It’s finally here! GDPR (General Data Protection Regulation) has been in our lives for couple days now, and we are going to give you the facts you need to know to survive it. That’s right! You don’t have to close your affiliate business. Just read this article and everything will be fine.
Disclaimer alert! This not legal advice. You should always seek professional advice when dealing with legal matters.
For starters, let’s take a quick look at a short fictional conversation that covers the basics:
Seriously? What is GDPR?
GDPR is a new set of rules laid out by the EU. It tackles the issues of the handling of personal information of residents in EU states. (The UK is a part of it as well, even though they left the EU). In a general sense, not much is really changing. The rules were already quite strict, and if you didn’t follow them before, you probably won’t follow them now. If, however, you are already following the previous guidelines and have disclaimers, T&Cs, privacy policy and double opt-in data, then you are okay! The problem now is that, if you don’t, there will be tougher sanctions as you can now be fined massive amounts of money; either €20 million or 4% of your annual turnover (whichever is higher) if you breach the law.
The overall aim of GDPR it is to give people more control over what happens to them on the internet, i.e. how their personal information is handled and what it’s used for. With that in mind, users of your service, website, etc. should be kept informed about their data and be given a clear and concise way to prevent you from using it, should they wish to.
Wow, that’s a lot. How much did you say?
€20 000 000! Or 748 863 129 Thai Baht.
What do I have to do to stay safe?
You need to make sure that you handle the personal information you collect in the right way and inform your users about it. This can be done by updating your privacy policy and terms of data usage at the bottom of your web pages.You need to write what you collect, how long you hold it for, and why. You also need to inform people of the type of data you collect, e.g. personal information: customer number, IP address, device ID, cookie ID, etc.…
How do I do it?
Unfortunately we can’t give you advice on how you should implement GDPR, however, here is a link to the official EU site, which has all of the information you need to keep you and your users safe.
Is it really that bad? Am I in trouble already?
No, it’s not, and no you aren’t. Even though GDPR has come into effect, we are still in the transition period as it’s not possible for everyone to be compliant from day 1. In fact, if rumour mills are to be believed, it could take up to two years for the EU to understand fully how everything works. The likelihood is that the EU will test out their powers out on large companies first, as they will be the ones who can actually afford to pay the fines. Once news of this hits, then it will be time to start making sure that you have made every single precaution necessary. That doesn’t mean you should delay until the news breaks, just don’t freak out until then, by which point, you should be up-to-date anyway.
Thank you! I am a bit calmer now.
You’re welcome!
Online Marketing and GDPR: Before and After
Before GDPR:
To be completely compliant before the introduction of GDPR you had to have disclaimers, terms and conditions, a privacy policy, cookies policy and, when somebody signed up on a page you used to collect data for monetisation. Users had to be informed that their data was being collected and that they would be sent emails for advertising purposes.
After GDPR:
You now have to separate things and be more specific. If people register on your site and you only collect data for the purposes of registration, then you can only inform them about the product or service they signed up for.
If you want to monetise the data which you harvest, then you need to ask people for it, and they have to agree to give it. Users must opt-in to providing their data, meaning you can’t have an automatic tick next to where it says “I want to receive 3rd party offers and advertisements”. They have to physically click on it themselves and, if they don’t, you can’t force them to. This means that they should still be able to register without agreeing. Therefore, you can’t put a popup on your site that says“You have to agree or something bad will happen!”
If you work with any customer data, you will have to separate your databases, one for registration and general information about your offers – this can be specified in your T&Cs. You will also need extra permission for sending anything that is not related to the original product or service which the user signed up for. This would require an additional database or an extra field in your current database.
Don’t worry, you can still email your users to ask them for permission to use their data, even though GDPR is now live. You will not go to jail for it.
Tips, tricks and final thoughts
Be creative! There are many ways in which to ask for permission including not asking for permission at all, for example, giving an option to receive information, rather than asking to send it.
Here at ConvertingTeam, we have a lot of tips and tricks up our sleeves about how to be GDPR compliant, and we’d love to discuss them with you. If you haven’t already, make sure you register with our network and we will tell you everything you need to know. If you don’t have time for a meeting, don’t worry, let us know via email or on Skype. We promise we won’t send the EU round for contacting us!