All businesses not matter whether they are large or small, they will have an obligation to ensure that they are compliant with GDPR law when it comes into effect on May 25th 2018.
What is the GDPR?
Many business owners are hearing GDPR mentioned and wondering what it is. GDPR is the EU General Data Protection Regulation and this new legal framework governing the use of personal data covers all EU markets.
This change is being rolled out to protect users in this new digital age that we live in. The GDPR legislation replaces the current national data protection laws. The existing EU data protection framework was set up in a totally different era when data was handled in a totally different manner.
The new GDPR is being set up in 2018 designed to give consumers the control they need to look after their personal information. This applies to all EU countries and this will not change with the UK Brexit developments with the EU.
The British Government has given a statement that they intend to implement the legislation alongside EU member nations.
Does My Company Need To Take GDPR Serious?
The GDPR legislation means that organisations can be fined 4% of annual turnover or up to €20m if the company does not follow the guidelines and breaches the law. SO YES TAKE NOTE…
GDPR New Rules for Personal Data
The core focus of GDPR is Consumers’ personal data. The classification of personal data is broadened under the GDPR which means that data used within the affiliate industry for example and other industries that also rely on personal data that currently do not consider personal data and contribute to many issues around data leakage will now be classified under the GDPR.
Currently, a definitive list of personal identifiers doesn’t exist usage by affiliate marketers but with the GDPR rollout, it will include the capturing of information such as session cookie ID data, customer-unique numbers, IP address information, device ID data and more…
Basically, any information captured that is a unique identifier that can be used by networks and platforms as part of standard tracking will need to be reviewed as to what and how the data is captured and stored.
Publishers using affiliate tracking will, therefore, have an obligation to ensure they are legally compliant with the new regulation.
Processing Personal Data
To process personal data businesses need to look at how they process data. Basically, there will six legal bases available with the two most commonly used in the digital advertising sector being consent and legitimate interest and this is going to change the way many businesses operate their outbound sales.
Legitimate interest is totally different from consent and if a business wants to use this data method as a legitimate interest they have to be confident that they can demonstrate this method compared to consent which is considered necessary in offering individuals a real choice and control. The concept is to provide genuine consent for individuals to in control and as a result, a business will have to build customer trust to enhance the business reputation”.
There is also contract legal basis which is only available if you have specific contract agreements in place between a business and its consumer. This allows personal data to be collected and then processed and used by publishers.
ePrivacy Directive (Cookie Law)
Banners and pop-ups on websites that are seen when viewing websites informing consumers about the use of cookies to track online activity fall under the ePrivacy Directive (Cookie Law).
This directive also applies to promotional email marketing and SMS marketing.
Phone call marketing also needs consent and GDPR does not supersede the ePrivacy Directive instead it will run alongside. This Directive is currently still under review to ensure it aligns with the GDPR.
So what GDPR mean to publishers?
The publisher should be reviewing the consent mechanisms in place along with ICO guidance and making changes accordingly before May 25th 2018 and all forms of online advertising across the industry will need to look at the general standards and approaches to what is and more importantly, what isn’t allowed.
We have been asked about building consent tools to ensure websites are GDPR and ePrivacy Directive compliant in time for the May deadline which as we develop software can be used for other businesses.
If you would like more information please get in touch.