The GDPR went into effect in May 2018…but has your tech company gone back and audited your marketing compliance since then? If not, here are five of our favorite (and actually pretty easy!) ways to up your legal compliance game online.

1. Amend stale cookie notices

First things first, do you have a cookie 🍪 notice in place on your website? (If so, you’re in good company…58% of the tech companies who answered our recent survey say they do, too!) But did you know that just alerting people to the fact that you’re using cookies isn't actually fully compliant?

If you want to align with the GDPR, you must 1) notify your visitors in PLAIN LANGUAGE that your website uses cookies for certain purposes and 2) provide them with a way to explicitly consent to being tracked by cookies.

HubSpot offers a ton of different ways to configure your cookie policy banner so that you can customize it for different domains and URLs. It also gives you the option to display the different cookie categories you use on your site and allows visitors to activate or deactivate cookies for each category. For example, did you know that you can separate out necessary cookies, analytics cookies, functionality cookies and advertisement cookies? How cool!

PS: Don’t forget to make sure that you include cookie banners in every language your customers may speak. (e.g., include French for businesses with customers in Canada.)

2. Ask for consent to store/process data

Most tech companies are using some sort of disclaimer under their website forms that alerts users to the fact that they’re signing up for future marketing messages—but did you know that technically you’re also supposed to get permission to store/process their information in your CRM?

If that’s news to you, you’re not alone. While 93% of companies we surveyed do indeed collect “consent to communicate” from users who submit a form, only one company also said that it is explicitly collecting “consent to process data.”

Though you’re probably not keen on adding even MORE disclaimer language under forms, it’s technically the most compliant way to do things.

3. Switch from implied consent to explicit consent

Is your tech company using checkboxes to collect consent on website forms? If not, it’s time to upgrade from implied to explicit consent.

Implied consent

You receive implied consent when a contact provides you with their email address as part of your normal business relationship, but they DON’T explicitly permit you to do anything with that data…probably because you didn’t give them that option on the form!

Providing a disclaimer under forms letting visitors know that by submitting their information, they are consenting to the storing and processing of their personal data (say that five times fast 😮) is a good first step. But, it’s still considered implied consent because there’s no checkbox to opt-in/out.

Explicit consent

You receive explicit consent, on the other hand, when a contact gives you their express permission to store/process their personal information. To receive this level of consent, you need to include an opt-in checkbox under forms…ideally one that’s NOT pre-checked by default.

4. Dump pre-checked consent boxes

The most compliant way to collect consent is with opt-in checkboxes that are not pre-checked. Why? When you use unchecked boxes, your visitors have to intentionally click to consent to you processing their data and communicating with them.

This subtle distinction allows visitors to actively give their permission, rather than passively offer it by clicking “submit” after scanning a notice populated with one or more pre-checked boxes.

Removing pre-checked boxes may seem counterproductive—you don’t want to lose out on easy additions to your CRM—but the truth is that no one wants to hear from a company that banks on securing consent by being unclear. 

Get rid of your pre-checked boxes and you can be sure that all of your leads actually want to hear from you!

5. Update your privacy policy

Be honest…when you launched your last website redesign, did you Google “privacy policy examples” and copy/paste one of the default notices you found? If so, perhaps it’s time for an upgrade!

A good privacy policy includes information that your visitors want and have a
right to know, like:

  • How long do you plan on storing someone’s data (i.e., Do you promise to delete it after 90 days, or do you plan on keeping it forever?)
  • The physical data center where you’re storing their information
  • Who has access to their data
  • An outline of the security measures you or your vendors employ to protect customer data
  • How customers can request access to their data
  • Contact information for additional questions they may have

Also, it’s not a bad idea to provide an opt-out notice for users who don’t agree with your privacy policy.

DISCLAIMER: We’re pretty smart tech marketers, but definitely not lawyers…the legal information in this blog is not intended to be taken as legal advice. You may neither rely on this document as legal advice nor as a recommendation of any legal understanding. In other words, check with your legal counsel.


Interested in even more legal compliance stats and strategies? Download our free “Marketing Legal Compliance in the Real World" report to see how your compliance tactics stack up against other tech and software companies.

Download "Marketing Legal Compliance in the Real World"