The latest insights and innovations from the world of marketing. Includes analysis of the decision by cosmetics brand Lush to vacate social media, examines why playing it safe is not the safe option, and test-drives the latest automated writing tool.
As well as enabling individuals to better control their personal data, GDPR also formalises concepts such as the ‘right to be forgotten’ and provides data subjects with ‘data portability’ and access – meaning any organisation collecting EU citizens’ data must provide it to them when asked – and in a machine-readable format.
This is particularly troublesome for affiliate marketers. As affiliate marketing is orientated around a business utilising other websites to drive traffic and/or sales back to their own via referrals (giving those websites a small commission), failing to adhere to the GDPR regulations could be devastating – as every website would now be held accountable.
To ensure they are adequately prepared for the future, organisations need to have addressed their data privacy, protection and processing – yesterday!
Current data protection laws state that data processors (those who process personal data on behalf of another organisation) were exempt from the burden of compliance – that responsibility lay with the data controller (their client).
However, under GDPR, both data processors and data controllers will be held accountable. This means affiliate marketing websites that process visitor data on behalf of controllers will need to adhere to GDPR regulations. In addition, should any of the websites within an affiliate marketing campaign suffer a data breach, that data breach must be reported to the supervisory authority within 72 hours – and if that breach is likely to result in a high privacy risk for individuals, they too must be notified. There are, of course, website elements that these businesses can address to ensure they are GDPR compliant.
Revising your websites ahead of GDPR – the basics
For affiliate marketing networks, GDPR is a collective responsibility. Every individual website must disclose their data collection practices, have a clear trail of consent and inform website visitors on how their data is going to be used. Here are some simple actions that can be taken to get you started with preparing for GDPR.
- Create appropriate privacy and cookie policies.
This means displaying your cookie collection practices and data privacy regulations as soon as a user arrives on your website – and including a page dedicated to that information and a way for website visitors to opt-out of cookie collection.
Most websites that market globally will already have detailed cookie collection information in place, but here are a few examples to convey what businesses must be doing ahead of GDPR:
MacMillan Dictionary Blog
House of Fraser
- Revise data security and data management protocols and process
Do you have a habit of storing data for unnecessarily long periods of time? Under GDPR, you can only hold data for as long as it is actually needed. Ensure you cleanse your website’s database thoroughly.
- Provide company information
You need to provide website visitors with an easy way to get in touch with you and include your company’s details across all the communications you send out.
Address website personalisation and interaction
Advanced marketing automation tools and website management platforms will enable businesses and organisations to align content with people who visit their website based on previous interactions. This level of sophistication enables those businesses to deliver targeted content and tailor the user experience accordingly. However, under GDPR, behavioural tracking and mapping practices need to be disclosed to the website visitor. You need to let visitors know how you are using that information, as well as giving them the ability to decline cookie tracking.
GDPR and affiliate marketing – double opt-in and opt-out
Any data you have acquired needs to be double-opted in, this means resending confirmation emails to your existing database requesting their permission to use their information and market to them.
Certain marketing automation platforms will automatically send a confirmation email confirming a website visitor’s interactions on the website. For example, if they download a content asset by filling in a form, the marketing automation platform would then send that user an email asking them to confirm that they are indeed interested in sharing their details and being marketed to. With these elements in place, websites under an affiliate network can comprehensively secure their data and ensure they are in line with GDPR regulations.
Also, if there is the ability to opt in to cookie tracking and data collection, an option to opt out must always be available.
Please register below to unlock this article.
An email will be sent to you with your membership details.