Unless you’ve been living under a rock, you’ve likely heard of the EU’s General Data Protection Regulation (GDPR). The European data initiative went into effect on May 25th to replace the current EU Directive on data protection, and will impact how every business engaging with EU residents’ data operates from this point forward.

Companies now need to follow strict regulations regarding how personal data is processed, stored, and moved. Personal data can’t be processed in a way that would singularly identify the user, and companies will also need to get a user’s consent before collecting any data in the first place. In short: European citizens now have the right to determine how their data is handled at any time.

However, just because the regulation is EU-based, doesn’t mean American marketing players won’t be affected. Affiliate marketing is a global game, and advertisers and publishers alike will need to change their processes in order to protect personal data. Here’s how they need to comply:

Advertisers need to notify users they’ll be retrieving data

As cost-per-action marketing requires the collaboration of advertisers and publishers through an affiliate network, the main tie between them is undoubtedly websites – and the data they generate. The ecommerce shops are hosted by the advertiser, and the ad spaces – such as blogs, forums, or social media accounts – are hosted by the publishers who refer their visitors to these shops.

Now after May 25th, it’s prudent for all advertisers to clearly display on their websites exactly what data they collect based on a unique user ID, why they do so, and how it will be used in the future. The most efficient way to do this is through a pop-up. Because in addition to explaining how consumer data is collected and used in accessible language, the GDPR also calls on companies to give consumers the power to ‘opt-out’ of data collection if they so choose.

“Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it,” writes this GDPR website. So it doesn’t matter how user information is being collected. But what does matter is that users know it’s happening, and they have the opportunity to withdraw.

Website owners need to give users the chance to opt-out of cookie collection

Different from pure data collection, ecommerce websites also have to notify users they’ll be collecting cookies – which as we all know, is one way publishers get credit for a sale. In combination with other factors, cookie collection can technically identify users.

“Natural persons may be associated with online identifiers […] such as internet protocol addresses, cookie identifiers or other identifiers […]. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them,” writes the GDPR.

EU legislation on cookies actually already exists, which makes it mandatory for websites to inform users that cookies are being collected. However with the emergence of the GDPR, cookie compliance will be brought to a new level.

While previous to the GDPR, companies could put a banner on their websites to inform users about cookie collection, this will no longer be sufficient. Instead of a user simply being able to ignore a banner,  consent to collect cookies needs to be done through a clear action – such as an ‘opt-in’ or ‘opt-out’ box that must be checked to proceed. If a user agrees for cookies to be collected but later changes their mind, companies also need to make it easy for them to reverse the decision.

Anyone who is well-versed in the affiliate marketing industry could see how this might be problematic – after all, cookies are a core component for affiliate marketing success. In this, our own affiliate network Admitad – along with other companies – have been working together to create a one-time registration for users to opt into. The e-commerce platforms that participate would be able to identify the user, and determine if they’ve already given their consent. If so, there’d be no need to ask again.

Publishers will need to attract customers differently

With the GDPR, publishers will have to work significantly harder to make a profit. However the good news is that successful affiliate marketing players engage in a number of strategies to reel consumers in – and the new regulation will force publishers to flex their muscles in more innovative affiliate marketing models. This includes influencer marketing, promo codes or native advertising, for example.

In fact, Admitad offers a number of tools to empower publishers to automate mundane tasks, and thus earn more revenue through creative campaigns. One such tool is Product Feeds. The tool features product catalogues with descriptions, images and prices – which then helps publishers launch websites for feedback and loyalty programs, or send mass email campaigns.

Other Admitad tools make it easier for publishers to get paid. There’s  Mobile SDK, for example, which enables tracked sales within mobile applications. Recently released TagTag – which is a JavaScript code that advertisers place on their website – provides cross browser and cross device tracking to ensure publishers get the reward for orders even if several browser and devices were used. So even if a user is in incognito mode, or clicks the affiliate link in one browser but performs and action in another, Admitad still keeps the statistics. And since the action can be tracked between devices as well, publishers who drive mobile traffic will be taken care of.

The GDPR is no slight change, and will surely impact how businesses worldwide engage with consumers. And yes, that means ecommerce platforms and other affiliate marketing players, too. In this it’s prudent for marketers to educate themselves on the new laws, and be as transparent as possible when working with consumer data. After all, that is what consumers deserve.

This article is not a legal advice. For accurate consultation on legal matters Admitad strongly recommends readers to speak to a lawyer or visit a legal consultation office which specializes in the GDPR.

About Admitad
Admitad is a cost per action (CPA) affiliate network that connects advertisers with publishers across the world to drive sales for advertisers. Among admitad’s affiliates are advertisers such as Lamoda, KupiVip, AliExpress, Booking.com, GearBest, Qatar Airways, ASOS, YOOX, SHOPBOP, Papa John’s, L’Etoile, МТS, Delivery Club and others. Admitad works with more than 1,500 advertisers and more than 650,000 publishers, registering in total more than 5,000,000 target visitors per day.