How Does GDPR Affect My Website Forms & Marketing?
Jun 1, 2018 | By: Holly H
Last week, new European privacy laws went into effect that change how certain businesses get, keep and manage their client data.
If you’re impacted by the GDPR (General Data Protection Regulation), you may be wondering how these new standards could change your marketing strategy. In a nutshell, GDPR does 4 main things:
Sets new standards for how TRANSPARENT you are about what happens to customers’ personal data.
Demands that you get explicit, active CONSENT from customers who receive marketing messages from you.
Provides ACCESS for customers who want to know what data you have on them and delete that data if they request it; and
Beefs up SECURITY around how your data is stored and maintained.
For forms that collect personally identifying information (names, email addresses, physical addresses, phone numbers, etc), you may need to do the following to ensure that customers know what they’re signing up for and give you consent to contact them.
Some things to know before you start:
Only forms that collect personally identifying information are affected.
GDPR applies to businesses that are in the EU or have EU customers. (Meaning, if you’re a newborn photographer in Illinois, you can probably skip this stuff.)
Just putting checkboxes on your forms doesn’t mean you’re automatically GDPR compliant. It’s an important step in the process, but you still have to be careful who you send emails to and how you manage customer data.
We are not lawyers! This is not legal advice! If you have questions about how your specific business needs to implement GDPR, please seek advice from a legal expert.
GETTING INFORMED CONSENT WITH FORMS
Under GDPR, you need to explain why you’re collecting a user’s information and get their explicit consent to contact them. We’re talking about clear, enthusiastic, and active consent if you’re going to send things like newsletters, coupons, or partner offers.
Here’s what I mean:
In the past, you could get by with wishy-washy implied consent, where, sure, someone signed up to get coupons or your newsletter... but you’re totally just gonna send them whatever you want, whenever you feel like it. And hey, they can unsubscribe if they hate it.
Nope. Not OK anymore.
To get active, informed consent, it’s easiest to have customers click a checkbox on your form that says something to the tune of, “YES, SEND ME STUFF!”
Things that are NOT active consent:
Having a statement on the form like, “By submitting this, you can send me whatever you want” with NO button to tick.
Having a pre-ticked button saying “Yes, send me stuff.”
Having a button to tick if they DON’T want to receive marketing messages.
Moral of the story: if you’re getting a customer’s email so you can send marketing emails to them, you need to have them tick a box on that form agreeing to receive your stuff. Don’t wiggle out of it, don’t throw sand. Just be simple, plain and clear about what you’re collecting and why.
Examples of informed consent messages:
I agree to have this website store my name and email so they can respond to my inquiry.
Yes! Send me weekly updates to my email address.
I want to receive emails and offers from (this company) and their partner companies.
And so on.
(It'll look something like this)
You can write your own consent messages so they clearly explain why you need a user’s information, and what they’ll get.
Keep an eye on the blog for news on when that’s released. You can alsosubscribe for updates to get that info in your email when it happens!
WHAT ABOUT MY CURRENT CONTACTS?
Everyone on your list in the EU who signed up before GDPR will need to give you consent before you can contact them for marketing purposes.
It’s a bummer, but it’s not a hard problem to fix. Send these contacts a quick email saying that you’re complying with this hot new GDPR deal, they need to tell you “YES!” if they want to keep getting your emails. Link them to a simple form where they can sign up again and click that “YES!” checkbox.
If you’re afraid this will hurt your conversion rates or list size, take heart. GDPR is aimed at making marketing better for consumers and actually for marketers, too.
Think about it: you’re making sure that the people you’re marketing to really want to be there. By cutting out the dead weight, your conversion rates will be better, data management will be simpler, and marketing will be more efficient in the long run.
CUSTOMER ACCESS, MANAGEMENT & DELETION
GDPR also says that if someone contacts you asking to see what data you have on them, you need to be able to provide this information in a timely manner.
Gathering this info is really easy with the PhotoBiz CRM. When you look up a customer in your database, you can click in to see all of the personal data you have on them. This makes it easy to provide this information to curious clients.
From here, you can add or remove tags to keep your marketing lists organized. You can even have a custom “do not contact” tag for particular clients that you can exclude from campaigns. And if a client asks you to delete their data entirely, simply hit “delete” and they will be purged entirely from your database.
PERSONAL & CROSS-DEVICE SECURITY
Your PhotoBiz website lives on secure servers that are protected from intrusion by best-in-the-world security. However, there are still things you need to consider about your data management strategy to help you comply with GDPR policies.
For example, when someone submits a form, you get an email notification. If you ever lose your phone or if your email account is compromised, client information might fall into the wrong hands. To keep your data safe from prying eyes, consider using a strong, unique password for both your email and your PhotoBiz account. To be super safe, maybe delete notifications after you receive them, or keep them in a secure folder. Either way, planning for and preventing situations where data could be compromised is an important part of bringing your business into compliance with GDPR guidelines.
Easy enough, right? If your business falls under the new GDPR guidelines, make sure you :