The good, the bad and the ugly: Beware of outlandish GDPR claims

Uncharted waters are something the digital media industry should be used to by now. But the General Data Protection Regulation is a whole new ballgame.

With six months to go until the law is enforced, there’s an equal amount of sense and nonsense being spouted about how to tackle it.

Here are some of the more startling claims overheard in the wild:

The aggressive sales pitch
Supposed “GDPR experts” are making loud claims. One publisher executive balked at being pinned by a third-party vendor with the pitch: “Without using our auditing services, you leave yourself open to extinction!”

The overconfident
It may seem hard to believe, but despite all the scaremongering around the GDPR, a lot of companies are still in denial about it. “The amount of times I’ve heard ad networks say, ‘GDPR and ePrivacy aren’t going to affect programmatic advertising’ — it’s crazy how many companies are still in denial about it,” said a digital marketing exec.

The artful dodger
Beware any niche third-party tech vendor that claims to already be 100 percent GDPR-compliant (there are plenty of them), as it’s highly unlikely they are. The final direction on how to obtain consent and share data won’t be published until next month, so avoid those claiming to be clairvoyants.

The lazy vendor
More than a few publishers’ jaws have dropped after receiving stony responses from vendors when inquiring about how they’re preparing for GDPR compliance. Some vendors seem to believe publishers alone will be on the hook for fines. As such, they’re sitting pretty, doing nothing and expecting publishers to gain consent on their behalf.

The worryingly complacent 
Some are still not taking action because they think the outcome of GDPR enforcement will be akin to that of the European Union’s ePrivacy Directive in 2011: a load of fuss made about nothing. This is not the case, however. “Most worryingly, a company stated to me they wanted to do absolutely zero, as they cited it being the EU Privacy Directive all over again. [It’s] a massive gamble not just in terms of fines, but business reputation, too,” said Lindsay McEwan, vp and managing director of Europe for tag management vendor Tealium.

The blunt approach
There’s talk that some agency holding companies plan to cap programmatic spending to limit exposure to GDPR penalties, according to industry sources. Some are also looking to instigate new insertion orders with GDPR-related terms and conditions. “Agency operating groups have ordered [their agencies] to limit exposure by reducing the amount of programmatic spend to 20 percent of total digital spend up to the end of September, I suspect to boost their own internal supply marketplaces,” said an ad tech exec. “Programmatic is a shitshow. Makes sense to avoid it and be seen to avoid it.”

The bloodsucking lawyer
GDPR lawyers, consultants and information security companies are making an absolute killing, and that will only increase. It’s best to boost your own GDPR knowledge to make your business less at their mercy.

Image courtesy of

More in Media

YouTube is under fire again, this time over child protection

Adalytics Research asks, ‘Are YouTube advertisers inadvertently harvesting data from millions of children?’

Illustration of a puzzle that spells out the word 'media.'

Media Briefing: Publishers pump up per-subscriber revenue amid ad revenue declines

Publishers’ Q2 earnings reveal digital advertising is still in a tight spot, but digital subscriptions are picking up steam.

Lessons for AI from the ad-tech era: ‘We’re living in a memory-less world’

Experts reflect how the failures of social media and online advertising can help the industry improve the next era of innovation.