What is the General Data Protection Regulation (GDPR)
The General Data Protection Regulation is a law that gives European Citizens more control over their personal data that is collected by any businesses or services. It seeks to clarify the rules and responsibilities for online services with the European users. On the 25th of May 2018, it will replace the previous directive governing data protection passed in 1995. It has some dramatic changes to the existing convention including:
- It will unify the rules on how should companies handle the data of European Citizens.
- An all in detail Expansion in the scope of what is understood to be personal data.
- Identify and clarify the responsibilities and roles of those who control, manage and process the data.
- Enforcement and streamlining the authority to one supervisor per member state.
- Information duty of notifying customers of a data breach within 72 hours.
- Greater penalties for non-compliance.
Who is affected by the new GDPR Rule?
All Companies and Businesses of any size across Europe will need to comply with the new GDPR Rule.
The General data protection rule (GDPR) will apply across all EU countries. The European Union Parliament passed the first set of rules in 2016 and this will be now taken over by the new GDPR Rule in May 2018. Each EU Member state will have its own supervising authority.
Does this law apply only to companies based in the European Union?
No — it is not. It is a major game-changer for international news. Any Organisation that collects, manages, processes and stores data of European Citizens is affected by the GDPR.
It means it includes most major online businesses and services that collect, process, manages and stores data or personal information.
The GDPR sets new global standards for data protection.
The GDPR is intended to set out the rules of how the personal data of European people/customers can be collected, stored and shared. This is to protect the European Customer and offering individuals more say over who holds their personal data and how it can be used. I believe it is a great way to protect the customer.
General Data Protection Regulations A Short Explanation.
What is Personal data?
It is anything that can be used to identify a person directly or indirectly. That includes all the online tools like cookie information, email addresses, names, IP addresses of devices, IP addresses in general, bank details, emails, social media like Facebook, Twitter, Snap chat, Google Plus, Instagram, Reddit, Blogs, Pinterest,
According to the new GDPR if you are collecting, processing or storing applicable personal data from EU customers, you have to obey the new rules and must only obtain that data through an opt-in consent, contractual necessity, a legitimate interest, a public task, a vital interest, or a legal obligation.
Those are defined in a frame within the regulations and the subject of the current discussion surrounding the applicability of any business or business models.
How will the GDPR affect Affiliate Marketers?
If the Affiliate Marketer is not located in the EU but sells and collects and stores personal data like ( like emails, membership details etc.) from European customers the GDPR will apply to the Affiliate Marketer.
The GDPR is affecting everyone including the affiliate Marketers with customers from Europe. It will be a challenge for some and it does not matter if you are in Europe or the US if you have European customers you need to comply. The deadline is approaching and it is time to get ready.
Below are some key points and an overview of the potential GDPR implications for any affiliate marketing business.
If you are running an Affiliate Business and you do collect the data from your customer you need to openly show and explain how the collected Data will be handled and stored.
Does this GDPR Rule affect Social Media?
Many large online services and social media companies are updating their privacy policies and terms of service in order to prepare for the new legislation.
Facebook’s response is sure to be closely scrutinized by European regulators, given the company’s checkered past with regard to user data. The recent Cambridge Analytica scandal, in which millions of US voters had their Facebook data misappropriated by consultants working for Donald Trump’s presidential campaign, is only the most recent mishap.(https://www.cnet.com/how-to/how-facebook-is-responding-to-europes-new-gdpr-privacy-rules/)
Now Google plus had a security breach and will close down in April 2019 the Social Platform
Facebook had another breach November 3rd 2018
Facebook moves 1.5bn users out of reach of new European privacy law
Facebook has moved more than 1.5 billion users out of reach of European privacy law, despite a promise from Mark Zuckerberg to apply the “spirit” of the legislation globally.
In a tweak to its terms and conditions, Facebook is shifting the responsibility for all users outside the US, Canada and the EU from its international HQ in Ireland to its main offices in California. It means that those users will now be on a site governed by US law rather than Irish law.
The move is due to come into effect shortly before the General Data Protection Regulation (GDPR) comes into force in Europe on 25 May. Facebook is liable under GDPR for fines of up to 4% of its global turnover – around $1.6bn – if it breaks the new data protection rules.
The shift highlights the cautious phrasing Facebook has applied to its promises around GDPR. Earlier this month, when asked whether his company would promise GDPR protections to its users worldwide, Zuckerberg demurred. “We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing,” he said.
Facebook told Reuters “we apply the same privacy protections everywhere, regardless of whether your agreement is with Facebook Inc or Facebook Ireland”. It said the change was only carried out “because EU law requires specific language” in mandated privacy notices, which US law does not.
In a statement to the Guardian, it added: “We have been clear that we are offering everyone who uses Facebook the same privacy protections, controls and settings, no matter where they live. These updates do not change that.”via Facebook moves 1.5bn users out of reach of new European privacy law
Does the GDPR apply to affiliate marketers?
Yes, it does apply to all the affiliate marketers, unless you do not target the European market and you do not collect data or monitor the data of European Citizens.
Who falls under the GDPR?
- A Brand, a business, a business organisation, all the huge multinational conglomerates, freelancers and one-man sole traders that utilises a third party website to drive back sales to their own website to create sales the new GDPR will challenge this for Affiliate Marketers.
- It even applies to people who don’t make any money or sell things from collecting and using other peoples personal data ( bloggers personal or business blogs, )anything that captures and or monitors data about the people in the EU.
- With the new GDPR, the liability is extended to all organisations that touch the personal data. ( Affiliate marketers with Opt-in pages, an email list, membership sites, a.s.o.)
- With the old set of GDPR rules, the main responsibility of data processing and the data regulation was the responsibility of the organisation that stored the data or the organisation that controlled the data. The new GDPR has changed that. Now in the chain of data collection, everyone is responsible and everyone who comes in contact with personal data needs to set out and inform the customers how the data is stored and managed.
- What does it mean in short
What it means is that Affiliate Marketers can be now held responsible for the data they collect from their opt-in subscribers.
Below you find a few things an affiliate marketer should bear in mind when getting ready for the GDPR.
Following rules applies from 25th of May when the new GDPR comes in place. You are only allowed to store the customer’s data if …
- The person that subscribes to your online service, ( blog, e-book, membership etc.) have opted-in and has allowed you to use their personal data.
- In case you need the data to fulfil a contract with the person that provides it ( selling them goods or services).
- If you have a legitimate and vital interest in the data information
- You are legally obligated to use the data.
- The data information will be used to perform a task in public interest.
I would say the first two points are more common for the standard of an Affiliate Marketer.
A video tutorial for the GDPR how to set it up on your website
What does the GDPR really mean for the Affiliate Marketer?
This means in practice that any time you are asking or requesting personal information from a website user or customer in this case (European customer) they need to opt-in or give their consent to using their data.
As an Affiliate Marketer, you can not divide the website or the landing page into two parts, if you do have European customers you should follow the new GDPR Rules.
When using a contact form or an opt-in form you will need to change the current one to apply to the GDPR rule. That means that if you collect data for marketing purposes as part of a sign-up, content download, landing page or squeeze page, etc. then you have to get permission from that person.
In case you use currently a contact form that has to be ticked to opt-out or that is pre-ticked with opt-in permission, (default settings) then you will need to change it so that the default setting is opting out and that the customer has to opt-in instead.
The exact same rule applies to people who email or give you their personal data or information in any other form of communication. With the new GDPR Law, you can only request that information if one of the bullet points above apply to it.
It is vital and important that you make it clear to your customers or visitors why you need their personal information and data. You also need to explain in general how to tell them what you will do with there information and how long it will be stored in your system.
How should an affiliate Marketer prepare for the GDPR?
As an Affiliate Marketer, you will have quite some things to do when you have to comply with the GDPR.
You need to update and inform new customers and old customers, on which basis you collect their data, why you are collecting it and how you will use it.
An explanation of what purpose the data will be stored and used for and how you will protect the collected data.
One more thing you have to inform is how long will be the data you collected to be stored on your site or in your system.
The most challenge the affiliate marketers will face is to our marketing activities itself. Many successful affiliate marketers rely on direct marketing to boost sales and reach the customer through personal data collection on their site when subscribing, through contract sales or when opted in.
Affiliate Companies will need to follow the GDPR
Affiliate Companies operating as a business or business organisation have to implement adequate data management procedures, and protocols, as well as potentially enlist a Data Protection Officer (DPO) to make sure that the business is on a continued base complying and updating the new rules and regulations.
Any customer has the right to the request to be forgotten at any point, and the process of this request must be accurate and swift. It is essential that sensitive data has been kept up to date and accurate and not kept longer as necessary.
This means for an affiliate marketer and their websites to determine how long is “necessary” and permanent and regular housekeeping on their sites to cleanse their collected data accordingly.
Google, Bing, Yahoo, Yandex and other Search Engines
Google, Bing, Yahoo, Yandex and other search engines lost the right to publish data without any perceived responsibility or consideration to an individual. The request to be forgotten online like in Article 17: Right to erasure (‘right to be forgotten’) has always been a hot topic.
In an article in 2016 published by the Guardian reveals that Data shows 95% of Google privacy requests are from citizens out to protect personal and private information – not criminals, politicians and public figures.
The new introduction of the GDPR is providing users even greater control over their data on how their data is acquired used stored and managed.
You as a consumer can see the benefits in this, but it is a challenge for any business and it limits companies on how to capture, use, manage and store the personal data of consumers.
A lack of compliance with the GDPR rules by any website, business or service including affiliate marketing networks will result in trouble for everyone who has handled the data.
Good News for Affiliate Marketer
As the GDPR will require a double opt-in, it also means quality and valuable content will increase your opt-in rate. Any good marketer will put the effort into the content and maximise the quality over quantity.
Good news for affiliate marketing networks as they should be working on quality content instead of quantity. The more attractive the content the better the adoption rate or the acceptance that a website will capture the personal data of any potential customer.
It will be a big wow and how like when the new cookie legislation was introduced. Everyone was expecting the change will have a big impact on marketing and the ability to personalise the content online for users. In reality, it went the opposite way as after an initial peak of interest, consumers got used to clicking the “I accept” pop up of any new websites they visited.
Do we expect a similar action for the double opt-in measures? yes, we do. After the first period, people get used to it and it will go automatically. People adjusting fast.
With technology playing a vital role in most things we will be facing exciting times. The GDPR puts the control back into the hands of the user and makes organisations aware and comply with stricter rules about handling and storing personal data. Non-compliance will result in large fines stipulated by the EU Commision.
Checklist for Affiliate Marketers to comply with the GDPR
• Re-think on how you collect, use and store the personal data on your site or system. What system and which part needs to be changed and upgraded to comply with the GDPR.
• Provide honestly and transparency to your customers ( including your website users or give your personal information for a freebie). Explain the legal basis of collecting their information. Provide accurate information on how their information is stored, shared, managed and processed. Give an explanation of how their data is protected.
• Use a different contact address so that users can contact you to request correction or deletion of their personal data. I recommend a different email or contact address so that this information will not land in spam or get overlooked by you or your staff.
• Inform the existing people from whom you already obtained their personal information about the new changes in the GDPR regulations. Depending on your autoresponder you might have to ask them to opt-in again to your mailing lists or marketing databases.
• Protect yourself and ensure that you’re taking all of the necessary steps to comply with the new GDPR regulations. A way to keep the stored personal data of your customers safe using device encryption, and not storing, processing, or transferring data of EU service users outside of the EEA other than to other territories that have their own laws that comply with the regulations.
• Assure yourself and double-check with your affiliate scheme or network that they have their own GDPR regulations in place. The reason for this is when you pass on personal information data that you have collected to the scheme itself as part of running your affiliate business, the same rules apply at every stage of the process.
• Please remember that getting your affiliate marketing up to standard and comply with the GDPR regulations, is up to you. As you are part of collecting, storing, manage and process those personal information data.
This article is intended as a basic guide to the GDPR for affiliate marketers and doesn’t take the place of professional legal advice.
GDPR Penalties Short Version
If you do not follow the GDPR rules for your European customers than you might face potentially stiff measures.
The worst-case scenario is that a business that has not complied with the GDPR regulations can be fined up to Euro €20 million or four percent of their annual turnover, whichever is higher.
I would say if you comply then the chances of being penalised are considered low, but if you deliberately or negligently fail to follow or comply with the GDPR regulations, or a serious data breach that could have prevented will compromise the integrity of your site or service user’s personal information data and rights -you might face penalisation.
Last not least follow the rules of the new GDPR Regulation.
As we deal with the world wide web, we do not know when our customer will be from Europe or any other state.
It also helps us in our Authority standing and builds trust with the customers or subscribers. I believe it is a good measure to ensure that our personal information data is protected. The scandal about Facebook leakage where 87 million personal user information data being collected and apparently used without permission just shows how vulnerable the digital world is.
With technology playing a vital role in most things we will be facing exciting times. The GDPR puts the control back into the hands of the user and makes organisations aware and comply with stricter rules about handling and storing personal data. Non-compliance will result in large fines stipulated by the EU Commission.
None of the above should be construed as legal advice. Seek legal counsel if you believe your company may be impacted by the GDPR.
What do you think about the GDPR and how would you say will it be impacting the Website owners, online businesses, online services and or organisations.
I like to hear from you and how what do you think about the GDPR?
Please take the time to read it carefully and update your Website. It is essential that you do this. As the security breach is getting more and more do you think that RSS might make a comeback again? Please share your thoughts, if you have problems with setting up your GDPR leave me a note I am happy to help.
Have a look at my other blogs