Digital Advertising Guidance: DPIAs under the GDPR

Posted on: Friday 27 November 2020 | IAB UK & IAB Europe

Data protection impact assessments: When are they required? And what does a good DPIA process look like for the digital advertising industry?

Share this

As part of our work to address the ICO’s concerns about ad tech and real-time bidding, we have worked jointly with IAB Europe to develop this practical guide to carrying out data protection impact assessments (DPIAs). This is in the context of processing data for digital advertising generally, and for real-time bidding, in order to help companies understand their obligations and how to comply with them in practice. It explains how to incorporate the DPIA process into a company’s normal course of product design and development.

Our aim is to provide an accepted, widely adopted standard for evaluating and managing risks associated with personal data processing in the industry. 

The guidance covers:

  • What a DPIA is, as defined in the GDPR, and its purpose
  • When you must carry out a DPIA
  • How to go about a DPIA, including what the DPIA process looks like and who is involved
  • Guidance on how to assess risk and identify appropriate mitigations in the context of typical digital advertising data types and processing activities

If you have any questions about this work, please email ico@iabuk.com.

Written by

IAB UK & IAB Europe

Share this

Related content

a person at a computer

CMA update: What’s happened so far & what’s next?

Read our summary of what’s happened since the Competition & Markets Authority (CMA) released its market study into online platforms and digital...

Learn more
policy

The Broken Privacy Shield: What to do now

Any company that has been relying on the EU-U.S. Privacy Shield Framework to transfer personal data from the UK to the U.S. will no longer be able to do...

Learn more
ICO webinar

Webinar: Update on IAB UK’s response to the ICO report

In December, we published our response to the ICO’s ‘Update report into adtech and real time bidding’, setting out our plan for action in six key areas...

Learn more
ICO

Digital advertising guidance: special category data under the GDPR

What is special category data, how might it arise in digital advertising, and what are the restrictions on its processing under the GDPR?

Learn more

Why digital advertising works

Discover why digital advertising is effective for reaching your customers and building brands.