How the GDPR will impact website lead generation (and how to become GDPR-compliant)
The new European General Data Protection Regulation, or GDPR for short, is set to take effect on May 25, 2018.
Since it impacts the way that businesses (and especially marketers) will be able to collect and store users’ personal data, it is becoming a point of increasing frustration and confusion.
Many marketers and online business owners are naturally asking questions about their abilities to generate leads for their businesses.
Today, we’ll look at how the GDPR will impact lead generation, and how your online store can get prepared.
What is the new GDPR about?
In its most simplest terms, the GDPR is a way for European citizens and residents to have greater say about what personal data companies can use and how they can use it.
The new law revolves around 3 principles when it comes to European users’ personal data:
- informed and active consent: users must provide informed consent for each marketing activity you intend to use their personal data
- adequate data protection: data must have a good level of encryption and security
- timely responses to requests: you must respond in a timely manner to user requests to view, correct, restrict or delete their personal data
The GDPR is coming into effect in order to make the processing of personal data uniform across the EU and provide greater protections and access, which seems to be lacking at the moment.
For example, according to TRUSTe/NCSA’s 2016 Consumer Privacy Study, 92% of ecommerce customers are concerned about data security and privacy.
More than that, the State of European Privacy Report undertaken by Symantec showed that 90% of business think it’s too difficult to delete customer data, and even 60% don’t have any systems in place to help users who want their data deleted.
Although all aspects of the GDPR are important for businesses, for lead generation, informed consent needs to be looked at more closely.
Informed and active consent
Users must give explicit, active, informed consent to be included in your lead generation efforts.
This means that if you want to send email campaigns to leads, you’ll need specific consent for that. But you will also need separate consent for retargeting ads, text messages, push notifications and more. Each new marketing channel must be agreed to separately.
If there is no proof of consent for each marketing channel, then you are not GDPR-compliant and you can face potentially hefty fines.
How your lead generation can become GDPR-compliant
There are a few important ways that your lead generation procedures can become GDPR-compliant.
1. Get informed and active consent
When you’re seeking consent from EU leads, you will need to make sure you are playing by the rules. That means first of all that if you have any consent boxes that are checked by default, you’ll have to stop doing that.
They must be unchecked by default so that the user is freely giving consent.
You also need to include as many separate check boxes as you’ll find necessary for your marketing purposes. Each check box should have a clear sentence or two that explains what the specific marketing activity is about.
An example could be:
“By entering my email address, I agree to receive regular educational and promotional updates.”
You can make it sound more on-brand, but the gist of it is there.
You’ll need to put it in clear, unambiguous language how you collect, store and process users’ personal data.
Obviously, there isn’t enough space in your signup forms to explain each marketing activity in detail, which is why you should explain it in your legal documents.
Simply go over (in plain English) what you collect, how you collect it, why you collect it, and what you are going to be using it for. Link to that document or those parts whenever explanations are necessary.
That way, you can show that adequate information was given on your part in order for the user to give informed consent.
3. Get “re-consent”
One more difficult part of the GDPR is that you’ll need to get what’s now being called “re-permission” or “re-consent” from current users.
That’s because the GDPR affects users before and after GDPR, which means you’ll have to show proof of consent for earlier users you have in your database.
For this reason, many businesses are already sending out emails to their current subscribers in order to get consent by the time the GDPR kicks in.
Here’s an example from Litmus:
4. Grey zone: lead magnets
There is an important grey zone when it comes to lead generation: what about lead magnets?
An (untested) interpretation of the GDPR states that email consent should be separate. If you’re offering an ebook in exchange for an email address, the user must have the option to give or not give their email address for further marketing communications.
If they the lead magnet without subscribing, you should allow for that.
Combined with the unchecked-by-default consent, this means that your lead magnets will produce fewer leads.
This is something to watch out for when the GDPR goes into effect in May.
Why the GDPR is actually a good thing
After all that doom and gloom, there is actually a bright side to the GDPR.
As the studies mentioned above indicate, there seems to be quite a strong disconnect between customers and businesses. Customers simply have a lack of trust of businesses when it comes to their personal data.
With the new regulation, trust will be restored between the two sides, and more trust is always a good thing.
Secondly: what good is a lead who doesn’t want to actually hear from you? That’s one thing that the GDPR will solve, seeing as only those people who want to hear from you will consent.
This is like cleaning up your subscribers list, since you’ll be left with recipients who want to hear from you and are more willing to buy your products and services.
There certainly is a lot of work to be done to prepare for the GDPR, but once it goes into effect, conversion rates and trust between both sides should increase.