Basics Of A Demand Side Platform (DSP)

“If you’re not putting out relevant content in relevant places, you don’t exist.”

-Gary Vanerchuk

Ever observe how you end up having ads stalk you? Say for example, you check an item on Flipkart but you don’t make the purchase only to have the  ad follow you almost everywhere you go online. They pop up on Facebook, Instagram, certain other websites that you visit and even emails.

This form of intelligent marketing can only be made possible if the advertiser really knows you – as a  consumer. Which is exactly why despite the rain of digital ads online, there are very few smart ones that grab your attention. That’s the customer’s viewpoint. Let’s take a look at the marketer and advertisers’ points of view.

They sit behind computer screens launching marketing campaigns, chasing marketing KPIs, measuring ad performances, reporting and performing a million other bits. With the dawn of all things “smart” and technology platforms to make lives easier, one could say that advertising on different channels can be accomplished pretty much effortlessly. Speaking of making lives easier in the world of advertising, traditional direct buying processes are taking a seat back given the birth of new buying methods on platforms that better connect media buyers and sellers. For example, programmatic advertising automates the process of buying and selling of online advertisements. One of the primary buying tool/platform facilitating programmatic buying is a DSP.

It stands for a Demand-Side Platform. Simply put, it’s an automated buying platform used by advertisers (aka media buyers) and marketing agencies to purchase digital ad inventory from the media owners (aka publishers). A DSP will have basic targeting functionalities like start date and end date, geo targeting, budget pacing, frequency capping, day parting, device targeting and contextual targeting.

DSP allows advertisers to buy impressions from a range of publisher sites that have the specific kind of audience which is of interest to the advertiser. The medium through which publishers make ad impressions available for buyers (advertisers) is a marketplace called an ad exchange. A DSP is used to manage multiple ad exchange accounts by the buyer. Not just that, they also act as a central hub for handling every data that one can bring in to help with the RTB (real-time bidding) valuation which is very crucial to successful ad exchange management. DSP automates bidding on deals that close at lighting speed, using sensible parameters which are set by the advertiser to control their budget and optimize spend. Decision-making is also automated by demand-side platform with the help of algorithms to ensure if deals are even worth bidding on in the first place. This gives advertisers a transparent view of websites running their ads to ensure they’re brand appropriate.

Is your demand-side platform really working for you?

Advertisers must ask themselves what exactly a DSP helps them accomplish. A strong DSP consists of efficiency and performance, both of which are important in determining the success of your marketing campaigns. It is also important to understand that all DSPs are designed and developed with different capabilities. You as an advertiser must first determine the campaign needs (reach, targeting and cost) and if the solution your’re looking for aligns with what a DSP can deliver.

With the evolution of programmatic buying, the growth of demand-side platform is anticipated to go hand in hand as it introduces advanced targeting tools, providing options to target behaviourally, geographically, and even options to retarget. Advertisers can generate value and increase return on investments (ROI) based on how well they understand the real consumer needs of the target group. Your DSP is a means of presenting your brand and its offerings to potential customers in the form of ads, marketing messages and emails, but having a layer of intelligence to guide you will only fasten your reach to your most convertible customers at actual moments of (purchase) intent.

“Hey! We haven’t seen you for a while on our website, come and check out what we have prepared for you.” Such mailers are not unusual. Whether your’re a retailer or a bank you would at some point consider sending out mailers. If you’re an e-commerce company, how are you reaching your potential customers? Oftentimes, you combine internal data to guide your real-time bidding (RTB) approach. E-commerce giants also often target frequent shoppers with various promotional offers and discounts designed specifically for them. This also helps in maintaining your brand image among the existing customers. Banner ads displayed with the help of RTB have the potential of replacing e-mail, gift cards, discount coupons and even newsletters? What do you think, let us know in the comments below.

Stay tuned for our next blog, where we talk about Real-Time Bidding and how advertisers and publishers make it a win-win.

How Does Location-Based Marketing Benefit Marketers?

DREAMS! From the dearth of the dire straits to the grandeur of the greatest Mahals (Palaces)! It is the one true common denominator of Humans that goes beyond the discrimination on Religion, Race, Sex and even Wealth! Every wo/man has a dream! A Dream to establish their presence and perhaps achieve the impossible!

Well, it’s this dream that every Brand wants to tap into. Achieve an emotional connect with the Target Audience, appeal to that emotion with the best of communication and once the ‘Share of Mind’ and the ‘Share of Heart’ are obtained, eventually tap into the ‘Share of WALLET’!

Sounds simple, right? Well, most of the brands go wrong at the very first step – Identifying the right TARGET AUDIENCE! All the Communication can go to waste if the right audience is not mapped. Here’s an inside joke at marketing agencies –

‘In the traditional medium of advertising; half of the marketing communication doesn’t reach the right audience. The Irony is no one knows which half!’

Well, with advances in technology, achieving the right target audience is getting refined every day. One such advances is the user’s ‘Real Time Location Data’.

All the advertising of any brand boils down to just one thing – Relevance
How relevant is the advertisement to the end user. Location data adds another level of filter to the existing filters of TG. Deriving Location Intelligence from the Location Data is of utmost importance. Following are the few insights that can help brands map the data to refine their target audience –

  1. Offline-Online Behavior Mapping 
    1. Better understanding the user’s 
    2. For standalone stores, location data can be further used to map the purchase behavior
      For example – A McDonald’s can map a customer’s purchase pattern from the CRM to the time spent at the outlet. After analyzing the patterns, a highly personalized messaged can be sent to the customer thereby increasing the chances of conversion.
      So, the next time the customer drops in the vicinity, a personalized invite can be shared through push notifications thereby increasing his LTV
    3. Furthermore, the brand gains an exact mapping of the ‘Bang’ for the ‘Buck’ solving the perennial question of mapping Marketing expenses to the Revenues generated
  2. Promotions
    1. Every brand offers some promotions to their customers in some point in time. For any event promotion, the likelihood of a customer in the vicinity to visit/convert for any tactical event/promotion increases manifolds 
  3. Competitive insights
    1. In today’s world where the brand loyalty is a metrics of Price, having insight of a customer’s behavior is an added incentive for a brand to push its communications
    2. Well, obtaining the sales data of a neighboring McDonald’s store might not be ethically feasible for a Burger King but to get the location data of the customer and after mapping the behavioral patterns, it takes very little marketing for Burger King to tip the tides in their favor

Well, a few cautions to keep in mind while accessing the location data of a user. As we increase the relevance of ads by tapping into a user’s location, it always borders on the thin line separating the ‘Wow’ from the ‘Creepy’. With the roll-out of GDPR law in EU, it is crucial to inform the customer about the data s/he has shared with the brand.

Though the technology advancements are happening every day & more and more access to end user’s data is available, Zero spillage, the bounces and all other deterrent factors will still remain a distant dream!
Or Will It?

The Great European GDPR

Glazing from a distance, all you see is a spark! It was 16th of April 2016; the flames of Data Protection that was started in 1998 by the EU had suddenly grown from just sparks to the fiery flames! As these flames of GDPR are now rekindled on 25th May, 2018; the otherwise complacent companies, now started feeling the heat.

The eternal questions beckon –




Well, as a brand or an advertiser, before we start taking any swings at the EU’s directive, let’s try and decode the crux of GDPR!

What is GDPR?

GDPR (General Data Protection Regulation) is EU’s regulation to provide complete control of one’s privacy settings to its citizens. The intricacies of GDPR’s impact on citizens are covered in my last article

How should the brands adapt to the GDPR regulations?

Every Business, Every company, Every Brand is always in search of one true currency. Perhaps not the cryptic ones of the recent past but the eternal currency which defined the rules of the Business – Audience’s Data.

As we all exploited this data, GDPR plans to curb its abusive usage.

The highlight of the above sentence is probably not the GDPR directive or the exploitation. The one stand-out is the abusive usage.

Data always was and will be the true currency!

Here are the few steps to stay prepared & adhere to the GDPR directive –

    1. Data here, Data there
      Every Brand gathers data at multiple junctures (interactive Brand Touch points). The first step is to map all the data available in the organization.
    2. Delete or Shift+Delete?
      Map the necessary and unnecessary fields of data of a consumer that is available. Many times a lot of data is collected without any real benefit. (Many data fields become moot because of other data fields) Instead of archiving such data it is advised to delete the unnecessary fields.
      In business terms, is the opportunity cost of deleting more than the costs of encrypting the data?
    3. Secure is the Only Cure!
      Prevent any breaches! Security is the base of preventing hassles! Any data that is available with the brand should be shared / accessible to select individuals only. Lesser the number of individuals having access to the data, lower are the chances of the data breach.
      One of the most common liabilities pertaining to data security is when it is outsourced. The GDPR directive doesn’t grant any exemptions or any leeway for data breach.
      Well, no system is perfect and GDPR directive gives us a provision – In case of a breach, report it within 72 hours of the breach! (This breach has to be conveyed to the individuals as well as the authorities).
    4. I Do!
      Explicit free consent of the customer is of utmost importance. Most of the forms that accept data have pre-checked boxes. All these boxes and implied consents will no longer be considered valid under the GDPR directive. As a practice, it is advised to revisit the privacy documents & disclosures. Modify / Edit / Adjust those documents to meet the guidelines. Establish procedures and policies for an individual who tries to search for his or her data. FAQs are a great example of answering questions. Have a few interactive FAQs for the individuals to map and see their own data –

      1. What data is available with *Brand/Organization’s name*?
      2. How/Where have I given my consent for the data?
      3. How can I delete my data?
        These FAQs not only make the organization compliant to the GDPR directive but also help in building trust with the end user.
    5. My way or Highway!
      Considering the complex nature of the GDPR directive, there raises the question – What if we don’t adhere to the GDPR directive?
      The subtle nuances of ‘Its fine’ and it will attract ‘A FINE’
      Strict policies and very high penalties are huge deterrent for not adhering to the GDPR directive.
      A hefty fine of 20 Million Euros or 4% of Global Annual Revenue whichever is higher is levied on brands
      As we strongly recommend starting the journey of adhering to the GDPR directive for EU directives, we look at the macro perspective for the markets beyond the EU, it is a Brand’s perspective to look at GDPR!

Is it just a spark at a long distance or are they the flames which are going to travel beyond European waters?

Coordinate with your adtech partner and work closely with your legal and privacy teams to monitor your approach. Convert the implications of GDPR as ways to win the trust of your customers and better engage them in the future.

Insightful DMPs To Tackle Ad Blindness For Publishers

“I’ll meet you near Jumbo King.” I say and hang up, as I half-run and half-walk up the stairs, for the metro. And for the first time in a long time, I scan hoardings and advertisements at the station. Funnily, all the words on the sign boards looked like a slur to me, because all I cared was for “Jumbo King”. 

It’s no shocker that it’s raining information and data everywhere you go – whether a metro station, a website or even a mobile app. And as a conservative shopper and a digital-first consumer of today, I’m hardly ever enthralled by hoardings or digital adverts. Unless of course the ads are relevant to me.

I must however give it up for all the random brands that seem to target me with digital ads on apps that I use and websites that I visit often. I say “seem” because I should not have ideally been targeted. Why? Because I’m highly capable of going blind to certain ads that are not significant to me. So psychology describes selective attention as the ability to react selectively when multiple things occur at the same time. See, what I’m trying to say? People are rarely attentive to ads that don’t address their current “consumer” problems. And when app users or website visitors go blind to ads, those are lost impressions for advertisers/marketers.

Here’s what makes a user go blind to digital ads:

Timing: I’m on a mobile dictionary app at 11:30 PM, looking up “lackadaisical”. And a pop-up ad of a local mart seizes my screen. Why! I wonder. Like, why trigger that ad then

Solution: I’d prefer being targeted by a local mart when I’m on an ecommerce site looking up products that the mart offers too. Oh and, for a dictionary app, shouldn’t you know me any better? Show me ads of books I should buy or read and certainly not of local marts and certainly not when I’m working on my etymology game.

Location: I’m on my way to work, hungrily consuming all of the content Instagram has brought up on my news feed. And there I see sponsored content of an illustrator (I’m talking about a human illustrator and not the software). And I wonder why the illustrator guy targeted me at that hour? Is there no research done before adding me to your “preferred audience segment” for targeting? 

Solution: If an illustrator or an artist wants to target me, show me your stuff when I search for “things to do on a weekend”. Invite me over for a workshop. How about that for a preference?

Intention: I need a pair of high-tops, I search for my all time fave black Chucks at malls. I visit ecommerce websites and apps looking for “black converse”. But somehow, I still have a lot of random fashion ads shown to me when I’m on Tinder. And not those of the product I’m genuinely interested in. Why?

Solution: Dear Converse, I need you! Reach out to me. I’m a social person and I’m open to meeting ads of the high-tops you sell on mobile apps!

Conclusion: Just as there is a need to advertise, there is also a need to personalize and humanize the ads shown to today’s consumers (like you and I).

It is evident that a lot of advertisers and media buyers want to create a “top of mind awareness” for their brands given the rising importance of advertising.

However, consumers like us are sure to appreciate humanized ads and content. Ad publishers need to equip themselves with insights and data to serve their audience relevant content and ads that plausibly address their real-life consumer needs. This is essentially why a Data Management Platform (DMP) becomes the trusted confidant of an established publisher.

What is a Data Management Platform (DMP)?

A Data Management Platform or a DMP is a piece of software that gathers, organizes, stores and pumps out information to benefit marketers and publishers. In human language, it can be defined as the single, easy solution to all data related problems. Today in advertising the lines between a Demand-Side Platform (DSP) and a DMP are beginning to blur because a lot of the DSP providers offer their clients DMP features.

So How Does A DMP Benefit A Publisher? 

Audience Monetization & Inventory Monetization:

Understanding your audience and segmenting of the same helps the publisher build ad packages based on features like shopping intent, business profiles and location data. This in turn helps advertisers and buyers discover pockets of audience who truly need their products or services. 

Publishers also get to effectively segment their inventories (premium and remnant) and achieve a rule-based control to define audiences to distribute ads to ad exchanges, SSPs, DSPs, networks, and agencies.

With the DMP, traffic monetization becomes easy for publishers as the audience insights permit them to sell behaviourally targeted placements on remnant and premium inventories for higher eCPMs.

Audience Analytics & Audience Segmentation:

For starters, DMPs, help publishers gather first party data and third-party data. This means publishers get insights from people’s interactions with mobile apps, websites, social media, email, search, and the various forms of digital ad campaigns. 

The abundance of data can be segmented and organized based on actions, demographics and interests of the publisher’s audience. With the roll up of relevant audience segments, publishers get to respond to advertisers’ RFPs with ready “custom audience segments”. 

Humanized Marketing & Personalized Advertising:

A DMP helps the publisher understand its audience better. Imagine being able to match an individual with an ad of a product on your website/app (if you’re a publisher). When ads and content become relevant to people, in other words when ads talk about the real-time, real-life “consumer” needs of an individual, it immediately catches their eye and perhaps earn clicks too. Insights give publishers a leg up to serve their audience with engaging content and relevant ads.

What To Look For In A DMP?

Data portability: The DMP must offer a media-agnostic portability of data to give publisher all the power to control and analyze cross-channel and cross-media data. 

Easy integration: The DMP should permit an easy integration of the publisher’s first party data into ad servers and SSPs.

Platform reliability: The DMP should allow a publisher to understand how specific audiences interact across multiple digital properties, and generate reports showing the data attributes associated specific audiences.

What Does Sequential Retargeting Mean For Advertisers

At BPRISE, we employ sophisticated programmatic advertising to best achieve positive brand recall and customer engagement for our clients. This doesn’t just mean stocking up on the knowledge and technology required to ensure hyper-personalised marketing on web and mobile. If anybody wants to get Sequential Retargeting right, then the first thing they need to do is have a sense of humour about it!

Funny Side Up

Sequential Re-targeting is a lot like delivering a joke. There is “The Set-Up”, where you familiarise your viewers with the basics and fundamentals of your products and services. This is what sets the tone for what’s to follow and gives the target audience an idea of whether they want to know more or not. “The Set-Up” is the proverbial stage of the early rounds of communication that get served to people online.

Next of course, comes “The Punchline”. This is the clinching moment in the user journey where a customer is convinced enough about the brand’s story and its offerings to finally crack a smile and make a purchase. Pow!

But this stand-up routine in digital advertising need not be a linear process. There may be people joining in on the fun while you’re in the middle of your ad campaign or product launch, or there are even those who leave right at the start without giving you a patient ear. How do you then make sure that everybody gets your marketing messages loud and clear? From the beginning, through the middle and all the way till the end? The answer is Sequential Re-targeting.

The “sequence” here doesn’t mean holding different group tours for people who visit you in batches and hear the same old sales speech. Regardless of what stage your product launch is in, the sequential re-targeting campaign starts, adjusts and evolves for every user at their time and place of engagement with your brand.

Automated Bucketing

“The Set-Up” takes time and skill. As mentioned above, the delivery and nature of sequential re-targeting typically changes for every distinct, new customer taking a seat amongst the audience. All first timers aren’t subject to the same “generic retargeting” and aren’t slumped into one single broad bucket. At BPRISE, our programmatic engine seamlessly segments the continuous influx of new visitors. This is not just based on demographics and location parameters, but also depends on the source of traffic, dates of user activities and expressed behaviours.

We are able to track users across the web’s many media platforms and segregate the hot leads from the cold ones. Through a funnel for delivery into BPRISE’s Premium Ad Network, Facebook ads on third party apps or websites, SMS and even email, we are able to mix notifications and track the chain of events to your target audience with computerized precision.

Old Wine, New Bottle. Cheers!

So, you’ve delivered the set-up and your audience isn’t anywhere close to hearing that punchline. And if you’re only building a name for your brand then there are other hiccups like being the first in customers’ minds while addressing their concerns about price, doubts, credibility and product quality.

What do you do? Go for what stand-up comedians refer to as a “Callback”. A comedian routinely tells a joke with a specific punchline and then, later in the show, tells a different joke with the same punchline. This gets a bigger laugh the second time around. Similarly, we help rectify the set-up and deliver freshness for the hard-to-impress crowd, till they are better positioned in the sequence to hear the same punchline.

We devised a callback for a car brand that found itself in that very pickle. The retargeting was broken down into small sequences like this:

Addressing Problem Number 1. Campaign ‘A’:

1st March: SMS campaign

3rd March: Email Campaign

5th March: Campaign on Facebook and Ad Networks

Addressing Problem Number 2. Campaign ‘B’:

15th March: Switch to a new campaign on Facebook and stop visibility on Ad Networks (only for customers who have been through Campaign ‘A’)

Addressing Problem Number 1 in a different way. Campaign ‘A2’:

20th March:New SMS campaign and Facebook Activation to users who didn’t convert from the first batch

Addressing Problem Number 3 for customers who are technically ahead in the sequence. Campaign ‘C’:

Look for customer re-engagement.

20th March: New SMS Campaign

20th March: New Email Campaign etc.

Everybody needs to be nudged differently. So, we made sure that the next time the customers logged onto the internet, the car brand was able to pick up from where each of them left off, just like old friends!

Now this can get complicated:

500 car showrooms X An average of 10 footfalls a day = A single day’s batch of data.

But with automated bucketing and tracking that we do at BPRISE, we easily spot and report which segment of which batch of prospects isn’t still laughing along and why. We understand the cycles, which sources offer easier conversions, their bounce rates and re-visiting patterns. This allows us to efficiently figure out where a shift in the marketing strategy needs to be carried out. The system lets us know if the marketing creative needs re-work, or if the retargeting should happen on a different platform or if the rhythm of the campaign frequency needs retouch. Once we spot a conversion though, that needle in the haystack is then promptly pulled out of the funnel to avoid wasting ad spends.

Speaking of which, I feel that the measurement of success in digital marketing shouldn’t be restricted to a metric like return on ad spend (ROAS) alone. Every sequential strategy should also be judged based on whether the engagement rates on ads improve, whether the returning visitors increase, and if the click through rates reflect precision targeting or not. The goal in sequential re-targeting is to serve smart and relevant ad experiences to guide prospects through their customer journey.

Programmatic advertisers typically chart out a funnel diagram as the trend, but I disagree. “Funneling” of layers of data and user journeys need not taper down to a small percentage of acquisitions. The user journeys under Sequential Re-targeting campaigns tend to look more like tributaries of many big rivers branching out into loops over time. All these users, however, are individually pursued to reach the logical conclusion delta of converted sales. That’s the trick.

If you have questions about sequential retargeting, leave a comment and I’d be happy to help!


BPRISE At India’s #1 Digital Marketing Event Ad:Tech 2018 New Delhi

ad:tech New Delhi was indeed all about what’s trending in the digital ecosystem. An unparalleled marketplace where marketing, technology and media biggies come together to share trends, insights, disruptive technology news. 


ad tech new delhi 2018


As BPRISE gets closer to becoming exactly 2 years old, we cannot keep calm and are wrecking some healthy havoc in the adtech space (especially at our Mumbai headquarters)! All our adtech experiments and analytics research gets fine-tuned by the day and we’re making our presence known.


ad tech new delhi 2018


We recently made our debut at Ad:Tech New Delhi (March 8-9, 2018) which was held at The Leela Ambience, Gurgaon and just had to share the news with our new readers (you!).


ad tech new delhi 2018


At Ad:Tech we met with industry leaders in marketing, technology and data. We discussed the latest trends, obstacles and areas that need innovation. Our goal was to engage in open and collaborative discussions circled around past learning and also future opportunities.


ad tech new delhi 2018

ad tech new delhi 2018


We would love to hear from you, especially if we connected at Ad:Tech… <3

Or you could drop in a greeting at [email protected] if you want to catch up or know about our adtech gig!


The 101 on Programmatic Advertising

Here’s a go to guide for knowing all about the “new black” in the ad market. Programmatic ad spends grew from $5bn in 2012 to $39bn in 2016, at an average rate of 71% a year, according to Zenith’s programmatic marketing forecast. How did you not notice?

Let’s Start At The Very Beginning

Programmatic advertising is an automated mechanism that uses computer algorithms to purchase ad inventory. This modern, digitized media buying and selling does away with the traditional agency-network set-up, manual bidding and human optimization. It’s the idea and now, a wide-spread practice, that the processes involved in media marketing and negotiation such as inventory selection, data reporting, budget optimization, the back and forth of paperwork and testing of creative inventory; all of this is handled through an automated system.

This is achieved through a sophisticated and efficient assimilation of data, software and technology. Everything from behavioural and intent-based targeting, to real time bidding (RTB) and exchange-based buying of inventory can be credited to programmatic buying.

In English Please!

All you need to input is a range of creatives, your budget and targeting filters as an advertiser. Programmatic Advertising takes over from there. It makes scientific, data-backed decisions about which ad property to display, on whose website, at what price and when. Microwaved popcorn much?

You have two options:

“Direct Buying” takes place against a fixed payment in advance for a specific ad inventory. The objective here, is simply to exhaust a set budget by providing the requisite number of impressions on the selected ad property of a specific publisher.

“Real Time Bidding”, or RTB is an auction-based price system for buying and selling ad impressions across sites, on a real time basis. It literally takes milliseconds to launch ad campaigns, sitting at a desk, with a front row seat at the bid wars for inventories across multiple publishers’ sites.

We all know what DSP and SSP means by this point. But the truly powerful acronym of the bunch is a DMP, aka Data Management Platform. The information of what’s being sold and bought at what price, is stored here and is presented in a simple manner, displaying how consumers behave across the wider internet. So now, you can predict outcomes, understand audiences and break down media silos at the click of a mouse.

The Good News

With Programmatic Buying, you witness the actual price of ads move before your very eyes, minus mark-ups and agency fees. If you spot that a certain ad creative isn’t working on a segment or site, you have the power to immediately switch strategies then and there, in real time. No more waiting for your agency to respond with a monthly campaign report, while those ad impressions burn away; and no more feeling unsure about your return on investment. Have fun with highly personalised messages and refined funnelling processes. The transparency and quickness of it all helps hit the bull’s eye over and over again, across any device or channel. You save time, money, energy and nerves!

The Bad News

Woah Woah Woah. Don’t fire your media agency just yet though! There are a few downsides to programmatic advertising. Since your ads follow the user’s wild travels across the world wide web, you run the risk of displaying ads on questionable destinations. Behavioural and Contextual targeting can be tricky that way, so rein in visibility by blacklisting or whitelisting sites or categories.

But how is this hyper targeting possible in the first place? Programmatic ads rely on cookies to track activities across devices. So, the moment netizens observe computer hygiene and clinically cleanse their system of cookies, all that data is lost and it’s back to square one. Big dogs like Facebook and Google are immune to an extent, because they track movement across devices through login status, but the rest, as they say, is browser history! Isn’t that how the cookie crumbles?

Another devilish hazard is ad fraud. Domain spoofing experts and bots hike up costs and dupe advertisers with cunning flair. This raises obvious questions on the quality of inventory in programmatic buying. There is an entire article dedicated to that problem alone. Read it here to know how you can keep guard.

So Now What?

In advertising, knowing more about your audiences and being able to access and read data that uncovers insights are crucial. There is no doubt that leveraging technology to drive stronger results from highly relevant, targeted campaigns is a boon. Unanimous adoption of programmatic advertising across multi-channels is fast becoming a reality. Legal updates and private partnerships to curb the above challenges are in the pipeline as well.

As an ad-tech entrepreneur, I advise all brand owners and advertisers to hop on board the Programmatic band-wagon right away. The earlier and faster you join the game, the savvier you’ll be at bidding the best price for the right ad. Sold?

Quick Overview Of The GDPR (General Data Protection Regulation)

What Does GDPR Stand For?

It stands for General Data Protection Regulation (GDPR hereon).

What Does GDPR Mean Or Do?

It replaces the Data Protection Directive 95/46/EC by the European Union. The GDPR was designed to make the data privacy laws across EU member states uniform, to protect the personal data of every citizen in the EU, mainly to give citizens a control over who gets access to their personal data and to rework* organizations’ approaches with regard to data privacy.

The GDPR aims to protect EU citizens from data and privacy breaches and also gives them back the right over their personal data. All organizations serving the EU citizens must comply with this mandatory directive. It means that companies will have to change* the way they handle their clients’ information like names, photos, email IDs, bank details, social media posts, medical information, or IP addresses which constitute their “personal data”.

A few definitions taken directly from the Regulation

Personal Data definition

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing definition

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Restriction Of Processing definition

‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;

Profiling definition

‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Pseudonymisation definition

‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

Filing System definition

‘filing system’ means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

Controller definition

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Processor definition

processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; (9)

Recipient definition

‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the
framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

Third Party definition

‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

Consent definition

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Personal Data Breach definition

‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

Genetic Data definition

‘genetic data’ means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question;

Biometric Data definition

‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;

Data Concerning Health definition

‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;

Main Establishment definition

‘main establishment’ means:

(a)as regards a controller with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment;

(b)as regards a processor with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation;

Representative definition

‘representative’ means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation;

Enterprise definition

‘enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity;

Group Of Undertakings definition

‘group of undertakings’ means a controlling undertaking and its controlled undertakings;

Binding Corporate Rules definition

‘binding corporate rules’ means personal data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity;

Supervisory Authority definition

‘supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51;

Supervisory Authority Concerned definition

‘supervisory authority concerned’ means a supervisory authority which is concerned by the processing of personal data because: (a) the controller or processor is established on the territory of the Member State of that supervisory authority; (b) data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or (c) a complaint has been lodged with that supervisory authority;

Cross-Border Processing definition

‘cross-border processing’ means either: (a) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or (b) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

Relevant and Reasoned Objection definition

‘relevant and reasoned objection’ means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union;

Information Society Service definition

‘information society service’ means a service as defined in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European Parliament and of the Council (1);

International Organisation definition

‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.

When Does The GDPR Come Into Force?

GDPR will come into force on the 20th day post its publication in the Official Journal of the European Union.

The GPPR will take effect on May 25, 2018 after the two year transition since its approval and adoption by the European Union Parliament on April 14, 2016.

Whom Does The GDPR Affect?

Any company serving the EU citizens must comply with the GDPR directives. Whether an EU company or a non-EU company that deals with “controlling” or “processing” data of the EU data subjects must adhere to the implications of the GDPR. So if you’re based here in India and conducting any of the aforementioned with the personal data of the concerned natural persons; beware.

What If You Fail To Adhere To GDPR? or What Are The Penalties?

Organizations that do not comply with the GDPR directives by May 25th, 2018, could face penalties and be fined up to €20 million ($24 million) or 4% of global annual revenue, whichever is greater.

*What Measures Must Advertisers & Publishers Take?

An upside to the programmatic world in the GDPR era will be the trust factor between customers and brands; this is solely because customers will get to choose whom to share their personal data with, in promise of specific services. Advertisers and publishers have always had their way, because customers could only choose to “opt-out” of receiving specific ad notifications etc. But with the GDPR in place next year, ads targeting EU citizens will have to first get their consent i.e. wait for the target audience to “opt-in” for receiving various notifications/deals from the advertisers or publishers. 

How Does GDPR Affect Ad-Tech Companies?

Ad tech companies and other organizations like email service providers, CRM partners, eCommerce systems, circulation fulfillment companies must comply with the way they  gather, process, store and protect EU citizens’ personal data. First and foremost step will be to make sure the advertisers or publishers are GDPR compliant. It is  critical that the ad tech companies to explain to their respective customers, how their data will be tracked and the benefits that they will avail upon doing so and lastly they must also be informed that they can chose to have their “personal data” deleted from databases as well. This is the “right to be forgotten rule”. Should a user wish to have his/her personal data erased from the database, it must be granted.

What Are The Rights Of The EU Citizens (i.e. “data subjects”) Once GDPR Comes To Effect?

Breach Notification

In case of a breach, the controller must without undue delay inform the supervisory authority about the personal data breach in less than 72 hours after having become aware of it unless the breach is not likely to result in a risk to the rights and freedoms of natural persons (i.e. data subjects).

Right to Access

Data subjects can obtain confirmation from the data controller if their personal data is being processed, if so, where is it being processed and for what purpose.

Right to be Forgotten/Data Erasure

Data subjects can have the data controlled erase his/her personal data, stop any further dissemination of data and even cease third parties from processing the data.

Data Portability

Data subjects can receive personal data concerning them which they have provided to the controller in a structured, commonly used, machine-readable and interoperable format. Where it is technically feasible, the data subject should have the right to transmit personal data from one controller to another.

Privacy by Design

By default data protection must be included right from the onset of the designing of systems, rather than an addition later.

References: –

Beware Of These 4 Ad-Tech Issues In 2018

As an ad-tech entrepreneur, I have been observing how lately, tricksters in the digital advertising industry are notoriously causing billion-dollar revenue losses, encouraging parallel counterfeit industries and duping end-consumers. I thought I’d put these draconian problems in context, along with some immediate actionable solutions to insulate one’s own company, clients and customers.


Fraud Is The Real F-Word


We’ve all been sceptical about those “ad impressions” and “clicks” mentioned in performance reports. Do they actually come from a human being? After displaying the exact message, you designed? On the actual publishing platform, you paid for?

There are countless number of cunning websites and apps that monetise purely through advertising revenue. Their line of business? Domain Spoofing. Many ad exchanges misrepresent web traffic as coming from a top portal, by falsely tagging the link parameters with the publisher’s name attached to them. As ad buyers, you get the wrong idea that you’ve bought visibility on the most relevant platforms, while in reality, sneaky bots are doing all the dirty work!

In the case of mobile, fake devices and counterfeit apps, mask legitimate entities to hike up ‘views’ through junk media. So actual publishers lose out on potential ad dollars and your CPMs still go through the roof!

The Solution (well, almost): In order to prevent such malpractice, the Interactive Advertising Bureau (IAB) Tech Lab in June of 2017 devised a solution enabling brands to verify that a 3rd party offering ad space anywhere on the internet, is actually authorised by the publisher to do so. It is called “Authorised Digital Sellers” or “ADS.TXT”. This is a text file containing a list of authorised sellers, hosted in the root folder of every publisher’s site domain. It isn’t a bullet proof remedy, but this centralised document makes it easier for publishers and brands to compare their own data against that of agency partners and vendors.

But ads.txt isn’t complete without ads.cert. Almost functioning like a digital signature, ads.cert ensures authentic inventory and prevents modifications or human errors in ads.txt. It uses cryptographically signed bid requests to validate data flowing between buyers and sellers in the digital media supply chain.

So, what’s the catch? One can implement ads.cert only with expensive engineering and updated tech infrastructure, namely OpenRTB 3.0. Released by the IAB, it is specifically designed to handle complex programmatic buying and selling. Its adoption will prove expensive for demand-side platforms (DSPs), supply-side platforms (SSPs) and ad exchanges.

If the industry doesn’t widely adopt ads.txt and ads.cert across media campaigns, domain spoofing could easily fur-ball into a bigger monster in 2018. So, do your part and insist on partnering with publishers and agencies that follow at least ads.txt, until further developments.


World Wide Web Of Lies


Fake News has the power to influence politics, people and business. Mainly because it’s smart, hard to spot and integrated into our newest and most important news source – social media.

Hence, monitoring your media placement will become a tricky affair. There is a very thin line between Fake News and Fake Brands. If your ad accidentally plays next to an inaccurate smear campaign or on a news source that commits major blunders in basic journalism, your brand will immediately become guilty by association.

I feel PR and crisis management will become truly crucial in 2018 in this regard: On one hand, the smaller a brand you are, the more vulnerable you would be to fall prey to lies and deceit on the internet; and on the other hand, the bigger a name you are, the more you stand to lose by way of goodwill.

So, vet your display sites, quality control your filtering process and try not to listen to people when they say, “Fake it till you make it.”.


Hands Up! It’s GDPR.


The Global Data Protection Regulation (GDPR) is a new regulation, created by the European Union (EU), intended to strengthen and unify data protection for all individuals within the EU. This means that the ad-tech industry will have to comply with stricter cybersecurity and privacy rules going forward. Aimed at curtailing abusive surveillance, the GDPR will come into effect from May 2018 as a new legal framework.

This is going to globally impact the way organisations collect, share and use customer information. Vague disclaimers about cookies won’t be enough. Users will be required to give clear cut permissions via ‘affirmative actions’ and explicit consent regarding ’sensitive’ information, like race or age. This evidence, then, will have to be logged and stored for the record by publishers and networks.

If you engage in digital advertising or content distribution of any kind, Big Brother is watching you! Regardless of whether your company operates on EU soil or not, if you take personally identifiable information (PII) of a EU user, GDPR applies. Fines can run up to 20 Million Euros or 4% of global annual revenue, whichever is higher.

Complying with GDPR warrants advanced security solutions technology, data protection compliance, user permissions and of course, additional budgets. So, make sure you prepare for these steps, with your senior management and partners, well before May 2018. Failing which, heavy penalty fees, legal implications and hindrance to business-as-usual will surely be part of this year’s horoscope as consequences.

Our communications team at BPRISE will run a series of GDPR related articles this month detailing the risks of GDPR and how brands should step up efforts to become compliant with the new regulations.


Who Cares About Your Data?


After striking off all of the above to-do items (as you should), what a shame it would be to fall prey to data breach and theft yourself! Laptops getting stolen is not the only way one can lose confidential and professional records. I am very particular about security against hackers, malware and phishing sites on the prowl for prey on the net. At BPRISE, I have implemented some iron clad practices that afford me a sound sleep every night. Here they are, if you want to wisely follow suit…

End user security awareness: Train your team and employees. Nobody will notice odd behaviour by malicious creepy crawlers online, if they haven’t even been told what the problem looks like.

Secure all systems:  Empower IT to build highly secure computers in your office, with Antivirus, Drive Encryptions, password complexity policies and local and remote data backup services. Also ensure that you buy only genuine software.

Patch ‘em up: There’s only so much a regular password sign-in feature and Microsoft update can accomplish. What about comprehensive patching on apps that aren’t a Bill Gates product, like Adobe? And what about other operating systems like Linux and MAC? Get to work right away, chop-chop!

Deploy intrusion detection prevention systems: All mission-critical systems, ones that are accessible via the Internet (web servers, e-mail clients, servers that hold customer or employee data, active directory servers) and just about the entire office should be covered.

Stop drive-by downloads: All it takes to catch a virus is an innocent intern browsing a seemingly harmless site. Use powerful firewalls to block phishing sites and websites that hack into computers through malicious spyware and pesky pop-ups.

Run more vulnerability assessments than fire drills: On a weekly basis. Against every system in your network, internal and external.

Monitor Inside-Out:  A system monitoring program where HR or a compliance officer can replay the behaviour of an insider will come in handy. Also, employing data loss prevention (DLP) technology will allow you to block content that you don’t want to leave the company.

Keep the pipes secure: Communication to and fro between the servers you deploy globally, and your development environment should take place in an encrypted channel. You don’t want your customers’ details leaking out to hackers because you shipped them via the post office.

Once you cover all these bases, dare I say, 2018 could potentially be your oyster. That is, until another occupational hazard veers its head in the ad-tech market.

Have a happy and secure new year!