Ryan Eney, director, legal, OpenX

GDPR went into effect on May 25, meaning it could be any day your business is negatively impacted for not complying with the one of the biggest regulations to hit businesses in recent years. The implementation of GDPR affects any global business that reaches EU-based customers―especially online retailers. If you haven’t begun working toward becoming compliant with GDPR or are still in the process of doing so, as is the case for many more companies than just yours, we recommend you kick your efforts into overdrive. 

For quick background on the newly enforced law, GDPR was created to harmonize data compliance requirements across the EU and will replace current EU privacy laws. This new data protection regime creates a fixed data privacy regulation across EU-based companies, as well as global companies that provide goods and services to EU users or monitor the behavior of EU users. Additionally, online retailers in the U.S. are required to use approved mechanisms, designed to protect the security and privacy of EU data, to transfer any personal data that comes from an EU user outside of the EU.

Starting Your Journey to Compliance

For many companies, complying with these new standards requires significant changes on how they collect and store user information, how they identify users and how they disclose user data practices.

Give Consumers a Choice

A fundamental principle under GDPR is giving consumers the right to control the distribution of their personal data. Consumers must give companies consent, which is “freely given, specific, informed and unambiguous” by a statement or by a clear affirmative action to use their data. Likewise, companies must design opt-out mechanisms that erase or give back an individual’s data as requested. These standards give consumers more control over their data while forcing companies to be more transparent with how it’s handled.

2018 Best Digital Marketers in Ecommerce

Rankings, competitive data & analysis of the e-retailers winning big in social, search & email marketing.

View Details

Less Is More

Gone are the days of collecting unnecessary amounts of consumer data. Under GDPR, companies are only allowed to collect data for stated purposes. To be compliant under GDPR, brands must minimize data collection to fulfill a specific purpose, delete obsolete data, and protect end user rights.

Data Across Borders

Violations for being non-compliant with GDPR are steep (as much as 20 million euros or 4% of worldwide annual revenue), and any digital retailer that’s involved with any internet-based advertising to EU users must adequately prepare or face significant financial consequences. To avoid these costly fines, Fortune 500 companies have spent upwards of $7.8 billion combined to make sure they’re aligned with the new standards.

While the efforts required to become compliant are intense, the time and effort it takes to fulfill these requirements are greatly outweighed by the financial consequences. In hindsight, dedicating time and money to this shift will be beneficial for any company handling personal data from EU users.

OpenX operates an online ad exchange.