

Data should only be used for the intended purpose, it should not be collected and stored for future possible use. Only the data needed to fulfil the intended purpose should be collected and processed.

LIMITS ON STORAGE OF PERSONAL DATA

Ensure data is stored only as long as is required, without unnecessary replication, and with appropriate controls and restrictions in place.

ACCOUNTABILITY

Organizations must be able to demonstrate to the governing bodies that they have taken the necessary steps appropriate for the risk their data subjects face. To ensure compliance, organizations must ensure that every step within the GDPR strategy is auditable and can be compiled quickly and efficiently.


Please note: As an AdButler subscriber who potentially represents multiple publishers, it is your responsibility to ensure compliance and consent with all involved businesses. We will provide the option of disabling targeting and frequency capping for individual publishers should they choose to become GDPR compliant.

Managing Consent

The GDPR requires that you use commercially reasonable efforts to disclose clearly, and obtain consent to, any data collection, sharing and usage that takes place on any site and/or app. For the purpose of serving advertisements through AdButler, we require IP address as the only personally identifiable information, so your consent must be appropriate to the data and the purpose for which it’s collected.

AdButler does not track or segment users, and IP addresses are anonymized upon processing, leaving no personally identifiable information available. The risk to the data owner is minimal, and a clear and transparent disclosure in your privacy statement should be appropriate for the data considered.

We will provide details on this page for AdButler specific tools to customize ad serving within the EU when they become available.

What AdButler is Doing to Prepare

AdButler has been incorporating “privacy by design” since our inception, which has made our preparation to be GDPR compliant relatively painless. With GDPR taking effect on May 25, 2018, we want to assure you that we will be fully compliant with the regulation.

As part of our “privacy by design” principle, and as mandated by the GDPR, we will continue to process very minimal data that we collect (on your behalf) and only process in order to select, display, and report on your advertisements.

With respect to personal data, your user’s IP address is the only personal data we process on your behalf. We process this data along with several non-personal data to provide our ad serving, reporting, and anti-fraud services.

To better facilitate this compliance, we will be implementing both product and non-product- related updates before the GDPR commences. Not only will these updates ensure our compliance, but they will also make it easier for all of our customers to comply. Below is the list of relevant updates we will be making:

PRODUCT UPDATES

  • Update reporting process to anonymize IP addresses (complete)
  • Update frequency capping to ensure compliance with cookie regulations (complete)
  • Add account and publisher settings to track GDPR compliance and DPA records (complete)
  • Implement geolocation flags for EU serving rules (complete)

NON-PRODUCT UPDATES

  • Prepare GDPR Data Processing Addendum (DPA) (complete)
  • Send out DPAs to all customers serving in the EU (complete)
  • Update privacy policy to reflect GDPR changes (complete)
  • Add GDPR related content to the help docs (in progress)