GDPR and its Impact on the Internet
What you need to know about GDPR
GDPR (General Data Protection Regulation) is a piece of EU legislation with the main purpose to protect users and their data. It replaced the 1995 Data Protection Directive and went into effect on May 25, 2018.
According to the GDPR directive, personal data is any information related to a person such as a name, a photo, an email address, bank details, updates on social networking websites, location details, medical information, or a computer IP address.
It can also include such confidential data as racial and ethnic origin, religious or philosophical ideas, political views, genetic and biometric information, sexual life information.
Companies can no longer store this information without a particular reason. They are allowed to store only data necessary for their functioning with your consent on that.
It is the largest legislation of its kind and has had a far-reaching effect, extending beyond the borders of the EU.
GDPR applies to all businesses and organizations established in the EU, regardless of whether the data processing takes place in the EU or not. Even non-EU established organizations will be subject to GDPR. If the business offers goods and/or services to citizens in the EU, then it’s subject to GDPR.
There are penalties for companies and organizations that don’t comply with GDPR. The fines are up to 4% of annual global revenue or 20 million euros, whichever is greater.
User rights guaranteed by GDPR
- The right to access. Users have the right to request access to their personal data and to ask how their data is used by the company. The company must provide this information free of charge and in electronic format if requested.
- The right to be forgotten. If consumers are no longer customers, or if they withdraw their consent from a company to use their personal data, then they can ask a company to delete their data.
- The right to be informed. Individuals must be informed about what data is gathered, and they must give their consent on that. Consent must be freely given rather than implied.
- The right to be notified. In case of a data breach, companies must notify the users within 72 hours of first having become aware of the breach.
What impact did GDPR have on the Internet?
How has the Internet changed since the new regulation went into effect? Is GDPR actually working? Or are we still caught in an information dystopia?
GDPR has changed the general attitude towards personal data. The Regulation has highlighted the issue of data protection and it is now taken much more seriously. Suffice it to say that 500,000 organizations have registered data protection officers across Europe since GDPR came into force.
Data from the GDPR Small Business Survey
Before GDPR, organizations could use the email address that you stated during the registration process to send you newsletters and ads. Now, they are required to introduce some changes to the fill-out forms so that users are able to choose whether they want to receive the newsletter or not.
A study claims that there’s also a considerable drop in the use of third-party cookies that were initially placed to facilitate user data collection. They were used for a variety of purposes such as storing search queries, detecting user behavior patterns and information tracking.
According to Sizmek, almost 80% of organizations expect their audience targeting with third-party data to be limited due to GDPR. However, contextual targeting can fill this gap. The same report claims that 87% of marketers are planning to increase contextual targeting in the next 12 months.
Neill Burton (Zeropark) on how GDPR influenced the affiliate marketing industry
We have reached out to Neill Burton, Head of Account Management at Zeropark, to discuss how GDPR has affected Zeropark and affiliate marketing in general.
Could you tell us how GDPR has impacted your traffic volumes? And why?
Zeropark was not hugely impacted when GDPR was put into place as a large proportion of our traffic comes from Toolbars, Push Notifications or other services where the user has to implicitly give permission for the ad-on, notification or app to show adverts. To put it shortly because most of our formats are opt-in at Zeropark traffic volumes were barely affected.
How has GDPR impacted affiliate marketing?
Any campaign which collects data on a user has to be very open about what they are collecting and have an agreement for this data, so it has made Lead Generation and Pin Submit campaigns more complicated. Also, the data an affiliate can collect on a client has become more limited.
Affiliates working with EU countries are now facing certain limitations on data collection. Companies are forking over huge sums of money to comply with the new data protection regulations.
However, from the user point of view, the changes have proved to be positive. Now, EU residents have more control over their personal data, they can set up cookies to prevent data leakage, ask for information on what data has been gathered and for what purposes and withdraw their consent from a company to use their personal data.
In 2018, only a few companies were subjected to fines. In 2019, however, everything changed. For instance, Google was fined $50 million.
According to a 2019 small business survey, the majority of entrepreneurs (86%) said it was essential to comply with GDPR.
So, changes do happen — but gradually.