20th May 2020 –
“Request the explicit consent of every user before any data collection takes place. Requests must be in clear, plain, easily understandable language free of legalese. It also must stand alone from other matters or requests and not be buried in other text.”
The best possible form is:
The GDPR says:
Today, we’re talking about forms.
I’m not sure what GDPR is.
So basically: if it doesn’t serve the user, it shouldn’t be sitting in your database.
But I’m an anarchist/not European/unafraid of fines/skeptical/lazy/etc…
- They’ve increased its legislative scope. So even if you’re not an EU citizen, and your business isn’t based in the EU, and you’ve never set your feet or IP address in Europe in your life…the second you collect the data from one EU citizen, your actions with their data, have to be up to code.
- Not complying with the law = big $$$ fines. We’re talking up to 4% of your annual global turnover, or 20 million euros—depending on which is greater.
Your “By checking this box, I want to receive emails” disclaimers have to remain blank, and be actively “checked” by users.
I get it, but why do I have to change my forms?
So keeping the data you collect to a minimum, and keeping that data easy to access, is essential.
But in the end, the way GDPR mandates you ask for consent—can be a very good thing for your conversions, for the credibility of your organization, and for your marketing strategy moving forward.
- Something anonymous—like a quiz or survey—that doesn’t require personal information
- Moving prospects to the somewhere else on your site, without STORING their responses.
Because it turns out—if you wrote a decent landing page—no one was expecting you to spam.
This one’s pretty easy to get your head around.
CRO experts say….
What do you mean “ask for consent?”
Right now, GDPR might look like a headache. It’s going to take some time: to inventory your data, figure out how you’re collecting it, and making sure that you comply—every step of the way.
Well good for you. You’re building a list that loves you, then. One that’ll keep your open rates high, and your “report to spam” rates low (assuming, that you don’t, you know, spam them).
GDPR also requires that any data subject can request access to the data you have on file for them—and that they can request that you purge or modify all that data, at any point.
State what you’re going to be using their data for, and how you’re going to select it. Phrase it as an “I agree” statement—and add that easy-to-check box. As long as that consent language digestible, and sounds like an attempt at transparency—you’ll make GDPR, and your users, happy.
So at Convert, we’re breaking the regulation down—piece by piece—so you can keep track of how to comply throughout your entire marketing funnel.
Remember that binary consent option we talked about earlier.
Or, you can set up a binary choice, in which both options have equal prominence, like the one below.
Ensuring that people consent actively—to handing over your email, and receiving your promotional messages—should be a good thing for your long run.
So tell me the bad news. What do I have to change?
Need a company size to better tailor your software offers to your prospects? Telling them that as they sign up, is a win for legal transparency, and potentially, your conversion rate.
Here’s some of the ways adhering to CRO best practices, can help you stay GDPR compliant.
And if you really want to qualify your prospects, presenting them with the choice to do otherwise—to opt-out of your updates, or to sign up for the updates most relevant to them—should go a long way to ensuring that your emails aren’t falling on uninterested ears.
There. Now you remember.
But if you collect any personal data from your users, and store it—you’ve got to collect consent in a way that complies with new laws.
The key is: ask yourself when you collect user data “what am I using this for?”
2. Negative opt-ins
One way to do this was to ask more questions. The kind that qualify your prospects, help you lead score, and test the motivation of your form-fill-outers.
Are you going to be contacting consumers by text, and phone, and email? Then that needs to be clear.
Ask if you can have and use your visitors data before you collect it. And don’t muck up your wording or be a jerk about how you make that ask.
3. Non-granular opt-ins
Pre-checked boxes? No more.
Who do you think wants to hear from you more? The user who forgot to uncheck a box? Or the one who checked “content me!”—even when they didn’t have to.
In a gist, it’s a huge undertaking of a law that’s overhauling the existing data protection legislation governing the EU. Its goal is to standardize data privacy legislation throughout Europe—and it’s raising the bar for how marketers collect and store data from their users.
Trump’s press conference today (everyone, until May 18th, when GDPR swoops into effect).
Now, I could use some good news. Hit me with that silver lining.
Now have the legal right to transparency—to know how and where their collected data will be stored, and what it’ll be used for.
Here are a few common things that you may be doing on your forms, which makes GDPR say “not so fast”:
The key here, really, is just to stay clear and concise.
First, a quick overview.
CRO experts say….
CRO experts say….
CRO experts say….
We’ve all heard the big best practice on forms: ditch the fields you don’t need. Make the fields you do need as easy to fill out as possible. You’ll see a conversion rate uptick—heck, maybe one as high as 160%.
If not—your consent-collecting process needs some work.
And, it just so happens, that users like to hand their data over to companies they feel are transparent, private, and committed to keeping their data secure.
To sum it up:
If you’re asking for consent to store and use someone’s data—you have to make that request clear, and independent of other terms. So consent isn’t a precondition to sign up for a service—giving it has to be an independent decision for your users.
If you’re looking to email your subscribers information on how to grow their ecommerce business, you probably don’t need to know their age. Or their fax number. Or any other number of non-related pieces of data that it may seem “useful” to collect.