The GDPR Rule. What is the General Data Protection Regulation (GDPR)
The GDPR Rule is a law that gives European Citizens more control over the personal data collected by businesses or services. It seeks to clarify the rules and responsibilities for online services with European users. On the 25th of May 2018, it will replace the directive governing data protection passed in 1995. It has some dramatic changes to the existing convention, including:
- It will unify the rules on how companies should handle the data of European Citizens.
- An in-detail Expansion in the scope of what is understood to be personal data.
- Identify and clarify the responsibilities and roles of those who control, manage and process the data.
- Enforcement and streamlining the authority to one supervisor per member state.
- Information duty of notifying customers of a data breach within 72 hours.
- Greater penalties for non-compliance.
Who is affected by the new GDPR Rule?
All Companies and Businesses of any size across Europe will need to comply with the new GDPR Rule.
The General data protection rule (GDPR) will apply across all EU countries. The European Union Parliament passed the first set of rules in 2016, and the new GDPR Rule will now take this over in May 2018. Each EU Member state will have its supervising authority.
Does this law apply only to companies based in the European Union?
No — it is not. It is a major game-changer for international news. Any Organisation that collects manages, processes and stores data of European Citizens is affected by the GDPR.
It includes most major online businesses and services that collect, process, manages and stores data or personal information.
The GDPR sets new global standards for data protection.
The GDPR is intended to set out the rules for how the personal data of European people/customers can be collected, stored and shared. This protects the European Customer and offers individuals more say over who holds their data and how it can be used. I believe it is a great way to protect the customer.
The GDPR Rule (General Data Protection Regulations) A Short Explanation.
What is Personal data?
It is anything that can be used to identify a person directly or indirectly. That includes all the online tools like cookie information, email addresses, names, IP addresses of devices, IP addresses in general, bank details, emails, social media like Facebook, Twitter, Snapchat, Instagram, Reddit, Blogs, Pinterest,
According to the GDPR Rule, if you are collecting, processing or storing applicable personal data from EU customers, you must obey the new rules. You must only obtain that data through an opt-in consent, contractual necessity, a legitimate interest, a public task, a vital interest, or a legal obligation.
Those are defined in a frame within the regulations and the subject of the current discussion surrounding the applicability of any business or business models.
How will the GDPR Rule affect Affiliate Marketers?
Suppose the Affiliate Marketer is not located in the EU but sells and collects and stores personal data like ( like emails, membership details etc.) from European customers. In that case, the GDPR Rule will apply to the Affiliate Marketer.
The GDPR is affecting everyone, including affiliate Marketers with customers from Europe. It will be a challenge for some, and it does not matter if you are in Europe or the US. If you have European customers, you need to comply. The deadline is approaching, and it is time to get ready.
Below are some key points and an overview of the potential GDPR implications for any affiliate marketing business.
If you are running an Affiliate Business and collecting data from your customer, you need to openly show and explain how the collected Data will be handled and stored.
Does the GDPR Rule affect Social Media?
Many large online services and social media companies are updating their privacy policies and terms of service to prepare for the new legislation.
Due to the company’s checkered past with user data, Facebook’s response is sure to be closely scrutinized by European regulators. The recent Cambridge Analytica scandal, in which millions of US voters had their Facebook data misappropriated by consultants working for Donald Trump’s presidential campaign, is only the most recent mishap.(https://www.cnet.com/how-to/how-facebook-is-responding-to-europes-new-gdpr-privacy-rules/)
Now Google plus had a security breach and will close down in April 2019 the Social Platform
Facebook had another breach on November 3rd 2018
Facebook moves 1.5bn users out of reach of new European privacy law
Facebook has moved more than 1.5 billion users out of reach of European privacy law, despite a promise from Mark Zuckerberg to apply the “spirit” of the legislation globally.
In a tweak to its terms and conditions, Facebook is shifting the responsibility for all users outside the US, Canada and the EU from its international HQ in Ireland to its main offices in California. It means those users will now be on a site governed by US law rather than Irish law.
The move will come into effect shortly before the General Data Protection Regulation (GDPR) comes into force in Europe on 25 May. Facebook is liable under the GDPR Rules for fines of up to 4% of its global turnover – around $1.6bn – if it breaks the new data protection rules.
The shift highlights the cautious phrasing Facebook has applied to its promises around GDPR. Earlier this month, Zuckerberg demurred when asked whether his company would promise GDPR protections to its users worldwide. “We’re still nailing down details on this, but it should directionally be, in spirit, the whole thing,” he said.
Facebook told Reuters, “we apply the same privacy protections everywhere, regardless of whether your agreement is with Facebook Inc or Facebook Ireland”. It said the change was only carried out “because EU law requires specific language” in mandated privacy notices, which US law does not.
In a statement to the Guardian, it added: “We have been clear that we are offering everyone who uses Facebook the same privacy protections, controls and settings, no matter where they live. These updates do not change that.” Facebook moves 1.5bn users out of reach of new European privacy law
Does the GDPR Rule apply to affiliate marketers?
Yes, it does apply to all affiliate marketers unless you do not target the European market and you do not collect data or monitor the data of European Citizens.
Who falls under the GDPR Rule?
- A Brand, a business, a business organisation, all the huge multinational conglomerates, freelancers and one-man sole traders that utilise a third-party website to drive back sales to their website to create sales the new GDPR will challenge this for Affiliate Marketers.
- It even applies to people who don’t make any money or sell things from collecting and using other people’s data (bloggers’ personal or business blogs), anything that captures and or monitors data about the people in the EU.
- With the new GDPR, the liability is extended to all organisations that touch personal data. ( Affiliate marketers with Opt-in pages, an email list, membership sites, a.s.o.)
- With the old set of GDPR rules, the main responsibility of data processing and data regulation was the responsibility of the organisation that stored the data or the organisation that controlled the data. The new GDPR has changed that. Now in the chain of data collection, everyone is responsible, and everyone who comes in contact with personal data needs to set out and inform the customers how the data is stored and managed.
- What does it mean in short
What it means is that Affiliate Marketers can now be held responsible for the data they collect from their opt-in subscribers.
Below you will find a few things an affiliate marketer should remember when getting ready for the GDPR.
The following rules apply from the 25th of May when the GDPR Rule is implemented. You are only allowed to store the customer’s data if …
- The person who subscribes to your online service ( blog, e-book, membership, etc.) has allowed you to use their data.
- In case you need the data to fulfil a contract with the person that provides it ( selling them goods or services).
- If you have a legitimate and vital interest in the data information
- You are legally obligated to use the data.
- The data information will be used to perform a task in the public interest.
I would say the first two points are more common for the standard of an Affiliate Marketer.
A video tutorial for the GDPR Rule and how to set it up on your website
What does the GDPR Rule mean for the Affiliate Marketer?
This means, in practice, that any time you ask or request personal information from a website user or customer (in this case (a European customer), they need to opt-in or consent to using their data.
As an Affiliate Marketer, you can not divide the website or the landing page into two parts; if you have European customers, you should follow the new GDPR Rules.
When using a contact form or an opt-in form, you will need to change the current one to apply to the GDPR rule. That means that if you collect data for marketing purposes as part of a sign-up, content download, landing page or squeeze page, etc., you have to get permission from that person.
If you currently use a contact form that has to be ticked to opt out or pre-ticked with opt-in permission (default settings), then you will need to change it so that the default setting is opting out, and the customer has to opt in instead.
The same rule applies to people who email or give you their data or information in any other form of communication. With the new GDPR Law, you can only request that information if one of the bullet points above applies to it.
You must clarify to your customers or visitors why you need their personal information and data. You also need to explain how to tell them what you will do with their information and how long it will be stored in your system.
How should an affiliate Marketer prepare for the GDPR Rule?
As an Affiliate Marketer, you will have quite some things to do when you have to comply with the GDPR.
You need to update and inform new and old customers on which basis you collect their data, why you are collecting it and how you will use it.
An explanation of what purpose the data will be stored and used for and how you will protect the collected data.
One more thing you have to inform is how long the data you collected will be stored on your site or in your system.
The biggest challenge the affiliate marketers will face is our marketing activities themselves. Many successful affiliate marketers rely on direct marketing to boost sales and reach customers through personal data collection on their site when subscribing, through contract sales or when opted in.
Affiliate Companies will need to follow the GDPR Rule.
Affiliate Companies operating as a business or business organisation have to implement adequate data management procedures and protocols and potentially enlist a Data Protection Officer (DPO) to ensure that the business is continuously complying with and updating the new rules and regulations.
Any customer has the right to the request to be forgotten at any point, and the process of this request must be accurate and swift. Sensitive data must be kept up-to-date and accurate and not kept longer than necessary.
This means an affiliate marketer and their websites to determine how long is “necessary” and maintain regular housekeeping on their sites to cleanse their collected data accordingly.
Google, Bing, Yahoo, Yandex, Duck Duck and other Search Engines
Google, Bing, Yahoo, Yandex and other search engines lost the right to publish data without any perceived responsibility or consideration to an individual. The request to be forgotten online, like in Article 17: Right to erasure (‘right to be forgotten) has always been a hot topic.
An article in 2016 published by the Guardian reveals that Data shows 95% of Google privacy requests are from citizens out to protect personal and private information – not criminals, politicians and public figures.
The introduction of the GDPR Rule gives users even greater control over their data on how it is acquired, stored and managed.
You, as a consumer, can see the benefits in this, but it is a challenge for any business, and it limits companies on how to capture, use, manage and store consumers’ data.
A lack of compliance with the GDPR rules by any website, business or service, including affiliate marketing networks, will result in trouble for everyone who has handled the data.
Good News for Affiliate Marketers
As the GDPR will require a double opt-in, quality and valuable content will increase your opt-in rate. Any good marketer will put effort into the content and maximise quality over quantity.
Good news for affiliate marketing networks as they should be working on quality content instead of quantity. The more attractive the content, the better the adoption rate or the acceptance that a website will capture the personal data of any potential customer.
It will be a big wow, like when the new cookie legislation was introduced. Everyone was expecting the change will greatly impact marketing and the ability to personalise the content online for users. In reality, it went the opposite way after an initial peak of interest; consumers got used to clicking the “I accept” pop-up on any new websites they visited.
Do we expect a similar action for the double opt-in measures? Yes, we do. After the first period, people get used to it, and it will go automatically. People adjusting fast.
With technology playing a vital role in most things, we will face exciting times. The GDPR puts the control back into the hands of the user and makes organisations aware and complying with stricter rules about handling and storing personal data. Non-compliance will result in large fines stipulated by the EU Commission.
Checklist for Affiliate Marketers to comply with the GDPR Rules.
• Re-think how you collect, use and store personal data on your site or system. What system and which part needs to be changed and upgraded to comply with the GDPR?
• Provide honesty and transparency to your customers ( including your website users or give your personal information for a freebie). Explain the legal basis of collecting their information. Provide accurate information on how their information is stored, shared, managed and processed. Explain how their data is protected.
• Use a different contact address so that users can contact you to request the correction or deletion of their data. I recommend a different email or contact address so that this information will not land in spam or get overlooked by you or your staff.
• Inform the existing people from whom you already obtained their personal information about the changes in the GDPR. Depending on your autoresponder, you might have to ask them to opt-in again to your mailing lists or marketing databases.
• Protect yourself and ensure you’re taking all necessary steps to comply with the new GDPR. A way to keep the stored personal data of your customers safe using device encryption and not storing, processing, or transferring data of EU service users outside of the EEA other than to other territories that have their laws that comply with the regulations.
• Assure yourself and double-check with your affiliate scheme or network that they have their GDPR in place. The reason for this is when you pass on personal information data that you have collected to the scheme itself as part of running your affiliate business; the same rules apply at every stage of the process.
• Please remember that getting your affiliate marketing up to standard and complying with the GDPR is up to you. As you are part of collecting, storing, managing and processing those personal information data.
This article is intended as a basic guide to the GDPR Rule for affiliate marketers and doesn’t take the place of professional legal advice.
GDPR Penalties Short Version
You might face stiff measures if you do not follow the GDPR rules for your European customers.
The worst-case scenario is that a business that has not complied with the GDPR can be fined up to Euro €20 million or four per cent of their annual turnover, whichever is higher.
I would say if you comply, then the chances of being penalised are considered low, but if you deliberately or negligently fail to follow or comply with the GDPR Rules or a serious data breach that could have prevented will compromise the integrity of your site or service user’s information data and rights -you might face penalisation.
Last but not least, follow the rules of the new GDPR Regulation.
As we deal with the world wide web, we do not know when our customers will be from Europe or any other state.
It is best to update your privacy and cookie policies and follow the GDPR rules for the contact and opt-in form. It should be in our interest to protect our customers or website visitors.
It also helps us in our authority and builds trust with the customers or subscribers. I believe it is a good measure to protect our information data. The scandal about Facebook leakage, where 87 million personal user information data is being collected and used without permission, shows how vulnerable the digital world is.
With technology playing a vital role in most things, we will face exciting times. The GDPR puts the control back into the hands of the user and makes organisations aware and comply with stricter rules about handling and storing personal data. Non-compliance will result in large fines stipulated by the EU Commission.
None of the above should be construed as legal advice. Seek legal counsel if you believe the GDPR may impact your company.
What do you think about the GDPR, and how would you say it will impact Website owners, online businesses, online services and organisations?
I like to hear from you and how what do you think about the GDPR?
Please take the time to read it carefully and update your Website. You must do this. As security breach increases, do you think RSS might make a comeback again? Please share your thoughts; if you have problems setting up your GDPR, leave me a note I am happy to help.
Have a look at my other blogs