How to ensure success in a post-GDPR world

May 31, 2018

by Shawna Larkowski, Director, Oath Global Product Marketing

In the weeks leading up to GDPR, we know your inbox was flooded with hundreds of emails around GDPR preparations. Oath was probably responsible for a few of those, and we know the pain felt by teams scrambling last minute to button up any outstanding compliance risks.

Now that GDPR is here, everyone wants to take a collective sigh of relief—but let's be real, until we've started gathering data around consumer opt-in percents and revenue breakage, or feel the pain of maintaining all the products and protocols we just implemented, the work is far from over.

So here's a quick look at some potential areas to evaluate (or reconsider) if you find yourself in need of a course correct:

New tech and protocols got you down already?

GDPR may have required the adoption of a CMP and consent capture solution, and updates to ad tags or SDKs, but there are some things you can do to make implementation and maintenance easier.

1. Working with a CMP that follows the IAB EU Consent and Transparency Framework will make it much easier to gather and pass consent information throughout the supply chain, as the consent string is interoperable with all IAB EU framework partners. Solutions that have taken a path alternative to the IAB EU framework, such as Google or Twitter's MoPub, do not use IAB standard consent strings, making it more difficult for other vendors to understand if the user has given consent. This means vendors must make the assumption that consent has not been passed, limiting their ability to provide their services.

Some of these non-framework partners have provided complex API workarounds to translate their consent strings into an ingestible format, or have provided ambiguous timelines for potential interoperability with the IAB EU framework. But why wait or go through the extra effort? Even if you've adopted one of these solutions, it's not too late to test another option and future proof yourself for GDPR under the guidance of the IAB.

GDPR best practices and the Oath CMP

2. Adopt a solution that lets you test everything before you deploy it, so you know exactly how your CMP solution will look, feel, and handle all the complexities of vendor list and consent string management. The Oath CMP allows you to interactively test our CMP on a demo page, provide consent settings and generate an encoded consent string, consent string parser, and vendor list generator.

3. If you've made all the updates required to pass consent in your ad calls (either via ad tag updates, SDK versions, or header bidding container versions) and are still having issues or errors, it may be best to check the raw log of your consent string. Did you accidentally leave in placeholder code for consent? If so, your buyers and other partners are likely not able to interpret the parameters. Sounds like a silly mistake, but we all know how easy they can be to make (looking at you, ads.txt).

Have a poor opt-in rate from your consumers?

You have quality content and services, and your users know it - or else they wouldn't visit your property.

But they may not know how valuable their consent and user data is for you to provide your services. And if you have a jarring user experience that doesn't clearly explain why this is important, or doesn't match the look and feel of your property, your users will be even less likely to consent.

You can use an out-of-the-box consent UI, but take the (short) time to customize it to match your property. Update the style of your consent UI to appear as a native part of the user experience. Tailor the language to match your brand identity and the voice your users associate with you—it's ok to get a little cheeky, as long as you're letting them know how their data is used and honoring the intent of GDPR.

Let them know that personalized advertising not only delivers a more relevant ad experience for them, but helps you continue your business. It may make sense to do A/B testing with your UI to see what is most likely to generate an opt-in from your users. If optimizing your consent UI and settings does not increase your opt-in rate, it may be time to consider additional options for consent gathering, such as establishing a pay-wall or incentivized opt-in.

My revenue has taken a hit!

Lots of factors may be contributing here, including the above two sections, but here are a few additional red flags to look for.

1. Incomplete vendor list? If you haven't included all your value added partners in your consent solution, then every time they receive an opportunity from you (outside those processed under legitimate interest), they will need to treat that user as non-consented and strip any user data in GDPR scope. Contact us for a recommended list from Oath for partners we work with to ensure you're including the industry best.

2. Does the point above not apply, because your CMP is limiting you to 12 (ahem, 11) vendors to gather consent for? This is decreasing the competition for your valuable users and likely to cause a hit to your revenue. GDPR or not, you deserve to work with however many partners make sense for your business and drive revenue. IAB Framework CMPs, like Oath, do not have these restrictions or impart policies that automatically bias their platforms and stifle competition.

3. Are your buyers having issues receiving consent information from you? Again, consent gathered and passed by solutions that are not operable with the IAB EU Trust and Transparency framework is going to make it difficult for any buyer or vendor to translate the consent information and be able to process user data.

4. And similarly, many buyers find non-consented impressions valuless. Rather than accepting bid requests for non-consenting users, some buyers have made the decision to proactively filter those out, making it that much more crucial to fix any steps in the chain preventing you from gathering and passing consent.

As a publisher, Oath has lived and breathed these challenges for the past two years and deploys a huge taskforce across our legal, product, privacy, and business teams to make our publishers successful in GDPR. You can learn more about our GDPR compliant platforms and deep expertise in consumer privacy here.