Zeotap re-certified for GDPR after complying with all EU data protection requirements

Berlin, London, Madrid,  Milan, Mumbai, New York, Paris:

The 25th of May is almost here, and a major industry transformation is coming with it. The GDPR is ready to bring significant changes to the entire digital ecosystem, giving more control to users while keeping their privacy and data security in check at all times. The harmonisation of the regulatory landscape of 28 member states of the European Community will also simplify the data protection panorama making it much easier to navigate, especially for those companies that operate across several of these markets.

At zeotap, privacy and security have always been at the heart of what we do, which is why we adopted a proactive approach regarding the new law and we started working on it in 2016 with much anticipation. As one of our first key actions zeotap undertook its first GDPR assessment in 2016, and became one of the first data companies in the world to obtain a GDPR-ready certification from e-Privacy GmbH in that same year. Additional local compliance papers for each of our european markets from international law firm Hogan Lovells were also granted, as certain local laws will still apply in some markets. Since then, the company has been implementing further changes according the evolving GDPR requirements, which lead to its recertification in April 2018 with the “EU Data Protection ePrivacy seal”. You can access the certification document here.


With the new regulation coming, zeotap has taken the chance to granularly examine all internal and external processes, giving more clarity and transparency to each stage of the business. Starting with data sourcing, the company conducted a thorough due diligence with each of its data partners looking at how each of them establishes a lawful basis to use their data and additionally requesting a signed GDPR compliance addendum. Part of it included making sure that the collection and processing of any data that falls under special categories such as sensitive data or data on minors was not only merely excluded from ingestion but that data partners were specifically notified which data they were not allowed to send. Whenever new partners joined the platform, balancing tests of legitimacy were conducted. Additionally, 5 customer control mechanisms were implemented – such as the right to opt-out or to transfer user’s data to a different platform – to give users the much awaited freedom to choose the destiny of their data at any stage. Finally, zeotap executed stringent organizational and technical measures that follow Privacy by Design and Privacy by Default principles, which resulted in the ISO 27001 enterprise grade security re-certification and CSA Star (silver cloud security) certification in the same month of April 2018. Both certifications entail a 6-month audit process in which not only technological safeguards are tested, but that looks also at the security of office premises and the degree to which employees are educated about the topic.

In order to support all these changes, zeotap has had an internal team fully dedicated on GDPR compliance, on top of one of the founder’s having become a CIPT (Certified Information Privacy Technologist). A senior advisor council with senior industry experts such as Prof. Anne Cavoukian – inventor of the Privacy-By-Design principles and Dr. Dirk Herkstroeter – Chief Privacy Counsel at Vodafone Germany, together with an external team from Hogan Lovells have also assessed and guided zeotap’s roles and obligations in regards with the GDPR since its foundation.


“Zeotap has been an impressive client of ours. They got their first certification in 2016, being real pioneers on how GDPR compliance should be taken care of. We’ve recently just re-certified them, and I have no doubt that their team will constantly work towards further strengthening its privacy and security first approach.”Christoph Bauer – CEO ePrivacy GmbH

Zeotap has been a very transparent and reliable partner for us. They’ve always had a privacy and security-first approach allowing us to trust them with our data. When GDPR came into the discussions, we collaborated closely to make all appropriate changes” – Marta Belmonte Gómez – Innovation Manager at Orange Spain

Stay Connected ×

Get the newstap