How to Make Your Forms GDPR Compliant (Without Tanking Your Conversion Rates)

20th May 2020 – How to Make Your Forms GDPR Compliant (Without Tanking Your Conversion Rates)
Negative opt-ins
GDPR says…
“Request the explicit consent of every user before any data collection takes place. Requests must be in clear, plain, easily understandable language free of legalese. It also must stand alone from other matters or requests and not be buried in other text.”
The best possible form is:
The GDPR says:
Today, we’re talking about forms.

I’m not sure what GDPR is.

So basically: if it doesn’t serve the user, it shouldn’t be sitting in your database.

But I’m an anarchist/not European/unafraid of fines/skeptical/lazy/etc…

Privacy policy you say? Having those accessible is a must.

  1. They’ve increased its legislative scope. So even if you’re not an EU citizen, and your business isn’t based in the EU, and you’ve never set your feet or IP address in Europe in your life…the second you collect the data from one EU citizen, your actions with their data, have to be up to code.
  2. Not complying with the law = big $$$ fines. We’re talking up to 4% of your annual global turnover, or 20 million euros—depending on which is greater.

Your “By checking this box, I want to receive emails” disclaimers have to remain blank, and be actively “checked” by users.

I get it, but why do I have to change my forms?

So keeping the data you collect to a minimum, and keeping that data easy to access, is essential.
But in the end, the way GDPR mandates you ask for consent—can be a very good thing for your conversions, for the credibility of your organization, and for your marketing strategy moving forward.

  1. Something anonymous—like a quiz or survey—that doesn’t require personal information


  1. Moving prospects to the somewhere else on your site, without STORING their responses.

Because it turns out—if you wrote a decent landing page—no one was expecting you to spam.
This one’s pretty easy to get your head around.
CRO experts say….

Right now, GDPR might look like a headache. It’s going to take some time: to inventory your data, figure out how you’re collecting it, and making sure that you comply—every step of the way.
Well good for you. You’re building a list that loves you, then. One that’ll keep your open rates high, and your “report to spam” rates low (assuming, that you don’t, you know, spam them).
GDPR also requires that any data subject can request access to the data you have on file for them—and that they can request that you purge or modify all that data, at any point.
State what you’re going to be using their data for, and how you’re going to select it. Phrase it as an “I agree” statement—and add that easy-to-check box. As long as that consent language digestible, and sounds like an attempt at transparency—you’ll make GDPR, and your users, happy.
So at Convert, we’re breaking the regulation down—piece by piece—so you can keep track of how to comply throughout your entire marketing funnel.
Remember that binary consent option we talked about earlier.
Or, you can set up a binary choice, in which both options have equal prominence, like the one below.
Ensuring that people consent actively—to handing over your email, and receiving your promotional messages—should be a good thing for your long run.

So tell me the bad news. What do I have to change?

Need a company size to better tailor your software offers to your prospects? Telling them that as they sign up, is a win for legal transparency, and potentially, your conversion rate.
Here’s some of the ways adhering to CRO best practices, can help you stay GDPR compliant.

1. Bundling

And if you really want to qualify your prospects, presenting them with the choice to do otherwise—to opt-out of your updates, or to sign up for the updates most relevant to them—should go a long way to ensuring that your emails aren’t falling on uninterested ears.
There. Now you remember.
But if you collect any personal data from your users, and store it—you’ve got to collect consent in a way that complies with new laws.

Reduce your form fields? An A+ idea. GDPR discourages data processors from collecting any information that is unnecessary.

The key is: ask yourself when you collect user data “what am I using this for?”

2. Negative opt-ins

One way to do this was to ask more questions. The kind that qualify your prospects, help you lead score, and test the motivation of your form-fill-outers.
Are you going to be contacting consumers by text, and phone, and email? Then that needs to be clear.
Ask if you can have and use your visitors data before you collect it. And don’t muck up your wording or be a jerk about how you make that ask.

There’s a new set of privacy regulations in town. It’s called the GDPR. And if you’re like a terrifying amount of marketers, you might not quite be ready for it.

3. Non-granular opt-ins

Pre-checked boxes? No more.
Who do you think wants to hear from you more? The user who forgot to uncheck a box? Or the one who checked “content me!”—even when they didn’t have to.

And opt for a link (to a pop up—not to leave the page) for your privacy policy—over the blind assurances that you “won’t spam.”

In a gist, it’s a huge undertaking of a law that’s overhauling the existing data protection legislation governing the EU. Its goal is to standardize data privacy legislation throughout Europe—and it’s raising the bar for how marketers collect and store data from their users.
Trump’s press conference today (everyone, until May 18th, when GDPR swoops into effect).
GDPR says…

Now, I could use some good news. Hit me with that silver lining.

Now have the legal right to transparency—to know how and where their collected data will be stored, and what it’ll be used for.
Here are a few common things that you may be doing on your forms, which makes GDPR say “not so fast”:
The key here, really, is just to stay clear and concise.
First, a quick overview.

Form length…

CRO experts say….
CRO experts say….
CRO experts say….
Non-granular opt-ins
We’ve all heard the big best practice on forms: ditch the fields you don’t need. Make the fields you do need as easy to fill out as possible. You’ll see a conversion rate uptick—heck, maybe one as high as 160%.
If not—your consent-collecting process needs some work.

Basically—no matter where you’re from, if your business interacts with the EU, your data collection should be GDPR compliant.

 lumping data consent with something benign and mandatory—like your terms of service
And, it just so happens, that users like to hand their data over to companies they feel are transparent, private, and committed to keeping their data secure.
GDPR says…

To sum it up:

If you’re asking for consent to store and use someone’s data—you have to make that request clear, and independent of other terms. So consent isn’t a precondition to sign up for a service—giving it has to be an independent decision for your users.
If you’re looking to email your subscribers information on how to grow their ecommerce business, you probably don’t need to know their age. Or their fax number. Or any other number of non-related pieces of data that it may seem “useful” to collect.

Privacy Vendor List
Privacy Vendor List

Posted by Contributor