Until now, the role of a data protection officer (DPO) had been largely undefined. Historically, data was considered primarily in the context of computing, and those given the role of a DPO were frequently professionals with an information and communications technology background. In fact, prior to the General Data Protection Regulation (GDPR), very few countries had required the appointment of a DPO or other data privacy role within an organization. Given the ubiquitous nature of technology today, the role and expectations of a DPO have diversified and expanded, especially in light of the GDPR.
To keep up with the fast pace at which technology is developing, the EU has begun amending its regulations to reflect these technological advances.
In January 2017, less than nine months after the European Union (EU) adopted the General Data Protection Regulation (GDPR), the European Commission drafted a proposal, known as the ePrivacy Regulation (“Proposal”), as part of an initiative to replace the current ePrivacy Directive. Together with the GDPR, the Proposal will aim to provide the strongest protection to users’ data across the EU.
What is the GDPR?
The European Union’s General Data Protection Regulation (GDPR) will go into effect on May 25, 2018, significantly changing how companies handle personal data of their EU consumers. The GDPR will replace the current EU Data Protection Directive as the overarching data privacy framework across the European Economic Area (EEA).
With ad tech companies striving to create the best user experience by delivering the most relevant advertisements, the GDPR’s effects will be substantial.