How the GDPR Affects Your Affiliate Program

By now, you’ve probably heard about the General Data Protection Regulation (GDPR), which went into effect in 2018. It controls how websites collect and store data from visitors in the European Union (EU). It’s important to understand how the GDPR affects your affiliate site, since breaching it could cost you – even if you’re not located in the EU.

Luckily, there are tools in place to help you understand and comply with the GDPR. WordPress, for example, has added built-in tools to make key aspects of GDPR compliance simpler. Making sure your affiliate site is in line with this new regulation might take a little time, but it doesn't have to be a chore.

In this article, we’ll explain what the GDPR is all about, and talk about how you can comply with it. Let’s get to work!

A Brief Primer on the General Data Protection Regulation (GDPR)

The GDPR is a new law in the European Union (EU). It was passed in 2016, but went into effect in May 2018. In a nutshell, it regulates the ways in which websites can collect your personal data.

Essentially, if websites collect data, they must display a disclosure of this fact to EU residents, even if the website itself is not located in the EU. That means even websites based entirely in the United States will be affected by the GDPR, as long as there's a chance they'll attract the occasional EU-based visitor.

What's more, breaching the GDPR can carry a fine of up to 4% of your annual turnover or 20 million euros, whichever is higher. This may leave you wondering what the solution is. To help you get started, let's talk about how you'll need to comply with the GDPR.

What the GDPR Means for You

As a website owner, you have to pay attention to the GDPR regulations. The GDPR states that any company collecting data from EU citizens must comply with the law, no matter where that company is based. Since websites are always collecting some amount of data by default, this means that the GDPR affects your affiliate site.

The GDPR outlines strict requirements. For example, you must adhere to the following key rules:

  • Consent. Obtain informed consent from your visitors. This means explaining what type of data you collect in clear, easy-to-understand language, and having visitors opt in to that collection.
  • Right to access. Your affiliates and other website visitors have the right to request any data of theirs that you've been storing. This means that you must be aware of where your website stores data, even if you use a third-party service.
  • Right to be forgotten. If a visitor withdraws their consent, you must delete any of their personal data that you've stored.
  • Breach policy. You must develop a plan of action in case of a data breach, which includes notifying all affected parties quickly.

Essentially, you’ll need to make sure the data you collect is stored safely, and ensure that users are aware of what you're doing. This is just a snapshot of what the GDPR involves, of course. So we recommend that you take the time to read through the whole thing to get a better sense for how it will affect you.

How Affiliate Marketers Can Comply With the GDPR

Before we wrap up, let’s talk a little more about what you need to do to ensure GDPR compliance. Just as a disclaimer, we’re not lawyers, and this isn’t a complete guide to compliance. Instead, these are just some helpful suggestions to get you started.

To bring your website in line with the new regulations, you'll want to:

  • Give visitors the chance to opt in or out of data collection. If you collect any kind of personal data from your website visitors, you must let them know with a clear opt-in placed prominently on your website. At minimum, even if you haven’t set up any specific data collection features, your website is likely collecting cookies. This is especially true if your affiliate site uses third party advertisements or processes credit card information. You can add an opt-in checkbox to your WordPress site with the WP GDPR Compliance plugin.
  • Display a clear privacy policy. Your website must feature a clearly written privacy policy detailing what type of data you collect and how you use it. The current version of WordPress enables you to generate a privacy policy in your admin dashboard under Settings > Privacy. Make sure to update the template with details specific to your site.
  • Make sure you’re storing affiliate data securely. You need to know exactly what you’re collecting from affiliates, protect it from harm, and be able to provide a copy of it or delete it if necessary. So make sure you’re storing all data collected in a secure way, such as through a third-party cloud storage service.
  • Create a plan to handle breaches. No matter what steps you take to protect your site's data, nothing is 100% effective. Therefore, you'll need to create a plan for what to do in the event of a data breach. For example, if your affiliate site collects credit card information, how would you inform any users whose information may have been affected? What authorities would you reach out to?

There's also a website with GDPR-compliance language and tools you can use on your site. It includes regular webinars that will keep you up to date as regulations change in the future, and live Q&As where you can ask questions. You can also find plenty of handy GDPR compliance guides online.


GDPR breaches can carry a hefty fine and be damaging to your reputation. It’s important to stay on top of the new rules, therefore, and make sure your affiliate site complies with all of them.

To do that, you'll want to (at minimum):

  1. Include a clear opt-in checkbox.
  2. Display a privacy policy written in simple, clear language.
  3. Make sure you’re storing affiliate data securely.
  4. Develop a plan for what you would do in the event of a data breach.

Do you have any other questions about the GDPR regulations? Let us know in the comments section below!