With the recent implementation of the European Union’s General Data Protection Regulation (GDPR), it is imperative that you, as an affiliate marketer, understand what the new law means for your business and how to protect yourself.
First, what is the GDPR? It is a measure designed to protect consumers’ data online and applies to any business that intentionally targets EU consumers with websites, products, and content. Whereas prior to the GDPR only data storage and controlling organizations had to worry about such regulation, with the new law liability can now be attached to any organization that interacts with personal data.
Before we get into the business angle of this, let’s think about why this regulation will benefit consumers. With all the recent scandals involving Facebook, Cambridge Analytica and Google, European governments have been spurred by consumer protection advocates to take measures that will protect people’s privacy in the age of the internet. The spirit of this regulation is rooted in the principle that consumers have a right to be forgotten—for example nobody wants that stupid or embarrassing picture posted on Facebook when they were drunk to haunt them in cyberspace for the rest of digital eternity.
With the GDPR, consumers in the EU will now have more control over their data, which means that you, as an affiliate marketer, must make it very clear to consumers that their data is being recorded and stored.
You must further be given unambiguous consent to obtain, store or use anyone’s personal information for marketing purposes. In order for you to send an EU consumer a message via any form of technology—whether it be email, phone, social media, etc— you will be required to receive direct authorization from the person concerned, though in the case of email you are still permitted to send relevant follow-up messages about your services and products to consumers who provide their email when they purchase a product from you
In addition to getting consent, you must now also make it easy for consumers to opt-out. In other words, you can’t just store their personal data indefinitely and must provide a clear and easy-to-find way for users to demand that you remove their data from your system if they so wish. Should someone request a right to be forgotten, you must honor this quickly and comprehensively.
On the whole it is prudent to formulate procedures and protocols that will govern how you manage your customers’ data. One good rule of thumb is to keep sensitive data no longer than is necessary. You may want to consider hiring a Data Protection Officer (DPO) who will be responsible for ensuring that your company adheres to all the provisions of the GDPR.
For example, you might want to have an expert on hand to help you determine what kinds of personal data falls under the GDPR, such as IP addresses, cookie IDs and consumer numbers.
Failure to do so can have serious consequences, with fines potentially as high as € 20 million ($23.5 million) or 4 percent of your business’s annual turnover. While there is some panic and concern in the industry, many experts believe the GDPR will not cause much harm to affiliate marketers, just as consumers and online commerce easily adjusted to cookie legislation from years past that presented web surfers with the “I accept” pop up when visiting new sites.