OpenX, a leading global independent advertising technology provider, confirmed to MMW head of the weekend that it is one of the first advertising exchanges globally now in compliance with its publisher obligations under the General Data Protection Regulation (GDPR) — a full four months before the May deadline.
As a free and open contribution to the ad tech community, OpenX is also making available a GDPR-ready data processing agreement (DPA) drafted in consultation with leading U.S. and EU privacy counsel.
This “open source” DPA was published today to www.openx.com/GDPR as a resource for publishers to expedite their compliance process with other technology partners that may process the publisher’s EU personal data. OpenX is also making available other GDPR-related resources on its website, including a guide for obtaining certification under the Privacy Shield, which is an important legal mechanism for validating the transfer of EU personal data out of the EU to the U.S.
“GDPR is the single most significant regulation in the history of digital advertising,” said Doug McPherson, chief administrative officer and general counsel at OpenX. “It replaces a patchwork of EU national rules with a single regulatory framework with global reach and strict penalties for those who fail to comply. GDPR applies to every company, wherever they are located, that offers goods or services to EU citizens or receives, stores or sends personal data from any EU citizen. At OpenX, we are committed to being the highest quality and most trusted partner to the thousands of leading publishers and top brands that rely upon our exchange. We committed early on to investing significantly in GDPR compliance and in educating the industry about its implications. We have taken the extra step today to make available a data processing agreement and other resources in order to move the entire industry towards greater accountability and trust.”
According to one recent analysis, leading publishers today can have hundreds of technology partners with access to their consumer data via code on their page. Under GDPR, publishers will be responsible for ensuring regulatory compliance for data security for every single partner they allow to access their data. Failure to comply effectively could result in significant penalties — up to the greater of €20,000,000 or 4% of worldwide annual revenue.