Blog Case Studies
How Haymarket Uses Sourcepoint to Manage Vendor Compliance
October 1, 2024
Haymarket is a privately-owned media, data, and information company, shaping a better future with remarkable content for specialist audiences around the world. The company has 1,300 employees across offices in the UK, US, Canada, Hong Kong, Singapore, India, Germany and the Netherlands.
Click here to read the case study
The importance of assessing vendor compliance
Haymarket have long recognized that they have a leadership role to play in ensuring a safer digital ecosystem. Global regulatory scrutiny is rising and requires that publishers communicate consumer consent preferences with all third-party processors, not just direct partners.
The team sought to elevate their level of compliance by identifying and removing unreputable adtech vendors. Additionally, they were keen to work with a privacy partner that could provide increased technical support, as well as improved monitoring capabilities. They wanted to bolster their overall compliance efforts while also streamlining their CMP vendor list so it accurately reflected their partnerships and aligned with their commitment to responsible digital practices.
To achieve this, Haymarket partnered with Sourcepoint and launched their vendor compliance project using Diagnose.
Managing vendor compliance with Diagnose
Through ongoing scans, Diagnose tracks several metrics with individual dashboards to improve the compliance score of websites or mobile apps. The Haymarket team looked at the following metrics:
• Vendors triggered prior to consent
As per GDPR and the ePrivacy Directive, only vendors with a strictly necessary function should trigger prior to consent. Haymarket’s first step was to understand what vendors were triggering on their properties prior to consent.
• Non-disclosed vendors observed
This metric is designed to generate a comprehensive view of any vendors observed operating on scanned properties that are not on a CMP’s vendor list. It is a requirement to declare all of the technology vendors active on-page, and Haymarket wanted to ensure they were properly handling any vendors who might not be on their CMP vendor list.
• Disclosed vendors
The more vendors on a vendor list means more vendors with access to your end-user’s data. Haymarket wanted to make sure there were no surplus vendors to the ones that they actually used, to prevent exposing themselves to potential data leakage due to a longer chain of vendors.
• Cookies with long lifespans
A best practice for GDPR compliance is that personal data not be kept for longer than 13 months. Since it is up to the vendor to set cookie durations, Haymarket wanted to ensure most cookies did not have a lifespan of more than 13 months and contact the vendors for remediation as needed.
• Possible fingerprinting
Each publisher has a different policy regarding vendors who use technology similar to fingerprinting. Haymarket utilized the Possible Fingerprinting dashboard to approach specific vendors and understand why Sourcepoint scans have picked up the similar technology.
• Data leaving the EEA
Haymarket reviewed the Data Leaving the EEA metric in order to identify vendors who have servers located outside the EEA, which can be a compliance risk under GDPR.
The results: Fewer vendors, more control
Curating their vendor list
Haymarket reduced the number of their vendors down using Diagnose. The team leveraged Sourcepoint’s vendor prevalence metric to identify which of their partners were actually active on their sites. At the end of the process, Haymarket reduced their vendor list from over 230 to 101 vendors — an over 50% reduction — without seeing any revenue impact.
“Haymarket has benefited hugely from Sourcepoint’s Diagnose tool — it’s given us a clear view on exactly what vendors and partners are doing on our sites in a way that would be difficult to do ourselves. Their scale and coverage mean we’ve been able to challenge multiple partners on their activity which has reduced unnecessary cookie and script loading.”
— Liv Horner, Lead Product Manager at Haymarket Automotive
Achieving a best-in-class compliance score
From the outset, Haymarket sought to utilize Sourcepoint’s compliance score to establish success metrics for themselves. The results have been impressive.
After completing their initial vendor curation exercise, Haymarket achieved a relative score of 100 for both “vendors triggered prior to consent” and “cookies with long lifespans.” They also have a relative score of 0 for “disclosed vendors.” This means they are working only with necessary partners and avoiding a larger chain which can lead to data leakage and compliance risk.
What is Sourcepoint’s relative score?
Sourcepoint’s relative score is percentile rank calculated from all the compliance metrics. It compares the performance of a client’s monitored websites or apps with the performance of benchmark properties selected by the client.
For example, a relative score of 67% would mean that the client’s compliance metrics score better than 67% of the properties in their benchmark dataset.
Establishing a vendor review workflow
Haymarket’s vendor curation journey didn’t stop once they achieved their compliance score objectives. The dynamic nature of programmatic operations means they are committed to performing regular due diligence to remain compliant.
Haymarket has monthly calls to go through the Diagnose dashboard with their Sourcepoint technical account manager, for which they utilize Sourcepoint’s Vendor Status feature. This allows them to review and whitelist new vendors that are discovered on their properties via a Diagnose scan and amend the status after reviewing each vendor.
Latest Blog Posts
New Privacy Requirements Took Effect October 1 In Three States
October 7, 2024New Privacy Requirements Took Effect In Montana, Maryland &...
[WEBINAR] Consent is not enough: Protecting against new U.S. privacy litigation risks
October 2, 2024Join Sourcepoint and privacy litigation expert Matthew Pearson, Partner...
How Haymarket Uses Sourcepoint to Manage Vendor Compliance
October 1, 2024Haymarket sought to elevate their level of compliance by...
Latest White Papers
E-book: Enterprise Guide To Cookie management & Tracker List Curation
July 1, 2024How to review the tracking tech on your websites...
Benchmark Report: US Privacy Compliance
August 19, 2022The current state of publisher compliance with CCPA, and...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.