Home / Legal & Compliance

Countdown to D-Day: GDPR and affiliate marketing – will you be ready or devastated?

By / Richard Dennys / In Insight /

It’s been in the making for more than four years and is coming into force in less than 12 months’ time: GDPR (General Data Protection Regulation) represents the largest change in data protection and privacy rules in more than 20 years. May 25, 2018 is D-Day for the new GDPR regulation, which is designed to harmonise data privacy and protection laws across Europe. Any business that handles, markets to, tracks or creates profiles of EU citizens must comply with the new regulations. Richard Dennys discusses how affiliate marketers and businesses that utilise affiliate marketing can prepare for the GDPR and ensure their websites are compliant.

As well as enabling individuals to better control their personal data, GDPR also formalises concepts such as the ‘right to be forgotten’ and provides data subjects with ‘data portability’ and access – meaning any organisation collecting EU citizens’ data must provide it to them when asked – and in a machine-readable format.

This is particularly troublesome for affiliate marketers. As affiliate marketing is orientated around a business utilising other websites to drive traffic and/or sales back to their own via referrals (giving those websites a small commission), failing to adhere to the GDPR regulations could be devastating – as every website would now be held accountable.

To ensure they are adequately prepared for the future, organisations need to have addressed their data privacy, protection and processing – yesterday!

Current data protection laws state that data processors (those who process personal data on behalf of another organisation) were exempt from the burden of compliance – that responsibility lay with the data controller (their client).

However, under GDPR, both data processors and data controllers will be held accountable. This means affiliate marketing websites that process visitor data on behalf of controllers will need to adhere to GDPR regulations. In addition, should any of the websites within an affiliate marketing campaign suffer a data breach, that data breach must be reported to the supervisory authority within 72 hours – and if that breach is likely to result in a high privacy risk for individuals, they too must be notified. There are, of course, website elements that these businesses can address to ensure they are GDPR compliant.

Revising your websites ahead of GDPR – the basics

For affiliate marketing networks, GDPR is a collective responsibility. Every individual website must disclose their data collection practices, have a clear trail of consent and inform website visitors on how their data is going to be used. Here are some simple actions that can be taken to get you started with preparing for GDPR.

Create appropriate privacy and cookie policies.

This means displaying your cookie collection practices and data privacy regulations as soon as a user arrives on your website – and including a page dedicated to that information and a way for website visitors to opt-out of cookie collection.

Most websites that market globally will already have detailed cookie collection information in place, but here are a few examples to convey what businesses must be doing ahead of GDPR:

MacMillan Dictionary Blog

The MacMillan Dictionary Blog (pictured above) is a good example of GDPR-compliant cookie practice. By having a button users must click, they have a way for website visitors to provide their unambiguous consent to being marketed to. In addition, they have a link to their cookie policy page, as well as some brief information on how those cookies are being used.

Websites that don’t offer these elements will face some backlash – as users need to be able to opt-in to the cookie practices – implied consent is not enough – and lines such as ‘by accessing this site you consent to the use of cookies’ will not do.

House of Fraser

House of Fraser is another good example. Instead of assuming a user is happy to have their data collected by the website’s analytics – their cookie notice requires website visitors to close the message to accept – thereby providing their consent. In addition, they also have a link to their privacy policy via the ‘find out more’ link.

BMW

BMW’s website is another good example, the cookie information is right at the top of the browser, before the ‘fold’, meaning any website visitor will notice it. In addition, it requires that website visitors press continue to accept the cookie tracking. They also have the ability to change their cookie settings and find out more regarding BMW’s cookie policy. gdpr affiliate marketing

Revise data security and data management protocols and process

Do you have a habit of storing data for unnecessarily long periods of time? Under GDPR, you can only hold data for as long as it is actually needed. Ensure you cleanse your website’s database thoroughly.

Provide company information

You need to provide website visitors with an easy way to get in touch with you and include your company’s details across all the communications you send out.

Address website personalisation and interaction

Advanced marketing automation tools and website management platforms will enable businesses and organisations to align content with people who visit their website based on previous interactions. This level of sophistication enables those businesses to deliver targeted content and tailor the user experience accordingly. However, under GDPR, behavioural tracking and mapping practices need to be disclosed to the website visitor. You need to let visitors know how you are using that information, as well as giving them the ability to decline cookie tracking.

GDPR and affiliate marketing – double opt-in and opt-out

Any data you have acquired needs to be double-opted in, this means resending confirmation emails to your existing database requesting their permission to use their information and market to them.

Certain marketing automation platforms will automatically send a confirmation email confirming a website visitor’s interactions on the website. For example, if they download a content asset by filling in a form, the marketing automation platform would then send that user an email asking them to confirm that they are indeed interested in sharing their details and being marketed to. With these elements in place, websites under an affiliate network can comprehensively secure their data and ensure they are in line with GDPR regulations.

Also, if there is the ability to opt in to cookie tracking and data collection, an option to opt out must always be available.

Read also:

GDPR and your data: check you comply . . . then check again

Will you be silenced by the new UK Ofcom rules, affecting outbound calls?

Username

Basic Information

First Name *

Last Name *

Company *

Job Title *

Country *

Account Information

Password

Confirm Password

E-mail Address

Confirm E-mail

Biographical Info

Share a little biographical information to fill out your profile. This may be shown publicly.

Terms and Conditions

Terms and conditions – website usage

Welcome to the Global Marketing Alliance (GMA). The GMA website is a product of the Global Marketing Alliance Ltd. If you continue to browse and use this website, you are agreeing to comply with the following terms and conditions of use, which together with our privacy policy, govern GMA’s dealings with you in relation to this website. If you disagree with any part of these terms and conditions, please do not use our website.

GMA may amend these Terms and Conditions at any time by posting the amended Terms and Conditions on the GMA site.

The term GMA or ‘us’ or ‘we’ refers to the owner of the website whose registered office is at 7a Queen Street, Godalming, Surrey, GU7 1BA, UK. The term ‘you’ refers to the user or viewer of our website or to those who become members of GMA.

The use of this website is subject to the following terms of use:

The content of the pages of this website is for your general information and use only. It is subject to change without notice.
The information provided and the opinions expressed in this website represent the views of the authors and contributors.
Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. We are not liable for any inaccuracies or errors.
Your use of any information or materials on this website is entirely at your own risk, it is your responsibility to check that the information available meets your requirements.
This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
Information on this site may be contributed by our members or other contributors (including in blogs). We do not control the information they provide and are not responsible for the views expressed
If you believe that your intellectual property rights have been infringed on this site please notify us. We accept no liability for infringements as a result of user generated content but we will take reasonable action to remove such content where possible.
Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence.
Every effort is made to keep the website up and running smoothly. However, we take no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
We reserve the right to refuse, suspend or cancel your access to the site at any time and without notice.
If you are acting as an employee, you warrant that you are authorised to enter into legally binding contracts on behalf of your employer. You further warrant that your employer agrees to be bound by these Terms and Conditions.
Purchases of training products or delegate places at events advertised on this site are subject to the terms and conditions of the providers.
Your use of this website and any dispute arising out of such use of the website is subject to the laws of England, Northern Ireland, Scotland and Wales.

Copyright notice

Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:

you may print extracts for your personal and non-commercial use only
you may refer to and quote from the content for review or reference purposes within the limits of “fair dealing”, but only if you acknowledge the website as the source of the material
You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

I agree to the Terms and Conditions

Full Name LEAVE THIS BLANK

I agree to the Terms and Conditions

Author: Richard Dennys

CEO at Webgains | www.the-gma.com

Richard Dennys has more than 20 years’ experience of starting, growing and selling digital businesses. He’s an expert at driving international growth and maximising shareholder value through the optimisation of sales, marketing and digital functions. He has recently been appointed CEO of Webgains Group, taking responsibility for the strategic and operational management of the company across all its operating locations in the US, UK and mainland Europe. He has a deep interest in ‘disruptive’ technologies, particularly their use and efficiency in personal learning and development.

He previously held senior management positions across Europe for the BBC, Qype, Nokia, Moonfruit and UK Government-backed TechCity UK. He was on the senior management team of Qype.com during its sale to Yelp.com in 2012. He is a Fellow of the UK Chartered Institute of Marketing.

Countdown to D-Day: GDPR and affiliate marketing – will you be ready or devastated?

Revising your websites ahead of GDPR – the basics

Address website personalisation and interaction