How will the GDPR affect affiliate marketers?

Neil Kokemuller
Neil Kokemuller
February 28, 2018

As the deadline approaches for the European Union’s General Data Protection Regulation (GDPR) to go into effect, there are concerns as to how the regulations will affect affiliate marketers. Now is a good time to explore some of the issues around GDPR and what affiliate marketers should know.

The following is an overview of key points to know about the potential implications of the GDPR for your affiliate marketing business.

Global Implications

First and foremost, realize that whether you live within an EU country or not, any affiliate marketer that conducts business globally is potentially impacted. The regulations do not just apply to operators within EU borders.

The primary provisions of the GDPR increase consumer protections and outline how companies have to protect and handle private information collected on consumers. Thus, if you have prospects or clients within the EU, it is necessary that you take the time to understand your requirements to comply.

Limitations to Targeting Practices

While the EU regulations are designed to apply to companies around the world, there are limitations. GDPR will not necessarily apply to affiliate marketers that do not intentionally target EU consumers with their websites, content, products, and currency pricing. However, if you clearly target EU citizens in any of these ways online, you are exposed to the provisions.

Clear Consent for Direct Marketing

The GDPR amplifies the requirements and standards by which consumers consent to allow companies to collect, store, and use personal data for direct marketing. To deliver personalized commercial messages to people via phone, email, social media, instant messages, VoIP, or other technologies, your business must have received direct authorization from a consumer. Email rules are a bit looser, as companies can deliver relevant product and service messages to customers who provide email addresses at the time of purchase.

Easy Opt-out Opportunity

Even if you get consent initially from a consumer, you do not have indefinite right to store and directly promote to a consumer. Your communication must include an easy-to-find and use opt-out request. At any time, a consumer has the right to ask that your business no longer target him or her with promotions and that you clear personal data from your database.

Potential Penalties

Historically, the direct costs of data breaches and the negative public relations were the extent of repercussions for poor data control. These could certainly cause dire results for affiliate marketers, but the GDPR increases your financial hit by allowing for penalties up to the greater of €20m or 4 percent of gross annual turnover for the business. This type of penalty is more than enough to financially ruin a lot of affiliate marketers.


If affiliate marketers conduct business with people in the European Union, the GDPR most definitely applies. It is important that you explore the full scope of these regulations to get familiar with best practices in data security and privacy and work to comply before the law goes into effect in May.