Tapad and GDPR: What You Need to Know

Since Tapad’s beginnings in 2010, privacy has been a top priority. We provide clear notice to consumers and easy opt-out choices, maintain membership to self-regulatory organizations such as the NAI and DAA, and do not collect data when there is no present commercial need. We also make sure our communications are straightforward and transparent to consumers.

As GDPR comes into effect in the spring of this year, we wanted to make it clear that our commitment to privacy continues to be unwavering as does our steadfast compliance across every market in which we operate. We also see GDPR as an opportunity to re-connect with consumers in a transparent and meaningful way, which is why we are sharing the privacy principles we are following to be GDPR compliant by May 2018. This includes:

  • Increased communication options in our privacy notice

  • Appointment of a dedicated European Data Protection Officer

  • Formal privacy impact assessments created for all key products and greater emphasis on privacy-by-design principles

  • Ensuring data processing agreements (DPAs) and necessary contractual clauses are in place for relevant relationships

  • Areas we are working on as we move into compliance include:

    • Implementation of a technical process to fulfill data subject requests

    • Ensuring technical safeguards are in place for all data processing

  • Tapad will rely on a combination of consent and legitimate interests as a legal bases for processing. For both, we are combining forces with our publishers where both parties have joined interests and we make sure that both provide information and possibilities to consent where this is relevant.

    • The GDPR specifically states processing for direct marketing purposes may be regarded as carried out for a legitimate interest (recital 47)

    • Tapad has performed a careful legal analysis, a thorough balancing test, and offers many mitigations to balance the impact of individual privacy expectations

    • Combined with a focus on privacy in product development and privacy-by-design principles, we have concluded that Tapad can rely on legitimate interests and on consent as provided by its publishers, and that the rights of the data subject are duly respected during the data processing activities.

Overall, Tapad welcomes GDPR as it helps bolster consumer privacy across the industry. For more information about Tapad’s approach to GDPR, download our one-sheet here or click below.