The GDPR lays out specific requirements for businesses and organizations who are established in Europe or who serve users in Europe. It:
Individuals, organisations, and companies that are either 'controllers' or 'processors' of personal data will be covered by the GDPR.
Normally the website owner and the publisher. But as an agency, you might have a responsibility to your clients to make their websites GDPR compliant.
Google hit with £44m GDPR fine over ads - BBC News
Google fined £44m for breaching EU privacy laws - The Independent
Bounty UK fined £400,000 for sharing personal data unlawfully - ICO UK
"Facebook recently transferred 1.5 billion of its international users from the jurisdiction of its European headquarters, in Ireland, to that of its US headquarters, with some speculating this was to avoid costly legal action resulting from breaches of the EU's General Data Protection Regulation (GDPR)." - BBC
To be fully compliant with the GDPR law, a website has to fulfil three requirements:
It must obtain consent to use those cookies. In most cases, consent can be implied, but sometimes it must be explicit.
Cookie compliance for GDPR is provided by UniConsent CMP cookie discovery feature, always keeping your website in check, even if you add or remove cookies as your business grows.
There are two types of online advertising: contextual targeting, which doesn’t require personal data and personalised targeting, which requires and is based on personal data collection from users.
GDPR will not just have an impact on how marketers can collect data but how they use it to create personalised and targeted online advertising.
Some think online targeting advertising will shift away from the use of personal data almost entirely as a result of GDPR.
Using UniConsent CMP, marketers are able to collect consent from users about how to use personal data
UniConsent CMP integrates with common ad servers like Google Doubleclick for Publishers and header bidding technologies.
Publishers are able to keep their website GDPR compliance by providing users with the choices about if serving personalised ads and collecting personal data automatically.
Marketers cannot send emails without an unambiguous consent given by your users.
Marketers must define the purpose for collecting the data and then ask the users to opt-in (given by choice) for each segment of the service you wish to offer an opt-out which should be mandatory.
In order to enable your compliance with the GDPR, your hosting provider should include specific measures such as:
AWS gives the best set of tools to become compliant.
"Today, I’m very pleased to announce that AWS services comply with the General Data Protection Regulation (GDPR). This means that, in addition to benefiting from all of the measures that AWS already takes to maintain services security, customers can deploy AWS services as a key part of their GDPR compliance plans." - AWS
This means moving or migrate your website onto AWS can be a key part of your GDPR compliance plan.
Looking for migrating your website to AWS? Check Managed Cloud and servers service.
The common issues about GDPR Consent implementation are:
GDPR affects advanced Ads users who are running campaigns targeting EEA countries.
UniConsent is certified by IAB EU with CMP #68.
It is built based on IAB Europe Transparency & Consent Framework.
Google DFP is used by major online digital publishers, but Google has not joined IAB Europe Transparency & Consent Framework.
Google EU user consent policy is not supported by most of IAB CMP.
UniConsent CMP provides the features to disclose Google vendors and opt-in/opt-out Google personalised ads based on Google EU user consent policy for Ad Manager and Ad Exchange.
UniConsent has the feature to make GDPR compliance easy.
A publisher is able to block all cookies based on consent given by the user.
A publisher is able to see the analytics about consent rate, the whole process of consent from users.
A publisher is able to display the information about all the cookies on the website to users.
|Features||UniConsent CMP||Other Free CMP||Other Paid CMP|
|First Party Data Collection Consent|
|Programmatic 1st Layer UI|
|IAB Europe Transparency & Consent Framework v1|
|IAB Europe Transparency & Consent Framework v2|
|U.S. CCPA California Consumer Privacy Act|
|Custom IAB TCF Vendors List|
|Cookies Scanning and Disclosing|
|On demand Cookies Scanning|
|Scheduling Cookies Scanning|
|Multiple URLs Cookies Scanning|
|Cookies Pause ™ and Automated Compliance|
|Realtime Consent Analytics and Insight|
|Manage Multiple Websites in One Account|
|Consent History and Logs|
|Customisable Multiple Stages CMP UI|
|Multiple Languages Support|
|Build-in Tag Manager and Loader|
|Google Tag Manager Integration|
|Consent Analytics and Insight|
|Google DFP (GAM) Support|
|Programmatic Header Bidding Support|
|Custom Data Purpose|
|Minimum Performance Impact|
|Content Security Policy (SRI, CSP)|
|Google Consent Mode|
EU Privacy Campaign Group filed a batch of warnings to websites with non-compliant cookie banners
Spain: Spanish DPA AEPD issues several fines for GDPR violations during June and July 2022
Czech Republic: the half year cookie compliance monitoring report from Czech DPA
TikTok: EU DPAs warn TikTok following announcement on the legal basis for targeted advertising
UK GDPR: UK may remove the need for cookie banner pop-ups for low risk activities
IAB Tech Lab released Global Privacy Platform (GPP) specifications