In a WARC Best Practice paper, How publishers can get ready for GDPR, Adrian Newby, chief technology officer at Crownpeak, observes that while GDPR compliance may seem like a daunting task, it should be seen as an opening for publishers to collect high-quality consumer data that should in turn generate higher-quality marketing.
“At a time when online publishing has been damaged by allegations of fake news and data misuse, greater transparency should restore consumer trust and go a long way to solving the online publishing industry’s data supply problems around consumer use of ad blocking, incognito browsing and VPNs – all of which hamper publisher revenue,” he says.
Newby proposes eight steps that publishers can take now to ensure they are ready for the May implementation of the regulation, starting by embedding GDPR into company culture and instigating a privacy-by-design approach.
Publishers also need to understand their own role in the ecosystem – data controller or data processor. Most are likely to be the former but they have a responsibility to ensure their contracts with third-party data processors comply with GDPR.
One aspect of GDPR is that personal data only be gathered for stated purposes and not subsequently repurposed without further consent, so publishers should review what data they are collecting and only collect that which is required to fulfil business needs.
Perhaps the most complex task they face is taking control of the digital supply chain, where numerous intermediaries and technologies may be operating on a single website.
Getting to grips with this issue is essential to ensure third party compliance but may also have the added bonus of starting a disintermediation process that can save money and improve site performance.
Once they understand what personal data they and their third party providers handle, publishers must decide whether they have a lawful basis for processing that data.
Implied consent is no longer sufficient, and publishers will need consent requests that are unambiguous, freely-given, clear and concise, separate from other terms and conditions.
They also have to consider new user rights, including accessing, correcting and deleting their data, and maintain appropriate records of all data processing activities.
Sourced from WARC