It’s been over a month since the GDPR came into force, and yet, the practical implementation of the law in ad tech companies (and beyond) still raises a lot of questions. While these are likely to be answered as the common practice continues to be established, we gathered some points to analyze what a post-GDPR mobile advertising world looks like. And although the list keeps growing, here’s our take on some of the most important observations:
1. Understanding of Roles and Relationships Under GDPR
Different companies in the market have a different understanding of their roles and relationships with their contractors under the GDPR, i.e., Controller, Processor, Joint Controllers and so on. While the GDPR pre-defines a role based on whether the company provides the legal basis of data processing, different market players and their lawyers have a different vision on what the data flow is to be like. This causes a lot of insecurity during the negotiations of data processing agreements.
What this means: It is likely that ad tech and online marketing organizations will provide some industry standards, which will simplify the contract signing in the future.
2. Internal Changes and Innovations
As companies transform their processes to be GDPR-compliant, it also helps them to clear up and structure some other internal processes inside their organization besides the GDPR itself. The GDPR forces companies to take a deeper look into the workflow of all their departments, which touch the Personal Identifiable Information. This can lead to unexpected findings and can be a trigger for many internal changes and innovations. The main outcome of such compliance processes is the rising awareness of how to handle the data more securely. With the GDPR in force, ad tech companies together with other types of companies, are developing new ethics on how to treat their data.
What this means: 25th of May was not the end of the journey but only the beginning of it. It is likely that the renewed data policies are going to be embedded into the DNA of the companies from now on.
3. Less is More
Collecting data without a sufficient legal basis for processing is not an option anymore, which means that companies are paying more attention to each customer and their rights. For instance, asking for consent for sending a newsletter can lead to losing a part of your audience, but can also motivate companies to be more selective about acquiring an audience.
What this means: “Less is more” can be the new principle of processing large-scale data for online marketing purposes.
4. Unified Standards
IAB and other associations could start playing an important role in setting up unified standards for affected companies on how to bring the GDPR to life. While the text of the law still remains rather restrained, the loopholes can be explained and elaborated by industry standards supported by market players.
What this means: Besides the likelihood for an industry standard, companies have started to look into the topic of insurance against GDPR-related claims, which is bound to become a new big topic soon.
Many changes in the post-GDPR world, however, are still only expected to happen after the first massive legal claims and authority audits. For now, companies will keep being creative in how they adapt their routines to the requirements of the new law.
Readers, what are your observations on how the industry is changing post GDPR? Let us know!
Subscribe to our monthly newsletter and stay on top of the latest industry news!