With an eye toward GDPR, The Media Trust sets up ‘first vendor network’ to fix the Net

When it starts in May, the General Data Protection Regulation (GDPR) requires consent for use of personal data from visitors to websites and apps. For this function, Janrain, Evidon and others are coming out with user-facing solutions.

But brands also need to be concerned about what happens behind the scenes, in their site/app code — and especially how well third-party vendors comply.

Today, compliance and anti-malware monitoring service The Media Trust is out with a new service that sets up what it says is the first network of third-party vendors to comply with GDPR and other policies and good practices.

Called the Digital Vendor Risk Management (DVRM) service, this cloud-based service rides on top of the McLean, Virginia-based firm’s existing Media Scanner service, which tracks 30 million sources of data and millions of sites and apps as it looks for malware and for compliance with regulations, including COPPA for child safety and HIPAA for medical info privacy.

CEO and co-founder Chris Olson says that up to 75 percent of the code executing on a typical major site belongs to as many as 300 — or possibly more — outside vendors, including tag managers, ad exchanges and social widgets. Most brands, he said, don’t track what code these outside vendors have placed on their sites — and often don’t even know the vendors’ names.

For the upcoming GDPR, as well as compliance with other policies, DVRM monitors the code for any internal violations, like not managing user data properly or leaving security holes open.

The new vendor network presently includes 111 certified outside vendors, including OpenX and Index Exchange, that The Media Trust can immediately contact because they are registered on its DVRM platform.

These 111 vendors have agreed to fix their code and services to comply with necessary regulations. Olson told me that about a thousand vendors deliver the vast majority of the outside services provided to sites and apps, adding that his company is working on getting the other 90 percent aboard the new vendor network.

DVRM, he told me via email, “marries the continuous scanning capabilities of Media Scanner with an ever-growing network of vendors that agree to abide by the website operator’s (media publisher, ecommerce company, brand and so on) policies and resolve violations when contacted.”

There is no charge for vendors to join the network. Olson said that before the vendor network, when there was a policy violation by an outside vendor, sometimes just finding the company “was like pulling teeth.”

Now, he says, “they’re engaged,” helping his company get closer to its long-term goal of “fixing the internet.”