Programmatic Insights

GDPR Compliance Hurts Brands!

By Tor Olav Haugen, posted on May 31, 2018

ThumbAd has monitored tracking within different industries after GDPR launch May 25th in the Norwegian market. There are some implications and learnings to draw to your attention. Preliminary findings show that an average of around 10% of users across the line comply by accepting site owner cookie policy terms after the first week.

Brands are highly recommended to get the end-user’s consent, when entering their site, in order to track and to better understand their audience. People can still browse the site even though they don’t accept your cookie policies. In that case, Brands will no longer be able to, for example track and retarget those browsing with digital advertising. ThumbAd has found an opt-in variation in a range from 3,9% to 19,2% accepting site cookie terms when considering a wide range of industries.

Moving forward, a more dominant acceptance awareness to cookies on site is recommended to avoid losing out on valuable insights and digital marketing tactics. There are some examples that we have found that we would like to share with you.

The IAB Framework Consent Management Platform (CMP) has detailed recommended steps in order to meet the new regulation. Brands might consider these as drastic steps with risks of losing out on valuable clients. However, this is what it takes to be compliant in order to capitalise on one’s digital advertising efforts to avoid compromising advertising performance.

  • Inform your visitors in plain language about the purpose of your cookies and trackers before setting other than strictly necessary cookies (ePR)
  • Provide options for the visitor to change or withdraw a consent (GDPR/ePR)
  • Have a mechanism in place to log and prove consents (GDPR)
  • Map and document data streams performed by third parties (GDPR)
  • Configure your consent method to use explicit/active consent when processing sensitive personal data on your website (GDPR)
  • Provide the identity and contact details of the data controller in your company (GDPR)
  • Disclose that the visitor is entitled to access, correct, delete and limit processing of personal data (GDPR)
  • Disclose that the visitor is entitled to receive personal data so that they can be used by another processor (GDPR)
  • Disclose that the visitor has the right to lodge a complaint with a supervisory authority (GDPR)
  • Inform about the occurrence of automatic decisions, including profiling (GDPR)
  • Avoid the risk of heavy fines and make your website compliant

Below are a few examples of how a takeover in-page notification to the user to accept tracking/cookie policy terms can increase the likelihood of tracking.