New York-based international ad tech company AppNexus is introducing major policy changes governing access to data through its tech stack ahead of the incoming General Data Protection Regulation (GDPR) in May 2018.

The company has also announced it will commit investments in its European data centre infrastructure, to ensure data “originating from Europe, stays in Europe”.  

Although AppNexus is not the only company to have begun restructuring processes in line with the upcoming policies, the public manoeuvre sheds some light on the sheer scale and impact compliance with the update will have on the digital advertising industry.

Brian O’Kelley, the company’s CEO, called GDPR a “coming reality”, with unprepared companies likely to find themselves “locked out of European markets”.

“GDPR will change the way that internet companies do business in Europe,” said O’Kelley, “advertising is the power source of the open internet. It’s incumbent upon all digital publishers and advertisers to work with technology companies that take privacy seriously.”

Partner shakedown

The overhaul means AppNexus will be reviewing its current partners – both direct and via its client relationships – and plans to impose new requirements governing the use of data on and off its tech stack.

Those that cannot or will not comply with these measures, it says, will be dropped.

“While many details about GDPR remain to be determined, there are important steps that companies can take now to drive toward compliance in 2018,” commented AppNexus’ deputy general counsel of privacy,  Julia  Shullman.

“That includes, among other things, ensuring best practices around data minimisation and security. It also means working closely with partners to build tools that meet GDPR’s enhanced transparency, access and choice requirements and continuing to participate in the dialogue on the proposed ePrivacy Regulation.”

For a summary of the GDPR update and what it means for data-driven marketing, as well as advice on how to prepare for it, PerformanceIN published a “GDPR Checklist”.