GDPR (General Data Protection Regulation) is currently on many digital marketers minds. Although compliance is already law you still have until 25th May 2018 before you need to be fully compliant. It represents the most significant change to online privacy laws since perhaps the “cookie law” in 2011 or the UKs own data protection act of 1998. Its objective is to shore up individual data privacy within the EU with advancements in technology and cloud based data storage.
All companies processing personal data relating to citizens of EU member states will need to comply. Fines are hefty. 4% of Annual global turnover (Eeek!) or £20 million whichever is the greater (Ouch!). The EU clearly has an appetite to challenge the likes of Google and Facebook. GDPRs introduction should therefore be taken seriously.
GDPR’s scope extends to all personal data, be it HR records, email opt ins etc on its citizens rather than where the business itself operates. If you were thinking Brexit might give you a pass – think again. The UK is expected to adopt or comply regardless of the outcome of the negotiations.
If you’re a UK company and sell even a teapot to a German or Dutch citizen then you will find yourself subject to its governance (and potentially the repercussions for non-compliance).
What are the considerations?
Each business will need to manage this differently but essentially, from a marketers perspective, you will need to provide consent or a clear “affirmative action” to record personal information. In simple terms, visitors need to “Opt in”, rather than the common strategy of “Opting out”. In addition the wording needs to be concise and transparent.
Additionally, consent from children is also changing. For children 13 years or younger, parental or guardian consent is now insisted on.
Finally consent and how it was obtained now needs to be recorded as marketers will on request need to be able to
- Confirm the personal data being held for an individual.
- Be able to delete the data on the concept of the “right to be forgotten”.
How can I measure the impact of GDPR?
There will be some anxiety about the bearing on collection rates for list generation and it’s therefore worth establishing this in advance of the enforced regulations.
Just bear in mind that the sooner you start the better, as after May 2018 the regulation comes into force and it will not be possible to test alternatives against non-compliant versions without being exposed to hefty penalties.
Test 1: Preselected vs Unselected vs Forced Choice
Preselecting checkboxes to opt-in to marketing preferences is common on a number of sites. A simple test to confirm this would be to test the impact of a compliant vs non-compliant version.
Control (Not GDPR compliant)
Experiment 2 (GDPR Compliant)
Taking this forward, making the decision less passive with a forced choice is also an alternative worth consideration.
Experiment 3 (GDPR Compliant – Forced Choice)
Beyond GDPR – Optimizing your Opt in’s
Following the regulation, visitors will have to make a conscious decision on whether to opt in. Critical to performance will be:
- Reducing visitor anxiety
- Communicating benefits to the visitor.
Depending on your traffic and conversion rates, it may be worth exploring either in advance of the regulation.
Bundled Options vs Unbundled
Visitors may object to one element of the opt-in (e.g to be contacted by phone) but could be more likely to opt-in to the others. Bundling Opt-ins provide a benefit in that only one action is required but can limit visitor control. The following from AgeUK’s Donation Page is GDPR compliant as the options to be contacted are an “opt-in” but potentially you could have a test for this donation page – for example:
Control (GDPR compliant)
Test (Not GDPR compliant)
Communicating how information will be used or shared.
The following example from Channel 4 shows how you can perhaps lessen the impact by embracing the regulation whilst clearly displaying why and how information is being collected. Using a short video featuring Alan Carr, Channel 4’s “Viewers promise” is an effective method to addressing concerns.
Communicating benefits to the visitor.
Groupon incentivise the opt in with clear benefits to the visitor, in terms of what they might save, an introductory discount code and personalising the content further with a reference to the location. In addition there is a message that visitors can “change … email preferences at any time”
Channel 4 have turned this idea on its head by using a loss aversion technique, enticing the user to sign up and avoid “FOMO”, shorthand for the Fear of missing out.
It’s clear that the impact of GDPR compliance will have an effect but there’s still time to get some form optimisation tests done before the 25th May. Unfortunately, it’s something you just can’t ignore.
Take a look at our whitepaper – The Marketers Guide to GDPR