PoV

GDPR Compliance, Risk Removal And Opportunity


March 2018

GDPR Compliance, Risk Removal And Opportunity

Practical and technical advice to connect GDPR uncertainty with blockchain opportunity


Background

As noted in our Strategy Note “Getting Ready for GDPR”, the new General Data Protection Regulation (GDPR) represents the most significant change in privacy regulation in twenty years. Many in the advertising ecosystem are concerned that entire programmatic stacks will require significant reinvestment and rebuilding because of GDPR. However, we believe these concerns can be alleviated by understanding what GDPR requires and matching these requirements to a minimal viable solution from which stakeholders can use as a foundation for comprehensive compliance. Indeed, advertisers and publishers will likely need to undergo some degree of technology change, but the pain and expense of making these changes can be substantially minimized and turned into a business advantage.

In particular, we believe that advances in blockchain technology have the potential to help support a robust data-driven advertising ecosystem in an environment of more stringent regulation. Not just applicable to crypto-currency, blockchain provides a potentially eloquent and viable solution that not only mitigates GRPR risks, but also solves a range of programmatic transparency and supply chain management issues that remain unresolved today. We strongly advise advertisers and publishers to look at GDPR challenges as a glass half full and as a catalyst to capture a unique competitive advantage.

 

Breaking Down GDPR: Why Blockchain Holds Promise

Stakeholders need to look no further than to a standard definition of Data Provenance in order to grasp the core spirit of GDPR. We break it down into six key compliance areas:

  1. Right to be forgotten:  Find and erase my data wherever you have used or shared it
  2. Data Portability:  Give me all the data concerning me so I can give it to someone else
  3. Right to Access:  Show me everyone “in the chain” who has used my data
  4. Privacy by design/default:  Encrypt my data so that my data is separated from everyone else’s data
  5. Secure Processing of Data:  Software touching consumer data is developed with a security-first mindset
  6. Timely Communication:  72-hour notification for breaches of my personal data

 

GDPR Opens The Door To Financial and Reputation Risk, Blockchain Locks It

  1. Right to be forgotten: Blockchain pinpoints all user data used by others
  2. Data Portability: User can easily access a blockchain to find data
  3. Right to Access:  User can easily access a blockchain to move data
  4. Privacy by design/default:  Encryption is the fundamental raison d’être of blockchain
  5. Secure Processing of Data:  Blockchain is a security-first architecture
  6. Timely Communication:  Changes in blockchain are real-time reconciled

 

Recommendations

Although blockchain is in the early stages of testing in the programmatic ecosystem, its immediate potential to solve GDPR needs is appealing on several levels. For advertisers and publisher stakeholders in the EU and elsewhere interested in bringing blockchain into their consideration set, we recommend taking the following five steps. Needless to say, in times of urgent change nothing can replace a stakeholder desire to turn a serious and complex constraint into a giant leap opportunity.

  1. Get informed about the GDPR — See series of digestible materials below.
  2. Join open-source industry groups such as AdLedger.org to accelerate information gathering and institutional knowledge about blockchain.
  3. Effective implementation of blockchain to ensure data providence will require adoption across the advertising value chain, including advertisers, DMPs, DSPs, ad exchanges, and publishers. Create a starting point Proof-of-Concept use case and implement it in an accelerated manner in order to build out a definitive blueprint and investment case.
  4. Seek an advisory service that can check your readiness level, build an implementation strategy that ensures compliance and helps your marketing team lean into potential solutions such as blockchain.
  5. Establish a list of quick wins and communicate signs of momentum early and often to internal and external stakeholders.

 

Digestible Reading Material on Blockchain
  1. 10 Operational Impacts of the GDPR
  2. A Complete Beginner’s Guide To Blockchain
  3. WTF is the blockchain, A Guide for Total Beginners
  4. IBM partners with Nestle, Unilever and other food giants to trace food contamination with blockchain
  5. German publishers are joining forces against the duopoly