The EU General Data Protection Regulation will enter in force on May 25th 2018. For a matter of transparency, you will find bellow the roadmap Kwanko followed to comply.

The goal of this page is also to gather in a single place all relevant legal and informational documentation that came out of our work.

Record of operations

Kwanko gathered a group of stakeholders to audit all personal data processed for its activity.

The result of the work is a personal data mapping, with for each personal data, the following information :

  • Who? Who is the Data Controller and Data Processor?
  • Where? Where is stored the data?
  • Why? What is the legal basis for the processing?
  • How? How or by which method is collected the consent?
  • When? Until when is stored the data?

As an example the mapping went through the followings: cookie tracking, event tracking, our PartnerTag technology, our email de-duplication tool, all our lead generation products…

Each time, we have paid a specific care to Kwanko’s role and the legal basis of the processing.
This mapping will help us to build our record of operations, that will be available in the documentation below.

Awareness and training

Kwanko built some training courses via its internal dedicated tool to grow the awareness of its team on the topic. The training courses will be extended in time.

In addition, we reviewed some internal procedures to make sure all personal data is processed with the required confidentiality.

Finally, we reviewed our internal regulation.

Relations with partners

Kwanko updated its publishers Terms & Conditions. They will be communicated and accessible through Kwanko’s platform as of May, 25th.

We designed a Data Protection Addendum (DPA) for our advertisers, in particular to bring their attention on their Data Controller role.

We will make available our Record of Operations as well as our Cookie Inventory.

We updated our Privacy Policy and our Security Policy.

DPO nomination

Kwanko nominated a DPO, you can reach him on:

Implications within our business community

Kwanko has been active in its french professional syndicate (CPA) where we have been working closely with our peers. We have published the result of our work that you find here.

E-Privacy Regulation

Kwanko will be waiting for the final version of the ePrivacy regulation (especially for all which concerns web navigation data).


As part of our publisher’s network, we consider you first and foremost as a partner. This is why we think that together, GDPR can become more an opportunity rather than an obstacle.

First, lets not forget that GDPR’s goal is to offer a better experience and build more trust to our users, who, at the end of the day, allow you like us to grow our business. We believe that if users have more trust in publishers and advertisers, the regulation will have an overall positive impact.

By being relevant and transparent, we will be, together, on our way to compliance.

3 concrete examples:

  1. The GDPR requires lawful basis for processing. In other words, you need a legal reason to use a user’s data, like consent or legitimate interest. Making sure to have this lawful basis will allow to have more engaged users/visitors. All transparency efforts, in terms of easily accessible information, that you will bring to your users will lead to more trust, and we hope, more performance.
  2. The GDPR has specific rules about enabling your contacts to specify exactly what they want to receive from you. This makes total sense from a business perspective. Don’t send to users that don’t want to hear from you, and make sure the ones that do get to choose what they want. This will lead to fewer unsubscribes and better deliverability.
  3. The GDPR requires increased transparency around data collection and processing. In legal language, that’s the “right to access”, “portability”, and the “right to be forgotten” which mean your contacts can demand a copy of their data in a common format and/or ask for the deletion of all their personal data. Again, the link between transparency, trust, engagement of your users/visitors and performance is clear.
GDPR impact What it means What does Kwanko do about it
Definition of roles Publishers are Data Controller for all data collected and transferred to Kwanko or its advertisers. That means that publishers are responsible of the legal basis of the processing of all personal data, whatsoever its form (argsite, email, phone number…). Kwanko is the Data Processor, as a supplier of technical means. Kwanko has updated its Terms & Conditions and brings its help to publishers, for instance with this web page.

In process.

Consent Publishers, as Data Controllers, have the obligation to collect the consent of users for each given processing, and according to GDPR guidelines.

  • You need to tell the user clearly and in a unequivocal manner what he is opting in.
  • The user needs to affirmatively opt-in (pre-checked checkboxes aren’t valid). Filling out a form alone cannot implicitly opt the user for all your company data process.
  • You must be able to prove the opt-in and offer an easy opt-out.
Kwanko has updated its Terms & Conditions and brings its help to publishers, for instance with this web page.

In process.

Minimization Together, the publisher and Kwanko, commit in collecting, storing and processing only the personal data necessary for the final purpose, as well as storing personal data only the time necessary for the given purpose. While mapping its personal data, Kwanko went through all of them to define the maximum storing time.

Technical actions to automatically delete data are under process.

User Rights Together, the publisher and Kwanko commit themselves in offering the right “to access” and “to be forbidden” to all users who would make the demand. Also, we commit in facilitating the fulfillment of the demand. Kwanko is simplifying the process of demand for access, transfer, modification or deletion of a user personal data.

In process.

 Safety Together, the publisher and Kwanko commit in offering a secured environment for the collection, transmission and storage of all personal data they process.

Example : pseudonymization by an MD5 hash will support the security of a personal data (ex : email) transmission.

Kwanko has set up internal process to make sure all its team is aware of the confidentiality required by processing personal data.

Kwanko designed a Security Policy.

In process