Home Ad Exchange News Demandbase’s New Chief Privacy Officer Weighs GDPR’s Impact On Ad And Mar Tech

Demandbase’s New Chief Privacy Officer Weighs GDPR’s Impact On Ad And Mar Tech

SHARE:

Call it a sign of the times.

Demandbase has hired a chief privacy officer – the first in the company’s history.

Fatima Khan, who joins the B2B ad tech platform from a prior position as VP of legal at mobile ad network AirPush, will be responsible for ensuring Demandbase’s global privacy policies are up to par – and that they pass muster with General Data Protection Regulation (GDPR) changes.

Although GDPR is a work in process, industry observers agree: Every corner of the ad tech ecosystem could be affected.

Khan spoke with AdExchanger about how Demandbase is preparing for GDPR and predicted what’s next for ad tech and marketing tech.

AdExchanger: Why is Demandbase hiring a chief of privacy?

FATIMA KHAN: I’m going to head up the company’s overall approach to privacy and will be responsible for managing the cross-functional efforts toward GDPR compliance. It’s a critical time to be part of this industry, especially in ad tech and mar tech, because not everything is black and white.

But having been in the industry awhile, I’ve come to realize this is an industry that knows how to adapt. Ad tech and mar tech is scrappy. For example, ad IDs replaced device IDs and companies found ways to comply with COPPA regulations.

What does your role entail?

One way you start to tackle the privacy question within a company is through data mapping. After that, we’re doing a major gap analysis of all of our data and processes … as well as managing internal compliance through training.

We have a few priorities on the list for compliance, the first being updating our privacy policy and ensuring we’re in line and providing adequate notice, choice and transparency to data subjects. From there, we want to make sure our data transfers to the US are legal, so we’re aiming to apply for Privacy Shield.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

You’re a US-based company. How can similar companies that engage in cross-border business, particularly in the EU, begin to prepare if they haven’t already?

A major thing is figuring out whether you fall into a “controller” or “processor” bucket. Many mar tech companies may have traditionally been more on the processor side, but in reality – based on what ad tech companies do, especially if you’re providing a lot of additional services around segmentation – you’re definitely going to fall into that “controller” or “joint controller” bucket instead.

In addition, one thing that’s really affected ad tech companies … is the expansion of web accounts as personal data. Identifiable data is also included in the regulation, which includes things like device IDs and IP address, and it really changes the game for marketing and advertising companies because it applies those traditional, personal data rules to new sets of data.

What practical advice would you give marketers or other tech companies?

This is only the start and the regulation at this point is not black and white in many areas. We’re lucky because we already have our data mapped and know what compliance actions we want to put into place.

From an ePrivacy standpoint, one practical consideration would be to understand what type of technology you’re using for which product and why you’re processing that data: What basis for processing do you have in place? Do you have contractual clauses that reflect that?

Or, if you’ll need to rely on another mechanism, such as consent, take that into consideration and determine whether you need to re-evaluate the data you collect, utilize broader segments that don’t rely on personal data or change your use of identifiers altogether.

Interview condensed.

Must Read

Forget The FUD, Now DoubleVerify Wants Advertisers To Get Back Into The News

Even brand safety companies think news blocking has gone too far. DV is exploring ways to help advertisers support legitimate news and just hired its first-ever head of news.

To Reduce The Ad Tech Tax, Sovrn Expands Its SaaS Pricing Model

Sovrn is now offering its header bidding managed service, dubbed Ad Management, as self-serve software for a flat CPM fee.

play button with many coins isolated on blue background. The concept of monetization of the video. Making money on video content. minimal style. 3d rendering

Exclusive: Connatix And JW Player Merge To Create A One-Stop Shop For Video Monetization

On Wednesday, video monetization platforms Connatix and JW Player announced plans to merge into a new entity called JWP Connatix. The deal was first rumored in July.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Buyers Can Now Target High-Attention Inventory In The Trade Desk

By applying Adelaide’s Attention Unit scoring, buyers can target low-, medium- and high-attention inventory via TTD’s self-serve platform.

How Should Advertisers Navigate A TikTok Ban Or Google Breakup? Just Ask Brian Wieser

The online advertising industry is staring down the barrel of not one but two potential shutdowns that could radically change where brands put their ad dollars in 2025, according to Madison and Wall’s Brian Weiser and Olivia Morley.

Intent IQ Has Patents For Ad Tech’s Most Basic Functions – And It’s Not Afraid To Use Them

An unusual dilemma has programmatic vendors and ad tech platforms worried about a flurry of potential patent infringement suits.