• Case Studies
  • Events
  • Headlines
  • Infographics
  • News
  • Presentations
  • Press Release
  • Whitepapers

GDPR: How We’ve Gotten Ready

The steps we have taken to prepare for GDPR

GDPR is only a few weeks away. While it may have originally been perceived as a burdensome revolution, the regulations are now understood to be an important step towards ethical online advertising, with respectful use of data as its first priority.

Since Sociomantic’s early days, we have had data privacy at the core of our business. We use data carefully and respectfully while helping our clients make their online advertising more relevant and personalized. Many of our existing data protection procedures were already strongly aligned with the GDPR guidelines. With May 25th on the horizon, we have doubled our efforts, preparing behind the scenes in order to meet the requirements applicable for the advertisers, publishers and partners we work with all around the globe, so that they, too, are compliant by proxy wherever Sociomantic’s partnership is concerned.

For one, we’ve been running Sociomantic’s Privacy Program, which pursues implementation of policies and procedures, to comply with data protection by design and default. The key principles that have guided the company-wide program are listed in Sociomantic’s Approach to Data Privacy. As we are on the verge of this colossal industry change, we are ready to share how we’ve readied ourselves for the benefit of our clients and partners.

Stumped by GDPR lingo? Check out the GDPR Jargon Buster first.

Privacy by Design

Having data privacy at heart of our business, we’ve emplaced several technical and organizational measures to make sure we keep the personal data we are processing as safe as possible. Measures taken include:

  • All data processed and stored by Sociomantic is pseudonymized, which means it can no longer be attributed to a specific data subject or person without the use of additional information.
  • Data is SSL encrypted during transmission, which means information is protected from being hacked and recognized during this transmission. All systems processing clients’ data for advertising purposes are automated which minimizes vulnerability for “human errors”.
  • Our Data Protection Officer has been working alongside our legal department since 2016, training our team on important regulations and data processing, as well as conducting continuous audits to ensure compliance, and monitoring performance on data protection efforts.
  • We know our databases by heart, thus we are able to act on any user requests, respecting the user’s individual rights under GDPR.
  • We’ve set up procedure to respond to any consumer complaint and/or request within seven days.
  • We’ve checked and modified our data infrastructure, including arranging for new processes with directly responsible people.
  • We made sure we work only with trusted supply partners we selected, making sure their practices run parallel to the same rigorous standards that we set for ourselves.
  • We’ve reviewed and revised contracts to ensure that our suppliers cover the required terms. Where necessary, we also conducted a privacy impact assessment on our suppliers.
  • We made sure we work only with trusted server providers. Our European server provider is ISO 27001 certified, declaring themselves to have implemented a proper information security management system with highest security standards.
  • We equipped our client services team with a comprehensive overview of privacy topics so that they can better understand the challenges faced by our clients, and how to best support them.

Setting High Standards and Continuously Challenging Ourselves

To continuously manage our GDPR compliance we’ve put in place several procedures that will make sure we maintain the course.

  • Continuous research while consciously monitoring our data stets to ensure all data are processed and retained only for the necessitated period.
  • Carrying out internal assessments to identify what risks our data processing poses to an individual, and to ensure that our data processing is a low-risk environment, for the benefit of our clients and their customers.
  • Continuously reviewing and monitoring our current governance, policies and practices, challenging ourselves to find room for improvement.
  • Holding a number of certifications and we are reviewed by, and align ourselves with, key industry alliances such as:
  1. European Digital Advertising Alliance’s Self-Regulatory Principles
  2. Internet Advertising Bureau UK
  3. ePrivacy European Seal for the Privacy
  4. TAG Certified Against Fraud Seal
  5. Conscious Advertising Network

We hope we have provided assurances that Sociomantic has concentrated time and resources to help make sure all our clients, publishers and partners around the globe are compliant where Sociomantic’s services are concerned, in the lead up to the GDPR’s official start date. We will continue improving our measures and procedures and we will keep you posted about important updates regarding GDPR.