How GDPR Will Impact Your Programmatic Process

General Data Protection Regulation (GDPR) padlock on european union flag

The General Data Protection Regulation (GDPR) has been years in the making and will transform the relationship between Publishers and Advertisers within the ad tech space. It’s coming into force on May 25th, 2018: is your company compliant?

GDPR: An Overview

Every few years, the ad tech landscape experiences a level of disruption from technological innovation or policy changes.

May 25th, 2018 marks that change with the newest iteration of the General Data Protection Regulation (GDPR) being enforced by IAB Europe.

Working with our clients in an open and transparent way with programmatic advertising has never been more important, especially with GDPR looming in the near future.

IT Governance GDPR 2018 Programmatic
Source: IT Governance

Programmatic advertising involves automating, buying, and placing the right ads, in the right context, for the right customers to drive ROI for businesses and brands alike.

It not only allows us to serve the best ads that convert at the lowest possible cost (and adjust campaigns on-the-fly to keep it that way) but to ensure this transparency and give end-users control of their data shared.

Call It Cookie-Cutter

The GDPR is a data protection directive which aims to end the use of unrestricted cookies (or any device identifiers for that matter) while allowing programmatic advertisers to maintain their standards and performance across the digital advertising landscape.

Failure to comply with GDPR will result in fines up to 4% of annual global turnover.

Essentially, the GDPR ensures that programmatic advertisers are transparent and honest with their creative and ad placement to better align audiences, advertisers, and publishers.

Why Now?

Considering the recent changes to Facebook’s content ranking system to promote more relevant material for viewers, as well as native advertising’s continuous rise in 2018, you could say trust is the new normal.

GDPR 2018 Programmatic Adtuple
Source: Adtuple

IAB Europe is reinforcing this trend by enforcing a high level of data protection through the GDPR: the goal is promoting transparency and honesty within programmatic.

Traditionally, audience data for programmatic is derived through device tracking (cookie tracking and other methods), coming either from publishers, data brokers, or advertisers.

As of May, publishers will be unable to use third-party data from data brokers, advertisers or clients, to help promote transparency within the programmatic field.

GDPR 2018 Programmatic Advertising
Source: Search Engine Land

Additionally, GDPR suppresses the overexposure of inventory pricing information (ie. cost per impression, buyer budgets, etc.) by a third party. All the targeting information shared from here-on-out is consensual and considered first-party data; gone are the days of the “spray and pray” approach of ad placement.

Questions to ask yourself

Are you and your company GDPR compliant?

To ensure your GDPR compliance, you must first establish if you are a data controller or a data processor, then delegate your roles and responsibilities accordingly. To achieve compliance, here are a few questions to consider in the context of your business and role within the ad tech ecosystem:

  • Do you have explicit end-user consent? Under GDPR, end-users need information about their data collection and a clearly defined way of opting out.
  • Are you outside the EU? As far as GDPR is concerned, it doesn’t matter – the regulation applies to data processors globally.
  • Are you a data controller or data processor? The prior determines how personal data is processed (as a person or business), while the latter processes the data on behalf of the controller. Controllers are subject to the EU laws and legislation, while processors aren’t directly accountable.

How War Room Addresses GDPR Challenges

Luckily, we’re already in a strong position to adhere to the GDPR’s new legal framework since we’ve always operated with a customer-centric approach.

GDPR 2018 Programmatic Advertising
Source: R2 Integrated


War Room complies with the latest programmatic standards, like OpenRTB 2.4, and format standards like HTML5, VPAID 2.0, and Native Ads API 1.1, to ensure our clients have their brand safety protected, and that our programmatic advertising maintains full-transparency.

We ensure full GDPR compliance for our clients and ensure ads are delivered with the appropriate consent, tracking, and deliverability for maximum success. To find out more about how we can service your programmatic needs and/or establish your GDPR compliance, contact us today.

Submit a comment