Why become GDPR compliant?
On the 25th May, 2018, General Data Protection Regulation (GDPR) was enforced. This is the most important data regulation change in Europe over the last decade. It reshapes the way in which data is being processed and handled all over Europe and elsewhere. It means all companies collecting or processing data from EU users have to be GDPR-compliant.
What is being GDPR-compliant?
Companies can process EU data all while being GDPR-compliant if they do it on legal-basis or if users consented to their data being processed by this company for specific purposes.
All data collection processed from end-users for marketing purposes have to be consented. The consent must be given for each purpose and each partner getting access to the data.
IAB Europe introduced five different purposes:
- Information storage and access
- Ad selection, delivery, reporting
- Content selection, delivery, reporting
One was recently added by the French regulator (CNIL):
- Location-based advertising
What is GDPR-compliant user consent?
Every company must be able to prove that users were given a clear consent notice, unambiguous, informed, and unbundled. The message displayed has to be easy to understand to anyone. Users have to give consent freely and have the right to withdraw anytime. Withdrawing consent must be as easy as giving consent. Also, users can give consent to any or none of the purposes for which data is being collected. If they don't want to share any data with the service, application, website requesting access to their personal data they must be able to use this service without any degrade of experience.