September 14, 2017

GDPR is coming, and many U.S. ad tech firms aren’t ready


From an American perspective, GDPR is difficult to fully comprehend: sweeping regulations that have 99 articles and 173 recitals. Some are betting that the sheer scope of GDPR means EU regulators will struggle to enforce it.

Businesses outside of Europe aren’t necessarily reluctant to adapt for the GDPR. The reasons they’re delaying preparations have more to do with procrastination, not reading the fine print and, most importantly, not fully processing the GDPR’s implications, said Shane Minte, U.S. head of supply at mobile data platform Ogury. “It’s one of those things that, due to the geography, might feel like a distant problem, yet it is going to affect us all,” he said. “Having just a single user in the European Union for which [a company is] not GDPR-compliant means 2-4 percent of their global revenues are at risk.”

Sam Tomlinson, a partner for media, insight and assurance at PwC, has witnessed the disparity between European and U.S.-based advertising businesses firsthand. Since the one-year countdown to GDPR enforcement began, ad tech vendors in Europe have inundated Tomlinson and his group with requests to educate their teams on the far-reaching implications of the rules. From the discussions, it’s become clear to the auditing firm that some of its ad tech clients don’t see the GDPR as a top priority yet.

“Another reason [for the ad industry’s lack of focus on the GDPR] is that ad tech strategic thinking is often happening in the U.S,” he said. “Those ad tech businesses probably have a sales outpost in London or continental Western Europe and are mainly concerned with those teams hitting quarterly sales targets rather than listening to ‘local’ concerns about impending GDPR regulation. That makes it hard to escalate GDPR to the U.S. head office, although there are some signs that’s now starting to change.”

Get the full story at Digiday