Home Ad Exchange News Demandbase’s New Chief Privacy Officer Weighs GDPR’s Impact On Ad And Mar Tech

Demandbase’s New Chief Privacy Officer Weighs GDPR’s Impact On Ad And Mar Tech


Call it a sign of the times.

Demandbase has hired a chief privacy officer – the first in the company’s history.

Fatima Khan, who joins the B2B ad tech platform from a prior position as VP of legal at mobile ad network AirPush, will be responsible for ensuring Demandbase’s global privacy policies are up to par – and that they pass muster with General Data Protection Regulation (GDPR) changes.

Although GDPR is a work in process, industry observers agree: Every corner of the ad tech ecosystem could be affected.

Khan spoke with AdExchanger about how Demandbase is preparing for GDPR and predicted what’s next for ad tech and marketing tech.

AdExchanger: Why is Demandbase hiring a chief of privacy?

FATIMA KHAN: I’m going to head up the company’s overall approach to privacy and will be responsible for managing the cross-functional efforts toward GDPR compliance. It’s a critical time to be part of this industry, especially in ad tech and mar tech, because not everything is black and white.

But having been in the industry awhile, I’ve come to realize this is an industry that knows how to adapt. Ad tech and mar tech is scrappy. For example, ad IDs replaced device IDs and companies found ways to comply with COPPA regulations.

What does your role entail?

One way you start to tackle the privacy question within a company is through data mapping. After that, we’re doing a major gap analysis of all of our data and processes … as well as managing internal compliance through training.

We have a few priorities on the list for compliance, the first being updating our privacy policy and ensuring we’re in line and providing adequate notice, choice and transparency to data subjects. From there, we want to make sure our data transfers to the US are legal, so we’re aiming to apply for Privacy Shield.


AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

You’re a US-based company. How can similar companies that engage in cross-border business, particularly in the EU, begin to prepare if they haven’t already?

A major thing is figuring out whether you fall into a “controller” or “processor” bucket. Many mar tech companies may have traditionally been more on the processor side, but in reality – based on what ad tech companies do, especially if you’re providing a lot of additional services around segmentation – you’re definitely going to fall into that “controller” or “joint controller” bucket instead.

In addition, one thing that’s really affected ad tech companies … is the expansion of web accounts as personal data. Identifiable data is also included in the regulation, which includes things like device IDs and IP address, and it really changes the game for marketing and advertising companies because it applies those traditional, personal data rules to new sets of data.

What practical advice would you give marketers or other tech companies?

This is only the start and the regulation at this point is not black and white in many areas. We’re lucky because we already have our data mapped and know what compliance actions we want to put into place.

From an ePrivacy standpoint, one practical consideration would be to understand what type of technology you’re using for which product and why you’re processing that data: What basis for processing do you have in place? Do you have contractual clauses that reflect that?

Or, if you’ll need to rely on another mechanism, such as consent, take that into consideration and determine whether you need to re-evaluate the data you collect, utilize broader segments that don’t rely on personal data or change your use of identifiers altogether.

Interview condensed.

Must Read

Comic: An ID Bridge Too Far?

Programmatic Companies Wrestle With ID Bridging And What Counts As Fraud

In January, the Chrome browser removed third-party cookies for 1% of users, to facilitate testing of the Privacy Sandbox –  and a new controversy was born.

It’s Open Season On SaaS As Brands Confront Their Own Subscription Fatigue

For CFOs and CEOs, we’ve entered a kind of open hunting season on martech SaaS.

Brian Lesser Is The New Global CEO Of GroupM

If you were wondering whether Brian Lesser was planning to take some time off after handing the CEO reins of InfoSum to Lauren Wetzel last week – here’s your answer.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Comic: S.P. O'Middleman's

TripleLift CEO Dave Clark Abruptly Exits After Setting The SSP On A New Trajectory

Dave Clark, who’s led TripleLift for the past two years, is stepping down, effective immediately, and is being replaced by a coterie of TripleLifters.

shopping cart

Moloco Invests In Its Competitor Topsort As The Retail Media Stakes Go Up

Topsort can lean into Moloco’s algorithmic personalization, while Moloco benefits from Topsort’s footprint with local retailers in the US and in Latin America.

CDP BlueConic Acquires First-Party Data Collection Startup Jebbit

On Wednesday, customer data platform BlueConic bought Jebbit, which creates quizzes, surveys and other interactive online plugs for collecting data from customers.