With a new set of privacy regulations coming to town, it’s now more important than ever to ensure that your entire marketing funnel is compliant. On May 25th, 2018 the EU’s General Data Protection Regulation (GDPR) goes into effect.
The GDPR legislation is a new law that will completely change the existing data protection legislation governing the EU. It will introduce new guidelines for marketers who collect, track or store EU-based customers personal data, although Facebook has updated their terms and conditions, which is worldwide!
The most important thing to note about the GDPR is that no matter where you’re located, if your business deals with people within the EU, then your data collection must be GDPR compliant, and there are BIG FINES if it isn’t. You can face fines up to 4% of your annual global turnover, or 20 million euros (whichever is greater) if you don’t comply with the code.
So, what do you need to change? These are a few common things that you might be doing that will not comply with GDPR
-
Bundling
You must make all requests for data clear and separate from other terms. Giving consent to data must be an independent decision and bundling consent to personal data with another offer is not allowed.
The most common use of bundling is by using a single checkbox for data consent and your terms of service…it’s a no-no from now on. The below form is not GDPR compliant and would need to be separated into two boxes, one for data consent and another for terms of use.
-
Non-specific opt-ins
If you’re going to be contacting consumers by phone or email, then it needs to be clear. When you’re collecting data, the consumer needs to know why it’s being collected. The best way to clear yourself of any wrongdoing, in this case, is to give the consumer options to consent separately for different forms of communication.
-
Pre-checked boxes
These can also be considered as “Negative opt-ins” and will not be allowed. Your checkboxes need to remain blank and be actively clicked by users, instead of being pre-checked and having your consumer uncheck them. Pre-checked checkboxes are not a valid form of consent.
Alternatively, you can set up a binary choice, where each option is equal, like this one below.
-
Not having your privacy policy easily accessible
Consumers have the right to know where and how their data will be stored and used, which is why your privacy policy must be easily accessible. If you are collecting someone’s data, you need to tell them why. If you’re collecting data to send your customer discount codes on items, then the “to send you discount codes” part needs to be visible in your policy and will act as a bonus if you include it in your signup form as well.
-
Not deleting information when asked.
We get it, sometimes you forget to take someone off your database, or your mailing list has an error and doesn’t unsubscribe someone. This will now be more costly than ever. If at any point in time a customer or lead asks for their data to be removed from your database, then the GDPR requires you to do so without “undue delay”
The good news is, you might not have to change your forms! If your form is used for something anonymous like a survey and you don’t require personal information, or you are moving prospects to somewhere else on your site without storing responses then you’re in the clear! But, if you do collect any personal data (this means names, email, location, address etc.) then you need to collect consent in a way that complies with GDPR.
The GDPR states “Request the explicit consent of every user before any data collection takes place. Requests must be in clear, plain, easily understandable language free of legalese. It also must stand alone from other matters or requests and not be buried in other text.” It also discourages you from collecting or storing data that is unnecessary.
If it doesn’t serve the user, it shouldn’t be sitting in your database. If your website users are from the EU then they need to explicitly click on something approving their data to be stored. This could require you to set up another buffer page, before your landing page, to ensure that these residents have approved to be pixeled.
In Summary, your forms and landing pages should be kept short, clear and transparent and your privacy policy should explain exactly why you are collecting data, how you will store it and what you will use it for. Even though the GDPR is ONLY for EU visitors to your page, platforms like Facebook have updated their Terms of Service which is worldwide.
The new GDPR might mean that you need to spend a bit of time ensuring that your forms and landing pages comply, but in the end, it can actually be good for your conversions and for your overall marketing strategy.