At the PMA, we have been receiving a lot of questions about the GDPR and how it relates to affiliate marketing. With the help of the Compliance Council, I have come up with some basic information you need to know plus a roundup of great resources written by PMA members that go into even more detail. At the very least, your company should understand what the GDPR is and the extent to which it does (or does not) impact your business.
What is the GDPR?
The General Data Protection Regulation (GDPR) is a set of data protection regulations (binding legislative acts) governing the use of personal data across the European Union (EU). It takes effect May 25, 2018. Even if your business is not located in the EU, you must comply with the GDPR rules if you “offer goods or services to, or monitor the behaviour of, EU data subjects.”
Personal data is anything that can be used to directly or indirectly identify a person including cookie information, names, email addresses, IP addresses, device IDs, bank details, and more.
Under the GDPR, if you are collecting, processing, or storing applicable personal data from EU customers, you must only obtain that data through opt-in consent, contractual necessity, a legitimate interest, a vital interest, a public task, or a legal obligation. These are all narrowly defined within the regulation and the subject of much of the current discussion surrounding the applicability of the regulation to different business models.
If the GDPR applies to you, you must inform your customers under which basis you are collecting the data and the purpose for the collection. This may include updating privacy policies and cookie notices.
Several PMA members (Awin, Impact Radius, Performance Horizon, Rakuten Affiliate Marketing) have collaborated with other UK affiliate companies to publish a basic, industry-wide message. In addition, many of them are providing in-depth coverage on their sites regarding not only how their companies are dealing with the GDPR but also general information on how it applies to our whole industry. You’ll find the agreed-upon industry-wide message as well as other great resources below:
The GDPR FAQ’s (Rakuten)
GDPR and Tune: What it is and what it means for you (TUNE)
GDPR and ePrivacy Guidance (Awin)
The GDPR and What It Means for Affiliates (Performance Horizon)
None of the above should be construed as legal advice. Seek legal counsel if you believe your company may be impacted by the GDPR.
Tricia Meyer is an attorney and affiliate marketer. She is the founder and owner of Helping Moms Connect and Sunshine Rewards as well as the current Executive Director of the Performance Marketing Association. You can find her on Twitter @SunshineTricia.
Latest posts by Tricia Meyer (see all)
- PMA Recap of ASW18
- What You Missed from the PMA in 2017