{"id":9313,"date":"2018-02-12T16:02:27","date_gmt":"2018-02-12T10:32:27","guid":{"rendered":"http:\/\/www.www.adpushup.com\/blog\/?p=9313"},"modified":"2024-09-20T15:50:36","modified_gmt":"2024-09-20T10:20:36","slug":"gdpr-compliance-checklist-the-non-legalese-edition-for-publishers","status":"publish","type":"post","link":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/","title":{"rendered":"GDPR Compliance Checklist: The Non-Legalese Edition for Publishers","gt_translate_keys":[{"key":"rendered","format":"text"}]},"content":{"rendered":"<p>Come May 25th, 2018, GDPR rolls into effect and anyone who collects, stores, and processes data about EU residents will find themselves under the spotlight. They all need to comply &#8211; or face penalties.<\/p>\n<p>The consequences are steep enough to push the whole ad tech industry &#8211; which relies heavily on user data that will now need users&#8217;&nbsp;<em>explicit&nbsp;<\/em>consent&nbsp;&#8211; in a quiet panic. This includes publishers who monetize their EU audiences through advertising.<\/p>\n<p>With three months left, it&#8217;s time to work on a compliance plan of your own. To get started,&nbsp;<strong>here&#8217;s a human-readable GDPR compliance checklist for publishers.<\/strong><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-flat ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents:<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #000000;color:#000000\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #000000;color:#000000\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#What_Youll_Need\" >What You&#8217;ll Need:<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#1_Review_and_Document_Data_Processing_and_Sharing_Activities\" >1. Review and Document: Data, Processing, and Sharing Activities<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#2_Update_Your_Privacy_Notice\" >2. Update Your Privacy Notice<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#3_Finalize_What_Youll_do_When_Your_Users_Exercise_Their_GDPR_Rights\" >3. Finalize What You&#8217;ll do When Your Users Exercise Their GDPR Rights<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#4_Prevent_and_Report_Data_Breach\" >4. Prevent and Report Data Breach<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#5_Privacy_Assessments_and_Personnel\" >5. Privacy Assessments and Personnel<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"What_Youll_Need\"><\/span>What You&#8217;ll Need:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Lawful Basis<\/strong>: Basically, a <em>valid<\/em>&nbsp;reason to continue doing whatever you (and your &#8216;processors&#8217;) are doing with EU residents&#8217; data. Lawful bases include explicit consent, legitimate interest (which is NOT a Get-out-of-jail-free-card, quit hoping), contractual basis, legal obligation, etc.<\/li>\n<\/ul>\n<p style=\"padding-left: 60px;\"><strong>Recommended Reading:<\/strong> <em><a href=\"https:\/\/ico.org.uk\/for-organisations\/guide-to-the-general-data-protection-regulation-gdpr\/lawful-basis-for-processing\/\" target=\"_blank\" rel=\"noopener noreferrer\">Lawful Basis for Processing<\/a>&nbsp;<\/em>(Source: ICO.org UK)<\/p>\n<ul>\n<li><strong>Vendor list<\/strong>: Each &#8216;data processor&#8217; (ad tech vendors, as well as analytics and tag management platforms) on your site will need user&#8217;s explicit consent to continue using their data. The &#8216;data controller&#8217; (publisher) must procure this consent. If you don&#8217;t know who is collecting data through your pages, use a tool like Evidon Trackermap.<\/li>\n<li><strong>Privacy Notices: <\/strong>Or Consent notice, if that&#8217;s what your lawful basis is. This is where you commit to GDPR&#8217;s transparency principle by clearly telling visitors exactly what they&#8217;re giving up (data), why (your<em> lawful basis<\/em>), to who (all the processors you&#8217;ll be sharing this data with), how long this data will be kept etc.<\/li>\n<li><strong>Record keeping skills:<\/strong>&nbsp;A lot of GDPR compliance is about keeping records of what you do with the data you have to demonstrate your accountability.<\/li>\n<li>A team of developers and a lawyer\/GDPR consultant to approve your game plan before you start implementing it.<\/li>\n<\/ul>\n<p>Once you understand all that, proceed with the following steps:<\/p>\n<h2><span class=\"ez-toc-section\" id=\"1_Review_and_Document_Data_Processing_and_Sharing_Activities\"><\/span>1. Review and Document: Data, Processing, and Sharing Activities<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>It sounds droll, but it\u2019s one of the easier steps to achieve compliance. Also, it&#8217;s not optional. Richard Lam, who is working on his organization&#8217;s GDPR compliance project, says:<\/p>\n<blockquote>\n<p>GDPR requires extensive record keeping, so document everything; what personal data you process and the lawful basis behind doing so. Document the process workflow of the personal data &#8211; where it&#8217;s stored, who&#8217;s in control of it, who it&#8217;s shared with, etc. Then formalize a process in case you receive a &#8220;right to be erased&#8221; request.<\/p>\n<p style=\"text-align: right;\">&#8211;&nbsp;Richard Lam,&nbsp;Head of Programmatic and Ad Ops, Network-N<\/p>\n<\/blockquote>\n<p>The purpose of these records is to show that you are accountable for data within your organization. That said, this also has the added benefit of helping you identify what needs to be done and where in order to be GDPR compliant before the deadline.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"2_Update_Your_Privacy_Notice\"><\/span>2. Update Your Privacy Notice<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The first rule of GDPR is to talk about your data collection and processing habits with visitors&nbsp;<i>honestly<\/i>.<\/p>\n<blockquote>\n<p>In order for the processing to be fair, the data controller (the organisation in control of processing the data) has to make certain information available to the data subjects (the individuals whom the data relates to) in order to continue using their data.<\/p>\n<p style=\"text-align: right;\">&#8211; ICO.org UK<\/p>\n<\/blockquote>\n<p>This applies regardless of whether you\u2019re obtaining the data directly from data subject (your visitor) or from second or third-party arrangements. As long as the data you have is from an EU resident, you HAVE to disclose to them:<\/p>\n<ul>\n<li>who the data controller is; for the record, it&#8217;s the publisher,<\/li>\n<li>why their data needs to processed;<\/li>\n<li>who will be processing it (who it will be shared with),<\/li>\n<li>Any other information that should be disclosed in keeping with the spirit of transparency, like the effect of said processing (\u201conline tracking\u201d), how the data collecting will work (\u201ccookies on your device\u201d), etc.<\/li>\n<\/ul>\n<p style=\"padding-left: 30px;\"><strong>Recommended reading:&nbsp;<\/strong><em><a href=\"https:\/\/ico.org.uk\/media\/for-organisations\/documents\/1625136\/good-and-bad-examples-of-privacy-notices.pdf\">Good and Bad Examples of Privacy Notices<\/a>&nbsp;<\/em>(Source: ICO.org UK)<\/p>\n<p>Publishers will find that for a lot of their advertising system to continue functioning as it does, they&#8217;ll need&nbsp;<em>consent&nbsp;<\/em>as their lawful basis. Good news is, this basis will also cover compliance with an updated ePrivacy directive &#8211; which is slated to come into effect on the same day as GDPR (although the chances of that happening look slim).<\/p>\n<p>To be valid, consent MUST have the following adjectives:&nbsp;freely-given, specific, informed, granular, opt-in, and unambiguous. On a related note, silence, pre-ticked boxes, or inactivity does NOT count as consent.<\/p>\n<p>Perimeter (a consent vendor) put out a useful wireframe for a GDPR-compliant consent notice:<\/p>\n<p><img loading=\"lazy\" class=\"alignnone size-full wp-image-9314\" src=\"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/consent-dialogue-wireframes.002.png\" alt=\"\" width=\"800\" height=\"450\" srcset=\"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/consent-dialogue-wireframes.002.png 800w, https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/consent-dialogue-wireframes.002-300x169.png 300w, https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/consent-dialogue-wireframes.002-768x432.png 768w, https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/consent-dialogue-wireframes.002-150x84.png 150w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p>Then you have to make sure that once given, consent is also easy to withdraw. As per Richard Lam:<\/p>\n<blockquote>\n<p>You&#8217;re looking at implementing a double opt in method. I believe&nbsp;publishers of any scale with an active developer team\/people\/person should be able to create something functioning in-house. It&#8217;s what we are working on ourselves, and I know a few big publishers like The Guardian and News UK are doing the same. If you don&#8217;t have the developers, you could always use a consent vendor.<\/p>\n<p>If you don&#8217;t own and operate the sites but have advertising rights to them, you&#8217;ll need to implement your consent notice across the network &#8211; including sites you don&#8217;t own\/operate but have exclusive advertising rights to. Make sure that a granular opt-out on one site is remembered across all the websites under that network.<\/p>\n<\/blockquote>\n<p>Note that you&#8217;ll need a parent or guardian&#8217;s <em>verifiable&nbsp;<\/em>consent to gather and process data from children under the age of 16 (may be lowered to a minimum of 13 in the UK). Transparency applies to children too, so your privacy notice must be written in language that children will understand.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"3_Finalize_What_Youll_do_When_Your_Users_Exercise_Their_GDPR_Rights\"><\/span>3. Finalize What You&#8217;ll do When Your Users Exercise Their GDPR Rights<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>How would you react if someone asks to have their personal data deleted across the board, or access it? Can your systems help you locate and delete one user&#8217;s data within thirty days?<\/p>\n<p style=\"padding-left: 30px;\"><strong>Recommended reading<\/strong>:&nbsp;<em><a href=\"https:\/\/ico.org.uk\/for-organisations\/guide-to-the-general-data-protection-regulation-gdpr\/individual-rights\/\" rel=\"noopener\">Individual Rights<\/a>&nbsp;and Subsections&nbsp;<\/em>(Source: ICO.org UK)<\/p>\n<p>Richard Lam shares the process&nbsp;his team put in place,<\/p>\n<blockquote>\n<p>That was the easiest part to tick off our checklist, as it mirrors the subject access request (SAR) guidelines currently in place under the Data Protection Act.<\/p>\n<p>We plan to have a contact form on our corporate website through which users can get in touch. The request goes to a central person here who will be responsible for SAR and data erasure requests. We then send user a form to fill in, they then provide a form of ID along with the completed and signed form, and we process it.<\/p>\n<p>Since the consent needs to be &#8220;easily withdrawn&#8221;, this contact form will also be linked to all the privacy policies on our owned and operated websites.<\/p>\n<\/blockquote>\n<p>Remember that whenever the user requests to <em>access&nbsp;<\/em>their data, you will need to provide the personal data in &#8220;a structure commonly used as well as machine-readable form&#8221; for no fees (unless the request becomes repetitive) and within thirty days.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"4_Prevent_and_Report_Data_Breach\"><\/span>4. Prevent and Report Data Breach<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>This is what has most everyone in the supply chain scratching their heads. In a system as labyrinthine as programmatic &#8211; where data is collected and passed around with little regard to frivolous concerns like origin or&nbsp;<em>individual<\/em>&nbsp;<em>rights &#8211; <\/em>how are you supposed to prevent data leakage<em>?<\/em><\/p>\n<p>The complexity of Lumascape won&#8217;t fly under GDPR. Shubham Grover, Product Specialist at AdPushup, outlines what publishers can reasonably do to prevent and protect themselves against data leakage:<\/p>\n<ol>\n<li>Never allow an SSP to add partners (for backfill demand) on their end without your consent.<\/li>\n<li>Connect with all of your tech vendors and partners and communicate your data policy, i.e., expectations for data handling, what&#8217;s allowed or not, etc..<\/li>\n<li>Review all current data sharing arrangements and partnerships. Revise contracts with partners in light of GDPR.<\/li>\n<li>Strip any personal data (as defined by GDPR) before you process it or share it with other entities (like Google Analytics or Mixpanel).<\/li>\n<li>Include all vendors currently collecting and processing data through you in your privacy notice.<\/li>\n<\/ol>\n<p>Keep monitoring your digital properties to make sure no unauthorized entities are sneakily listening in to your user&#8217;s data. Know that &#8220;failure to report a breach when required to do so could result in a fine, as well as a fine for the breach itself.&#8221;<\/p>\n<p>It may not be foolproof on a larger scale, but it shows how committed you actually are to protecting your visitors&#8217; data privacy rights.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"5_Privacy_Assessments_and_Personnel\"><\/span>5. Privacy Assessments and Personnel<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>You&#8217;re almost done.<\/p>\n<p>Under GDPR, &#8220;privacy by design&#8221; is an express legal requirement for those who deal with user data. That means PIAs or \u2018Data Protection Impact Assessments\u2019 (DPIAs) are mandatory in situations<\/p>\n<ul>\n<li>where a new technology\/platform is being implemented;<\/li>\n<li>where a profiling operation is likely to significantly affect individuals; or<\/li>\n<li>where there is processing of special categories of data (on a large scale)<\/li>\n<\/ul>\n<p style=\"padding-left: 30px;\">&nbsp;<strong>Recommended Reading:&nbsp;<\/strong><em>Conducting PIAs: Code of Practice&nbsp;<\/em>(<a href=\"https:\/\/ico.org.uk\/media\/for-organisations\/documents\/1595\/pia-code-of-practice.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">PDF link<\/a>)<\/p>\n<p>If your assessment concludes that the data processing is &#8220;high risk to individuals&#8221; and that you can&#8217;t address those risks, you will need to consult the GDPR supervisory authority (SA) in your member state for guidance on further action.<\/p>\n<p>I&#8217;ll reiterate that conducting DPIAs in situations mentioned above&nbsp;<em>is a legal requirement.&nbsp;<\/em>&nbsp;This is a good time to make it an organizational practice. Consider appointing someone who&#8217;ll be responsible for your data protection compliance and risk assessment.<\/p>\n<p>And that&#8217;s it.<\/p>\n<p>What happens once GDPR comes into effect? There&#8217;s little point in speculating. Remember that privacy and tracking were prime concerns for early adblock adoption and remains one of the major motivation to this day. It&#8217;s reasonable to assume that a lot of EU-based visitors won&#8217;t blink twice before opting out of all tracking\/cookies once they have the choice.<\/p>\n<p>Publishers who have years\u2019 worth of EU-based audience segments are right to panic since, without consent, their data will be out of commission. &#8220;If it were me, I would seriously consider selling this data,&#8221; says Shubham. &#8220;DSPs will sorely need it (in hashed form) for creating contextual targeting segments who will be willing to pay more bucks than usual (audience extension data).&#8221;<\/p>\n<p>With contextual targeting on the rise, niche publishers&nbsp;may find that they&#8217;re less likely to lose yield. Richard Lam, who manages programmatic and ad ops for a UK-based gaming vertical network, says, &#8220;I can see news publishers panicking, especially if they invested heavily in audience targeting, DMP, and data scientists. They had hundreds of different audience pots for targeting. So yeah, I guess if I were in those shoes I&#8217;d certainly be bricking it.&#8221;<\/p>\n<p>But not all hope is lost. &#8220;Every cloud has a silver lining. There would be users who do opt-in on cookies. With that, first-party data will become gold for publishers,&#8221; he says.<\/p>\n<p>Resource:<\/p>\n<p>ICO.org.uk Preparing for GDPR 12 Step Guide (<a href=\"https:\/\/ico.org.uk\/media\/1624219\/preparing-for-the-gdpr-12-steps.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">PDF link<\/a>)<\/p>\n\n\n<p>Here are some recommended readings for understanding more about the subject:<\/p>\n\n\n\n<ul><li><a href=\"https:\/\/www.adpushup.com\/blog\/a-gdpr-checklist-for-those-who-are-tired-of-gdpr-checklists\/\" target=\"_blank\" rel=\"noreferrer noopener\">A GDPR Checklist for Those Who Are Tired of GDPR Checklists<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"https:\/\/www.adpushup.com\/blog\/what-ad-tech-looks-like-in-the-gdpr-aftermath\/\" target=\"_blank\">What Ad Tech Looks Like in the GDPR Aftermath<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"https:\/\/www.adpushup.com\/blog\/gdpr-consent-string\/\" target=\"_blank\">GDPR Consent String: Everything A Publisher Needs to Know<\/a><\/li><\/ul>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"excerpt":{"rendered":"<p>Come May 25th, 2018, GDPR rolls into effect and anyone who collects, stores, and processes data about EU residents will find themselves under the spotlight. They all need to comply &#8211; or face penalties. The consequences are steep enough to push the whole ad tech industry &#8211; which relies heavily on user data that will<\/p>\n","protected":false,"gt_translate_keys":[{"key":"rendered","format":"html"}]},"author":18,"featured_media":9319,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","om_disable_all_campaigns":false,"inline_featured_image":false,"apple_news_api_created_at":"2019-01-10T11:35:46Z","apple_news_api_id":"43f9bb11-9add-4734-8516-06f99f3ed874","apple_news_api_modified_at":"2019-01-10T11:35:47Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AQ_m7EZrdRzSFFgb5nz7YdA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\""},"categories":[6446],"tags":[],"apple_news_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v18.5 (Yoast SEO v18.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GDPR Compliance Checklist | AdPushup<\/title>\n<meta name=\"description\" content=\"Anyone who collects, stores, and processes data about EU residents will be held accountable under GDPR. Read the blog for more information.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<meta name=\"twitter:title\" content=\"GDPR Compliance Checklist | AdPushup\" \/>\n<meta name=\"twitter:description\" content=\"Anyone who collects, stores, and processes data about EU residents will be held accountable under GDPR. Read the blog for more information.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/GDPR_Compliance_Checklist.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@adpushup\" \/>\n<meta name=\"twitter:site\" content=\"@adpushup\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Shubham Grover\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.adpushup.com\/blog\/#organization\",\"name\":\"AdPushup\",\"url\":\"https:\/\/www.adpushup.com\/blog\/\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/adpushup\/\",\"https:\/\/www.facebook.com\/AdPushup\/\",\"https:\/\/twitter.com\/adpushup\"],\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.adpushup.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2019\/02\/AdPushup-logo.png\",\"contentUrl\":\"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2019\/02\/AdPushup-logo.png\",\"width\":3294,\"height\":893,\"caption\":\"AdPushup\"},\"image\":{\"@id\":\"https:\/\/www.adpushup.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.adpushup.com\/blog\/#website\",\"url\":\"https:\/\/www.adpushup.com\/blog\/\",\"name\":\"AdPushup Blog\",\"description\":\"A\/B Testing, Monetization &amp; Ad Optimization\",\"publisher\":{\"@id\":\"https:\/\/www.adpushup.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.adpushup.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#primaryimage\",\"url\":\"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/GDPR_Compliance_Checklist.jpg\",\"contentUrl\":\"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/GDPR_Compliance_Checklist.jpg\",\"width\":1024,\"height\":640},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#webpage\",\"url\":\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/\",\"name\":\"GDPR Compliance Checklist | AdPushup\",\"isPartOf\":{\"@id\":\"https:\/\/www.adpushup.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#primaryimage\"},\"datePublished\":\"2018-02-12T10:32:27+00:00\",\"dateModified\":\"2024-09-20T10:20:36+00:00\",\"description\":\"Anyone who collects, stores, and processes data about EU residents will be held accountable under GDPR. Read the blog for more information.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"blog\",\"item\":\"https:\/\/www.adpushup.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Privacy &amp; Consent\",\"item\":\"https:\/\/www.adpushup.com\/blog\/category\/privacy-consent\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"GDPR Compliance Checklist: The Non-Legalese Edition for Publishers\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.adpushup.com\/blog\/#\/schema\/person\/8dbbe9397dddf4ab1d858603e751f897\"},\"headline\":\"GDPR Compliance Checklist: The Non-Legalese Edition for Publishers\",\"datePublished\":\"2018-02-12T10:32:27+00:00\",\"dateModified\":\"2024-09-20T10:20:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#webpage\"},\"wordCount\":1877,\"publisher\":{\"@id\":\"https:\/\/www.adpushup.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/GDPR_Compliance_Checklist.jpg\",\"articleSection\":[\"Privacy &amp; Consent\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.adpushup.com\/blog\/#\/schema\/person\/8dbbe9397dddf4ab1d858603e751f897\",\"name\":\"Shubham Grover\",\"description\":\"Shubham is a digital marketer with rich experience working in the advertisement technology industry. He has vast experience in the programmatic industry, driving business strategy and scaling functions including but not limited to growth and marketing, Operations, process optimization, and Sales.\",\"url\":\"https:\/\/www.adpushup.com\/blog\/author\/shubham\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"GDPR Compliance Checklist | AdPushup","description":"Anyone who collects, stores, and processes data about EU residents will be held accountable under GDPR. Read the blog for more information.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/","twitter_card":"summary","twitter_title":"GDPR Compliance Checklist | AdPushup","twitter_description":"Anyone who collects, stores, and processes data about EU residents will be held accountable under GDPR. Read the blog for more information.","twitter_image":"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/GDPR_Compliance_Checklist.jpg","twitter_creator":"@adpushup","twitter_site":"@adpushup","twitter_misc":{"Written by":"Shubham Grover","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.adpushup.com\/blog\/#organization","name":"AdPushup","url":"https:\/\/www.adpushup.com\/blog\/","sameAs":["https:\/\/www.linkedin.com\/company\/adpushup\/","https:\/\/www.facebook.com\/AdPushup\/","https:\/\/twitter.com\/adpushup"],"logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.adpushup.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2019\/02\/AdPushup-logo.png","contentUrl":"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2019\/02\/AdPushup-logo.png","width":3294,"height":893,"caption":"AdPushup"},"image":{"@id":"https:\/\/www.adpushup.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"WebSite","@id":"https:\/\/www.adpushup.com\/blog\/#website","url":"https:\/\/www.adpushup.com\/blog\/","name":"AdPushup Blog","description":"A\/B Testing, Monetization &amp; Ad Optimization","publisher":{"@id":"https:\/\/www.adpushup.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.adpushup.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#primaryimage","url":"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/GDPR_Compliance_Checklist.jpg","contentUrl":"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/GDPR_Compliance_Checklist.jpg","width":1024,"height":640},{"@type":"WebPage","@id":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#webpage","url":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/","name":"GDPR Compliance Checklist | AdPushup","isPartOf":{"@id":"https:\/\/www.adpushup.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#primaryimage"},"datePublished":"2018-02-12T10:32:27+00:00","dateModified":"2024-09-20T10:20:36+00:00","description":"Anyone who collects, stores, and processes data about EU residents will be held accountable under GDPR. Read the blog for more information.","breadcrumb":{"@id":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"blog","item":"https:\/\/www.adpushup.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Privacy &amp; Consent","item":"https:\/\/www.adpushup.com\/blog\/category\/privacy-consent\/"},{"@type":"ListItem","position":3,"name":"GDPR Compliance Checklist: The Non-Legalese Edition for Publishers"}]},{"@type":"Article","@id":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#article","isPartOf":{"@id":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#webpage"},"author":{"@id":"https:\/\/www.adpushup.com\/blog\/#\/schema\/person\/8dbbe9397dddf4ab1d858603e751f897"},"headline":"GDPR Compliance Checklist: The Non-Legalese Edition for Publishers","datePublished":"2018-02-12T10:32:27+00:00","dateModified":"2024-09-20T10:20:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#webpage"},"wordCount":1877,"publisher":{"@id":"https:\/\/www.adpushup.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.adpushup.com\/blog\/gdpr-compliance-checklist-the-non-legalese-edition-for-publishers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.adpushup.com\/blog\/wp-content\/uploads\/2018\/02\/GDPR_Compliance_Checklist.jpg","articleSection":["Privacy &amp; Consent"],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.adpushup.com\/blog\/#\/schema\/person\/8dbbe9397dddf4ab1d858603e751f897","name":"Shubham Grover","description":"Shubham is a digital marketer with rich experience working in the advertisement technology industry. He has vast experience in the programmatic industry, driving business strategy and scaling functions including but not limited to growth and marketing, Operations, process optimization, and Sales.","url":"https:\/\/www.adpushup.com\/blog\/author\/shubham\/"}]}},"gt_translate_keys":[{"key":"link","format":"url"}],"_links":{"self":[{"href":"https:\/\/www.adpushup.com\/blog\/wp-json\/wp\/v2\/posts\/9313"}],"collection":[{"href":"https:\/\/www.adpushup.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.adpushup.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.adpushup.com\/blog\/wp-json\/wp\/v2\/users\/18"}],"replies":[{"embeddable":true,"href":"https:\/\/www.adpushup.com\/blog\/wp-json\/wp\/v2\/comments?post=9313"}],"version-history":[{"count":1,"href":"https:\/\/www.adpushup.com\/blog\/wp-json\/wp\/v2\/posts\/9313\/revisions"}],"predecessor-version":[{"id":22935,"href":"https:\/\/www.adpushup.com\/blog\/wp-json\/wp\/v2\/posts\/9313\/revisions\/22935"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.adpushup.com\/blog\/wp-json\/wp\/v2\/media\/9319"}],"wp:attachment":[{"href":"https:\/\/www.adpushup.com\/blog\/wp-json\/wp\/v2\/media?parent=9313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.adpushup.com\/blog\/wp-json\/wp\/v2\/categories?post=9313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.adpushup.com\/blog\/wp-json\/wp\/v2\/tags?post=9313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}