Refinery29 Logo
Media and Entertainment 400 3
How Refinery29 Maintains Compliance with Data Security Standards

Refinery29 chose Crownpeak’s Tag Auditor with Trackermap and its Universal Consent Platform to get greater visibility into their digital supply chain and comply with EU regulations, including 2018’s Global Data Protection Regulation (GDPR).

Up arrow
Increased visibility into their own site’s use of vendors (their digital supply chain)

Up arrow
Improved compliance with privacy regulations, including the Global Data Protection Regulation (GDPR)

Up arrow
Improved site latency issues caused by tags that were redundant or no longer needed

The challenges

Though Refinery29 began as a retailer, its primary focus is getting stories out into the world, which means offering a fast and intuitive experience to its users. Refinery29’s unique evolution has also enabled them to be strategic with digital partnerships, as the majority of their revenue now comes from online advertising. Their display advertising is provided by a demand-side platform (DSP), which offers a high degree of automation (bringing cost savings and efficiency), but also less control of the digital supply chain. This means that Refinery29’s ads are accompanied by a high volume of 3rd-party code to optimize and track campaign successes. This additional code however, left their site vulnerable to unknown and unauthorized vendors with access to audience data, which had the potential for negatively impacting their users’ experience, as well as where user data was shared.

With such expansive growth, the digital team also needed greater visibility into their own site’s use of vendors (their digital supply chain); visibility that was not currently possible for their DevOps team when gauging the value of deployment requests to add from internal stakeholders: marketing, editorial, social, PR, product and engineering. No one team was able to evaluate the impact, value and associated costs of each vendor implementation.

Part and parcel with Refinery29’s growth, they’ve expanded internationally, which means compliance with EU regulations, including 2018’s Global Data Protection Regulation (GDPR), and its enforcement of regulations for any business offering goods or services to EU citizens. While Refinery29 could have built compliance technologies themselves, and kept them continually updated as regulations shift in the coming years, this would have taken resources away from other important projects that could have been devoted better elsewhere

The solution

This confluence of factors represented a perfect storm. Refinery29 needed a proactive solution that would allow for visibility into their own technology stack, including vendor redirects (“piggy-backed” technologies injected through indirect vendor partnerships), as well as a tool that would allow them to maintain compliance with EU data-security standards and protect against data leakage.

There was a degree of urgency with the impending international expansion. When the legal team presented a list of potential vendor solutions, several team members were already familiar with Evidon from Crownpeak’s digital governance tools. The team was pleased to learn of the Universal Consent Platform (formerly Site Notice), which would solve their international compliance worries, as well as the auditing platform, (Tag Auditor with Trackermap) a tag-less and comprehensive way to monitor their digital supply chain, which included direct and indirect partners. These digital governance solutions would protect Refinery29 against a complex ecosystem’s implications for vendor accountability, user experience and compliance.

The results

Conversations around marketing and online advertising technologies are often fraught. Before leveraging Evidon from Crownpeak’s digital governance tools, Refinery29’s implementation process was rather convoluted. It involved the product team (or marketing, editorial, social, etc.) requesting the addition of a vendor before engineering’s implementation of that technology; but left unanswered the question of who was responsible if something went wrong?

Now, however, the product team can proactively audit their own digital supply chain, while DevOps maintains full access. Engineering can view which deployment might be opening up Refinery29’s site to rogue or indirect partners, while Product can thoroughly vet implementation requests to protect against capability redundancies and legacy implementations. This allows for full stack transparency, as well as the ability to weigh business benefits versus performance costs.

“Before Evidon, it was difficult to maintain ongoing visibility into our digital supply chain across the organization,” said Jake McGraw, Director of Engineering, Refinery29. “Now, we have a crystal clear picture of how these vendors impact user experience, and a greater understanding of how to troubleshoot once we determine responsibility, if something does go wrong. This means a much better experience for our users.”

Of the host of tags used by Refinery29 and their digital partners, Evidon identified 18 - across 33% of the site - as being high or severely high on the latency spectrum. For some, the business value didn’t match the performance impact, others were redundant (e.g. two different analytics tools) and still others were simply forgotten. But the dialogues were beginning to take place and the lines of communication opened. Of those 18 tags that represented latency problems, 4 were immediately removed.

The Refinery29 team was also impressed by the level of service provided by Evidon’s professional services offering - a comprehensive, personalized audit and analysis of the current state of their data and vendor governance. Many of their vendors offer professional services but they were of little value. Evidon’s audit was both very educational and provided actionable insights into the digital technology stack.

The audit also provided a comprehensive tutorial on the full capabilities of the product - a thorough overview of each tag and the importance of continuous tag monitoring to protect against data leakage, and user experience, as well as security vulnerabilities.

“We wanted to look for ways to eliminate or consolidate tags - to get a sense of how to prioritize which tags are impacting latency - and Evidon has absolutely given us a basis for where to use our new power. We learned that technologies are always changing, so it’s a continual process. But now we can always be working toward a faster, safer site that offers our audience a great experience.”

Frank Conway | Head of Product Development | Refinery29