The General Data Protection Regulation, known as GDPR, takes effect May 25, changing the laws around data privacy in the European Union.

The scope of GDPR is as complex as it is extensive and will have long-standing effects on how publishers and advertising companies interact with European users. With just over a month left until the law takes effect, here are answers to common questions publishers are asking about the new data regulation.

Any visitor of your website from within the EU will need to give explicit consent for any collection, use, storage, or sharing of their personal data.

Why exactly is GDPR so significant for publishers?

GDPR drastically changes how and why companies collect or interact with the personal data of online users in the EU. Under this new law, any visitor of your website from within the EU will need to give explicit consent for any collection, use, storage, or sharing of their personal data. What is deemed “personal data” under GDPR however, is much broader than the US definition of PII (personally identifiable information). The scope expands to include cookie data and IP addresses which are commonly used by brands, agencies, and ad tech vendors in marketing campaigns. Under GDPR, these kinds of personal identifiers can no longer be accessed from EU users unless they’ve opted-in. Additionally, any data your site currently stores where the user opted-in prior to GDPR, such as email sign-ups, could potentially be non-compliant. As a best practice publishers should prompt EU users to re-opt into their email lists.

The user’s browser will be the gatekeeper of their data preferences under GDPR. Since publishers won’t know a user’s browser preferences, they will need to fundamentally change how their site interacts with these users in order to gain clear consent on the type of data they are willing to share. EU users also have the “right to be forgotten”, meaning at any time they can request for their data to be removed and no longer shared with a given company.

For more in-depth information check out this guide by Digiday.

My site is in the U.S. Does this apply to me?

Yes, this applies to any site that can potentially access, collect, or interact with a person’s data in Europe. Any users who access your site from within the EU are protected by the scope of GDPR.

What happens my site is not compliant with GDPR after May 25th?

The fine for being found non-compliant with GDPR is 4% of gross annual sales or a fine of €20 million (roughly $24 million) whichever is larger.

How do I become compliant?

There are many solutions cropping up offering different scopes of service to help media companies become GDPR compliant. What’s important for publishers is to find out how third-party ad tech partners are using and sharing data from their site, as each partner will need to be compliant. Additionally, publishers will need to find a way to educate their audience and communicate consent for each type of data properly. Ultimately, publishers are responsible for how their user’s data is accessed and ensuring their site is compliant before the May 25 deadline.

Freestar is partnering with ZeroID to offer our publishers an end-to-end solution for GDPR compliance. ZeroID takes care of opt-in/consent for each type of data, manages opt-in preferences, and offers a completely compliant GDPR ad network.