OpenX, the independent advertising technology provider has today announced that it is one of the first advertising exchanges globally now in compliance with its publisher obligations under the General Data Protection Regulation (GDPR) — a full four months before the May deadline.
As a free and open contribution to the ad tech community, OpenX is also making available a GDPR-ready data processing agreement (DPA) drafted in consultation with leading US and EU privacy counsel. This “open source” DPA was published today to www.openx.com/GDPR as a resource for publishers to expedite their compliance process with other technology partners that may process the publisher’s EU personal data.
OpenX is also making available other GDPR-related resources on its website, including a guide for obtaining certification under the Privacy Shield, which is an important legal mechanism for validating the transfer of EU personal data out of the EU to the US.
>See also: The multinational impact of GDPR
“GDPR is the single most significant regulation in the history of digital advertising,” said Doug McPherson, chief administrative officer and general counsel at OpenX. “It replaces a patchwork of EU national rules with a single regulatory framework with global reach and strict penalties for those who fail to comply. GDPR applies to every company, wherever they are located, that offers goods or services to EU citizens or receives, stores or sends personal data from any EU citizen.”
According to one recent analysis, leading publishers today can have hundreds of technology partners with access to their consumer data via code on their page. Under GDPR, publishers will be responsible for ensuring regulatory compliance for data security for every single partner they allow to access their data. Failure to comply effectively could result in significant penalties — up to the greater of €20,000,000 or 4% of worldwide annual revenue.