If you attended Affiliate Summit Europe 2018 in February, or keep up with digital marketing industry news, you’ve almost certainly run across many references to GDPR.
The General Data Protection Regulation (GDPR) goes into effect on May 25, 2018, and intends to strengthen and unify data protection requirements within the European Union (EU).
Basically, it sets a series of rules for companies to follow when they are collecting, storing, and/or processing data from individuals in the EU.
As a U.S. based affiliate marketer, you may think that the GDPR doesn’t really relate to your business. However, one major change from previous data protection requirements is that companies outside the EU will be monitored and required to comply with the new regulation and GDPR is enforceable outside the EU.
This means if your company collects personal data from any individuals within the EU – including email addresses – then you must comply with GDPR. It also retroactively applies to data you have previously collected, rather than just new data you begin gathering after the regulation goes into effect in May. There are severe penalties for companies that are found to be in non-compliance, so understanding the rules is vital to your business.
Here are three steps to consider with regard to GDPR:
With minimal online searching, you will find tons of articles, guides, webinars, and other content resources available on GDPR. They range from general overviews to the analysis of how it impacts specific industries (like email marketing). You know your business better than anyone else ever will, so get an understanding of the regulation and you can evaluate how your business fits into the guidelines to determine immediate business impact.
Get Expert Advice
When you’re dealing with legal regulations, it is always advisable to get expert legal advice. If you have a lawyer or law firm here in the U.S. that’s a great place to start. But, you may want to find a company that delivers expertise on GDPR preparation or even speak with a law firm in the EU. Firms in the EU are already heavily focused on GDPR and many are engaged with multiple global clients preparing for the regulation. Act now because the current high demand for these services can make it difficult to find one that has time enough for even a high-level conversation about your company’s GDPR needs.
Make a Plan for Compliance
If you collect any personal data from individuals in the EU, which includes email addresses, do not ignore GDPR. Make sure you understand the rules around recording consent and the various rights that individuals have regarding their data (like the ‘right of erasure’) and consider how to adhere to the guidelines.
The biggest takeaway is not to assume the GDPR doesn’t apply to you because you’re located in the U.S. Being informed and prepared can put you in a good position to succeed in a post-GDPR affiliate marketing world.