GDPR.

An overview of data privacy.

GDPR Overview

The General Data Protection Regulation (GDPR) is a new privacy measure established in the EU that went into effect May 25th, 2018. It has significant implications on personal data and privacy rights.

It gives EU citizens a clearer understanding and greater control of what personal data companies have access to and how those companies use it. Any US brand that interacts with or could interact with an EU citizen is subject to GDPR.

Our Approach

LumenAd serves the sole responsibility of staging, deploying, optimizing and reporting on conversion focused, cross- channel media campaigns. We have also audited the measures taken by all partners in our tech stack to ensure compliance, regardless of whether or not a data exchange occurs.

It is the responsibility of each brand/agency partner to ensure they comply with all applicable data privacy laws.

The Basics

  1. GDPR regulates the collection and usage of personal data. It gives users control over how their data is used by companies, if it’s collected in the first place, the right to be forgotten, and more. GET THE FULL STORY HERE.

  2. Users have a right to know who is using their data. This means they need to have the ability to see everywhere their data is sent and to have the option to opt out by vendor.

  3. Currently, two important compliance components are consent mechanisms and data portals. Both are needed for EU IP addresses.

  4. Consent partners will help you establish your consent mechanism, often through a Consent Management Platform (CMP). If you need a consent partner, YOU CAN FIND A VERIFIED LIST HERE.

  5. A separate, easily navigable data portal is what facilitates users’ access to and control of their data.

  6. Every brand/agency partner should review the IAB TECHNICAL SPECS on consent and notice.

  7. Data minimization is a key part of GDPR. It keeps data lean without holding onto bloated data sets that could be GDPR non-compliant. LumenAd regularly flushes all irrelevant data.

  8. If you’re currently operating under “legitimate interest” as a legal basis for consent, outlined documentation is needed to justify that interest.

  9. For advertisers who don’t have a consent mechanism in place, all LumenAd specific tags will be blocked from firing on users with EU specific IP addresses via a IP lookup implemented in GTM.

Types of Data
GDPR Regulates

GDPR regulates the collection and usage of personal data. Personal data includes any information that can be used to identify an individual. Data factors include anything pertaining to a person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

Examples include:

name, email address, location data,
IP address, cookie data, and much more

Data Subject
Rights

Under the GDPR, data subjects will have several rights that need to be accomodated. All brands need to ensure these rights can be exercised easily via a ‘My Data Management’ page or data portal on their website(s), which can then be easily linked to in all communications.

  • The right to access information about how personal data is used.

  • The right to access personal data held by any organization.

  • The right to have incorrect personal data deleted or corrected.

  • The right to have personal data rectified/erased.
    (often referred to as the “Right to Be Forgotten”)

  • The right to restrict or object to automated processing of personal data.

  • The right to receive a copy of their personal data.

Dealing with Data
Subject Requests

If at any time a data subject would like to access, correct or delete personal data, please follow these steps:

images/fraud-icons-01.svg
images/fraud-icons-02.svg
images/fraud-icons-03.svg

Disclaimer

No part of this page constitutes official legal advice. Do not use this as an official guide for compliance.

All parties should seek independent legal advice in relation to GDPR compliance and all applicable data privacy laws.