This blog post was updated on December 20, 2018 to reflect changes to GDPR legislation spreading from the EU to the United States.

On May 25, 2018, Companies who collect data on citizens in the European Union countries will have to comply with a new law protecting consumer data. The General Data and Protection Regulation (GDPR) will set a new standard for consumer rights and protecting personal data.

The new GDPR law will affect not only those in the EU but those who do business and have consumers in the EU. To ensure you are following all precautionary measures, Realtime Media has carefully analyzed GDPR requirements and who it will directly affect.

Who does the GPDR affect?

The GDPR will affect companies who store or process personal information about EU citizens, even if they do not have a business presence within the EU.

You are required to comply with the new law if…

  • Established in an EU country
  • Not present in an EU country, but still process personal data of European residents
  • As EUGDPR’s website mentions, “It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location."

Additionally, Vermont has recently passed a law similar to GDPR. Beginning on January 1st, 2019, any digital promotions open to residents of Vermont must implement GDPR controls. California has also passed a similar law, which will go into effect on January 1st, 2020.

What type of Privacy data does GDPR protect?

  • Web data such as location, IP address, cookie data and RFID tags
  • Basic identity information such as name, address and ID numbers
  • Sexual orientation, racial or ethnic data, health and genetic data
  • Public opinions

How is RTM Preparing?

  1. Our entire organization is aware of the new law and we are carefully assessing our data processing and storage practices to ensure the safety of our client's data and secure information.
  2. Our internal and external processes are being analyzed to identify the impacts of the GDPR.
  3. We are updating our privacy notice and including the new requirements mentioned in the ICO.
  4. We will move forward with utilizing unticked opt-in boxes for email and text message alerts. If consumers opt-in, we will let them know they have the right to withdraw at any time by making it just as simple as it was to opt-in, to opt-out. There are alternatives to consent, which can be found on ICO’s GDPR consent guidance

Realtime Media is taking active measures to make sure all regulations and guidelines are being satisfied. As North America's leading digital promotions company, we work with many international brands. Our technical teams are ensuring preparedness to handle all compliance requests on behalf of our clients and consumers entering our contests and promotions.

If you have any additional questions or need more information on Realtime Media's GDPR compliance, please email us at