All Categories > Compliance

Preparing for GDPR – Checklist & Timeline

GDPR is quickly approaching, which means it’s time to kick it into high gear. If you haven’t done anything yet, here’s a basic list of necessities to get you prepared.

• Evaluate your EU traffic. Is it a large portion of your revenue? If so,  continue down this list. 
• Determine your lawful basis. Review the Lawful Basis for Processing, and determine what you align with. Publishers have six options but only two of them are most relevant: consent & legitimate interest. 
• Create a list of your vendors. Reach out to them to understand how they align with the new legislation and which lawful basis they have chosen.
• Get organized internally. Update your privacy policy, review vendor contracts, put a process in place to handle EU data and create a way to respond to data subject requests.
• Look for Consent Management Platform. Should you decide your lawful basis is consent, start looking for a Consent Management Platform (CMP). Sovrn has a pretty great option for you. Check it out here!

Are you a Sovrn publisher? Follow this timeline. 

April 26th: Receive your first email communication from Sovrn with everything you need to know to make the right decisions about GDPR.
April 27th: Receive links to our updated terms found on our website.
May 1st: Make your EU Reader Control selection.
May 8th: Log into Meridian to accept new Terms & Conditions.
May 1st – 25th: Monitor your email for reminders & communication from Sovrn and check out Sovrn’s CMP
May 21: Forced acceptance goes live in //Meridian. In other words, make sure you review & accept Sovrn’s terms in order to access your account.
May 22: EU Reader Control rollout begins.
May 23rd: Community AMA: Ask Sovrn Anything about GDPR.
May 24th: Enable your Sovrn CMP in //Meridian.
May 25th: GDPR goes into effect, EU Reader Controls, and CMP goes live.
Stay up to date on Sovrn initiatives & join the conversation in the Sovrn Community.

Never miss a post.