This post is part 2 of a 5-part series on GDPR readiness. In this previous post, I compared GDPR preparedness to a football game and the importance of both a solid offense and defense to win the game. To tackle the processing requirements of GDPR compliance, your defensive strategy involves operational adjustments and a well-documented game plan. Now, it’s time to turn our focus to the offense and strategies to help your marketing practices thrive in a GDPR world.
Many Marketo clients are asking questions about using marketing automation and lead scoring features given GDPR’s strict permission-based requirements to collect and store personal data. My answer is marketing operations and GDPR can coexist, with adjustments to our current methods. I believe GDPR will force us to improve our core marketing skills, and our GDPR playbook should include leveraging the benefits of our offering and easing customer anxiety associated with data collection.
Consent for Data Collection
Scenario: You are offering a free white paper or informational guide and you are collecting the customer’s name, email address, and phone number as a prerequisite to downloading. Behind the scenes, you are appending additional data to the record, including income and location as well as tracking online browsing behavior to score the lead.
Challenge: Under GDPR, brands must now have an individual’s consent before you may track and store personal data. Opt-out or implied consent forms do not comply with GDPR; further, you must also declare how you will use the data and for how long, including if you are appending information or scoring based on it. Therefore, the challenge is being GDPR compliant without introducing too much friction or anxiety with your form.
To implement: On a recent internet search, I found one suggestion to use this copy in your data collection form:
This solution appears to be GDPR compliant and covers your bases…but it is lengthy and may “weigh down” your form and we may have also unnecessarily opened the door on customer anxiety. According to The Chartered Institute of Marketing, (September 2016), 57% of Europeans do not trust brands to use their data responsibly. Highlighting their concern will only increase apprehension. Thus, adding this verbiage to your form could reduce your conversion rate.
“The information set out in this form is registered in an electronic database for the purpose of [commercial prospection, HR…]. This information is intended to be communicated to [internal service of the company, commercial partners…] and retained for [the relationship, xxx months…]. In accordance with the applicable regulation, your rights to access and update your data, withdraw your consent or lodge complaint where applicable can be exercised by following this link [contact of the service, person or authority in charge…]”
Just keep in mind a couple of things with your opt-in checkbox:
- The opt-in checkbox cannot be a required field. Consent is an independent action from the marketing form action. In other words, if the form in question promotes a white paper, the user can download the white paper without opting in to further communication.
Short, sweet, to the point…on with the conversion. And the next example.
Scenario: You are using reverse IP lookup and cookies (AKA Munchkin Code) on your site to identify repeat visitors and customize the user’s experience.
GDPR challenge: You must have consent to track visitor behavior. “By using this site, you agree to cookies” messages implying approval upon closure do not meet GDPR compliance. This is a departure from Do Not Track legislation.
GDPR adjustment: Use a banner across the top of your website notifying first-time users of cookie usage, capturing user consent. Then work with your developer to load Munchkin code with the proper settings.