In my earlier post, I tried to cover Internet Cookies and give our readers a comprehensive look on Cookies. “GDRP demystified” is a continuation on Cookies. In this post, I will attempt to dive deep into GDPR, what it is, why it’s important, what is its impact on users and how it affects monetization, esp rewarded video ad monetization.


The digital age has seen an explosion of data that is being generated, collected, and stored by businesses and organizations all around the world.  This data, much of which is personal and sensitive, necessitates the establishment of robust legal frameworks to ensure its protection and responsible handling. One such framework, which has garnered attention worldwide, is the General Data Protection Regulation (GDPR).

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework established by the European Union (EU) effective from May 25, 2018. It aims to safeguard the personal data of EU residents by enforcing strict rules on organizations and businesses collecting, processing, and storing such data, irrespective of their location. Personal data includes any information that can identify an individual, like their name, email, IP address, or social security number.


Before the implementation of GDPR, data protection laws varied significantly across EU member states, leading to a fragmented regulatory environment. This made it difficult for businesses to operate across borders and for individuals to understand and exercise their rights. Moreover, the rising number of data breaches and the increasing sophistication of cyber attacks highlighted the need for more robust data protection measures.  GDPR was introduced to address these challenges. It tries to balance data protection laws across the EU, enhancing the rights of individuals, and imposing stricter obligations on organizations that handle personal data.

GDPR’s Implementation

GDPR applies to any organization, regardless of its location, that processes the personal data of individuals residing in the EU. This includes businesses, government agencies, non-profit organizations, and any other entity that collects and processes personal data. Organizations are required to adhere to the following key principles:

  1. Lawfulness, Fairness, and Transparency: Organizations must process personal data lawfully, fairly, and transparently.
  2. Purpose Limitation: Organizations can only collect personal data for well-defined, clear, and legitimate purposes and must not process the data in ways incompatible with those purposes.
  3. Data Minimization: Organizations must only collect and process the personal data necessary for the intended purposes.
  4. Accuracy: Organizations must ensure the personal data they hold is accurate and up-to-date when necessary.
  5. Storage Limitation: Organizations must store personal data in a form that allows identification of data subjects only as long as necessary for the intended purposes.
  6. Integrity and Confidentiality: Organizations must process personal data securely, protecting it against unauthorized or unlawful processing and accidental loss, destruction, or damage.

GDPR’s Impact

The implementation of GDPR has had a significant impact on organizations and individuals alike. For organizations, it has meant increased costs associated with compliance. This includes costs such as implementing new systems and processes, training staff, and appointing a DPO. However, it has also led to greater trust and confidence from customers and clients. For individuals, GDPR has led to greater control over their personal data and a better understanding of their rights. It has also led to a significant increase in the number of data breach notifications and the imposition of hefty fines on organizations that fail to comply with the regulation.

Monetization and GDPR

The impact of GDPR on the monetization of personal data has been significant. Without a legal basis, organizations cannot collect and process personal data. What this means is, sites must secure explicit consent from individuals or have a legitimate interest in processing the data. This requirement has forced many organizations to shift their business models, as they cannot depend on collecting and selling personal data for revenue anymore. Instead, they must explore new monetization strategies, such as subscription models or advertising based on anonymized data. Rewarded video ad monetization is one popular method that has emerged in this new landscape.

This approach involves showing video ads to users in exchange for rewards, such as in-app currency or premium features. An advantage of rewarded video ad monetization is that it provides a better user experience, as users choose to watch the ads in exchange for rewards. This can lead to higher engagement rates and ultimately more revenue for the organization.

GDPR has significantly changed how organizations manage personal data. Although it increased compliance costs and challenges, it also boosted trust and confidence from individuals and reduced data breach risks. As organizations adapt to this new regulatory landscape, finding innovative ways to monetize services while respecting privacy and rights is crucial. Rewarded video ad monetization is a solution that helps organizations generate revenue, comply with GDPR, and enhance the user experience.