What is GDPR?
If you work in the digital advertising industry, you must have heard about GDPR by now. So a very brief introduction should be sufficient.
GDPR is an acronym for “General Data Protection Regulations”, which is a law that was adopted by the European Parliament in the autumn of 2015 and which came into force on May 25, 2016. There was a 24 month implementation period, and as a result the enforcement of GDPR commences on May 25, 2018.
The regulation oversees the collection, processing, and movement, of personal data about individuals residing in one of the 28 EU states and 4 other European states that also adopted GDPR.
Companies and organisations that operate in the area governed by GDPR will have to be compliant with the regulations, even when they are based outside of the EU, if the Data subject involved is an individual who resides in the EU.
Not complying with the regulation can result in administrative fines of 4% of Gross Global Revenue of the organisation found to be in violation, or 20 Million Euro, whichever of the two is greater.
Important note for the reader of this text: GDPR is an extremely complicated set of rules, and it is actually much more a legal matter than a technical matter. The Revive Adserver team is not qualified to provide legal advice, so this text should be considered to be simply informative. We recommend that you consult with a lawyer or a qualified expert in order to be fully compliant with GDPR.
How does GDPR relate to Revive Adserver?
Revive Adserver is a free, open source, ad server system. The software is being developed by a small team of volunteers under the umbrella of a not-for-profit company called Revive Software and Services, based in The Netherlands.
Anyone can download the Revive Adserver software from this website, install it on their own server, and then use it to display advertisements on their own website(s). We, the team developing the Revive Adserver software, have no control over how you use the software. As such, the use of this software is entirely your own responsibility, as is your own compliance with GDPR.
GDPR introduces three important roles, which affect the rights and responsibilities an entity has. The three roles are:
- Data Subject: a natural person from whom data is available and who should be able to determine how their data will be collected, stored, and/or moved;
- Data Controller: a legal or natural person controlling the processing of personal data belonging to a Data Subject;
- Data Processor: a legal or natural person performing the processing of personal data belonging to a Data Subject;
Instead of trying to go into the details of what a Data Controller and a Data Processor is and how it is determined whether you are the former, the latter, or both, we recommend having a look at the article by Sagara Gunathunga on All you need to know about GDPR Controllers and Processors.
We, the Revive Adserver project team, perform none of these three roles mentioned above, when it comes to your use of the Revive Adserver open source software. We are simply the developers of the software. Any person or organisation using the software has their own full responsibility for being compliant with GDPR.
Please study our article describing how the Revive Adserver software treats Personal data, to help you establish or improve your own policies regarding to GDPR compliance.
Continue reading about Privacy, GDRP and personal data.