Is Your Data GDPR-Ready?


It’s often been said that data will be the oil of the 21st century. Until now, data (and big data, particularly) has been the engine that runs modern-day app advertising.

Data-driven ads work not only for advertisers but also for users who find more relevant advertising and interact with the products advertised. But come May 25th, the discourse around data is set to change when GDPR comes into effect for the EU.

There’s already a lot of buzz around how data is collected and used, and how it is shared to serve ads to users. Data privacy will also be a primary concern once GDPR is implemented. A lot has been said in the media about how prepared the industry is when it comes to how each stakeholder will handle their data. There are still some question marks that remain around how the new legislation will change the way the industry works with first, second, and third-party data.

AppLift partnered with mParticle to prepare a go-to guide for readers to help them understand what GDPR means and how each of the data types will evolve as we move closer to the enforcement of the new law.

Click the image for the full infographic

What is GDPR?

GDPR is a law designed by the European Union to give private citizens control over how their data is collected and used. The law is applicable to all service providers and international companies with data operations about subjects in the EU.

Can I Be Fined?

A lot has already been said on the fines that can come with GDPR mainly because they are substantial. There are two tiers of fines. The first is up to €10 million ($11.7 million) or 2% of a company’s annual global turnover of the previous year, whichever is higher. The second is up to €20 million ($23.5 million) or 4% of the annual turnover of the previous year, again, whichever is higher.

The first tier is for breaches of controller and processor obligations, the second tier is for breaches of data subjects rights and freedoms. The extent to which this will actually be applied remains to be seen.

What About Data-Driven Ads?

There has been some panic in the industry and among the different stakeholders, but GDPR doesn’t mean an end to data-driven ads. Stakeholders need to be more transparent and abide by the rules of how user data will be utilized.

What About Legacy Data?

From what we heard and read it is not safe to rely on leniency related to past legislation and that we should not expect a ‘grace period’, so everything is applicable starting from the end of May. This means that companies should find a good approach to get re-consent or to renew permission to use data. Possible solutions are anonymization of old data or deletion. You have to come up with a good argument and business requirements why to use personal data after the 25th of May. We look at it as starting with a clean slate. From the 25th of May, data needs to be processed in a GDPR-ready manner, all data, not only new data generated from the 25th onwards.

How to Govern Your Data Under GDPR?

  1. Access: All your data sources
  2. Identify: Inspect them to identify what personal data can be found in each.
  3. Govern: Define what personal data means and then share this understanding
  4. Protect: Set up the correct level of protection for the data. Work with mobile-first Customer Data Platforms with GDPR Compliance features
  5. Audit to show regulators
  6. Embrace culture of new user rights


About AppLift

AppLift is a mobile ad tech company that empowers mobile app advertisers to take control of every stage of the app advertising lifecycle. AppLift’s unified platform DataLift 360, enables advertisers to launch their apps as well as grow and retain quality users from one interface. With DataLift 360, app marketers can programmatically access all major mobile ad inventory worldwide and control their campaigns through a single proprietary technology platform, which provides advanced data integration as well as extended targeting and audience management capabilities.


Please enter your comment!
Please enter your name here