GDPR is on the way and few affiliates are ready for the impact that it will have. On the 25th of May, this new data protection law will come into place and there’s a lot of work for affiliates to do before then. In this article, we’ll be walking you through the basics so you can get your business and your websites ready.
GDPR will come in to force in just a few months and it supersedes all prior data laws across the EU. The intention of the new regulation is to give users more power over their data and where it is used. This won’t be affected by Brexit either, as the UK government has already stated that they will keep the policy.
Failure to comply with the new regulations means you could be fined a maximum of 4% of your annual turnover or €20m. So can you really ignore it?
We’ve compiled some key points from the GDPR that you’ll want to be paying attention to, however there’s a lot more information about this available , so by all means do the research and ensure your particular business and assets are compliant with these guidelines.
The protection of personal data
The main focus of GDPR is to give power to the user concerning their own personal data. While you may hold what is considered non personal data now, the definition of this data set will also broaden in future.
Personal data is more than just a name and an address, it also covers device IDs, cookies and IP addresses. As GDPR comes into force, more of these will be covered under that umbrella data term. You need to start evaluating the data that you hold on your users now, before this ruling comes into place.
Processing personal data
You will also need to give more justification for your legal basis to process and use this data. There are six of these; in total but affiliates specifically will most likely use consent and legitimate interest as their grounding.
It’s not enough anymore to pre-tick a box on your site when your user is filling out a form and call that consent. They have to do that action manually and show that they want to hear from you. Affiliates must start looking at their sites to distinguish problematic areas, like sign up forms and newsletter pop ups ton make sure they operate in the required compliant terms.
Consent tools and software
Naturally, more and more companies are using GDPR as a business development opportunity. This includes companies that provide consent tools that are up to these standards. While these have the potential to be useful for affiliates, you should also do your own research into the compliance issues associated with these tools.
Your Simple GDPR checklist
- Assess your site and existing data collection areas to decide which steps you will need to take to comply with the new rulings for opt in and consent being clear.
- Decide on which legal basis suits the collection and processing of data through your web portals.
- Seek specialised legal advice that is unique to your business from a trusted legal partner that is well versed on GDPR guidelines.
- Update and upgrade your website privacy policies, cookie notices and other terms to detail where and how you collect and store customer data.
- Reach out to operators and networks to ask if they have any guidance on the GDPR as it relates to their position on your site.
- If you have a database of opted in subscribers make sure you recontact them and opt them in to continue to receive content from you and third parties you associate with.
Understanding your further obligations
Each affiliate is different and depending on your site, marketing and existing database you will need to do different things. There’s no real substitution for tailored legal advice, although it might seem pricey it may mean you avoid a massive fine further down the line.
You can also look out for events at which experienced iGaming professionals are speaking, as they’ll no doubt have something to say on GDPR. You should be thinking about how you will get your site in order now, before it’s time runs out and it’s too late.