GDPR Data Protection Impact Assessments (DPIA) for Digital Advertising under GDPR
IAB Europe works to provide analysis and guidance on the interpretation and application of EU privacy and data protection rules as they apply to the digital advertising sector. As part of efforts to demonstrate that the industry takes legal compliance seriously, IAB Europe’s Legal Committee has collaborated with IAB UK to develop this practical guide to carrying out data protection impact assessments (DPIA) under the EU’s General Data Protection Regulation (GDPR).
This GDPR Data Protection Impact Assessments (DPIA) for Digital Advertising under GDPR Guide provides background and describes the DPIA process in the context of processing data for digital advertising generally and for real-time bidding (RTB), in order to help companies understand their obligations and how to comply with them in practice. It explains how to incorporate the DPIA process into a company’s normal course of product design and development.
Our aim is to provide an accepted, widely adopted, standard for evaluating and managing risks associated with personal data processing in the industry. It can be used by any organisation across Europe and can significantly facilitate compliance efforts when used in conjunction with your implementation of IAB Europe’s Transparency and Consent Framework (TCF). In particular, the guidance covers the following:
- What a DPIA is and its purpose under GDPR
- When a DPIA is required
- How to go about a DPIA, including the process and who is involved
- Guidance on how to assess risk and identify appropriate mitigations in the context of typical digital advertising data types and processing activities
Visit IAB Europe’s Knowledge Hub here to access the guide.
If you have any questions about this work, please email Filip Sedefov at firstname.lastname@example.org