Advertising technology will need to change fundamentally from this May, according to one of the leading suppliers of such technology.

May 25 is the final deadline for compliance with the European Commission’s new General Data Protection Regulation (GDPR), legislation which came in to effect two years ago and which gives consumers significant new protections against their data being tracked and processed.

“How we look at the ad-tech ecosystem, how we transact, how we make decisions, is going to be very, very different in a post GDPR world,” says SpotX’s Nick Cuniffe in this video interview with Beet.TV.

“Under GDPR, the concept of PII (personally-identifiable information) now is basically anything about you that I can use to single you out … Your cookie ID, that was usually anonymized, is now a piece of PII. Any identifier coming from your device is PII.”

Under GDPR, consumers can stop companies anywhere in the world from collecting and processing their personal data, including the right to stop automated decisioning- something which much modern advertising technology depends.

Penalties for not supporting the new rights run up to 4% of global turnover, up to a maximum €20 million, and GDPR applies to any worldwide company processing the data of European citizens.

With months to go, companies are now scrambling to achieve compliance throughout their operations, despite GDPR being nearly two years old.

“We’re kind of looking at it from two phases,” says SpotX’s Cuniffe. “We see GDPR being the first beachhead in May and there’s going to be a separate new initiative called ePrivacy (Directive) coming in the second half of the year.

“SpotX has put together a cross-functional team – product, legal, business operations, as well as ad-ops (to tackle them).”

But, whilst GDPR seems to pose a threat to the very fabric of digital advertising, which now relies on tracking people across devices and sites, then running algorithms on their data, Cuniffe believes advertising will cop collateral damage but is not the target.

“I believe that GDPR was really built in a way to protect personal information, banking, health, medical records, things of that sort,” he says. “It wasn’t really meant to wreak havoc in the ad tech ecosystem. It was also meant as a way to level the playing field between all companies and how they process customers’ data.

“So I think while they intended to prohibit walled gardens and protect customers, I think they might see some unintended consequences around that.”

This video is part of our series on the preparation and anticipated impact GDPR on the digital media world. The series is presented by Criteo. Please visit this page for additional segments.