Search for glossary terms (regular expression allowed)
Begin with Contains Exact termSounds like


Term Definition

What is the GDPR?
The GDPR, or the General Data Protection Regulation, is a European privacy law approved by the European Commission in April 2016. The GDPR regulates, amongst other things, how organizations may obtain, use, and store the personal data of EU residents (the EU is comprised of 28 countries and 510M people).

At its core, the GDPR follows two main principles:

1. Consumers own their data
The GDPR enables EU citizens, not online vendors, to have the final say on how their data will be used. Thus, consumer consent is required for PII collection, sharing, and usage. The GDPR also introduces the idea of "data rights", whereby individuals have the right to see, edit, and delete data a 3rd-party has on them.

2. Companies need to protect this data
The GDPR imposes tighter restrictions on how companies handle PII. This includes limiting what they collect, adding better security protocols, hiring Data Protection Officers, having data breach notification plans, and more.

The first point will greatly impact the ad tech industry, as much of advertising relies on programmatic behavioral targeting using customer data (such as retargeting, cookie matching, mobile ID targeting, frequency capping, etc). It's likely the GDPR will negatively impact, if not cripple, many common advertising practices.