The GDPR went into effect in May 2018…but has your tech company gone back and audited your marketing compliance since then? If not, here are five of our favorite (and actually pretty easy!) ways to up your legal compliance game online.
1. Amend stale cookie notices
First things first, do you have a cookie 🍪 notice in place on your website? (If so, you’re in good company…58% of the tech companies who answered our recent survey say they do, too!) But did you know that just alerting people to the fact that you’re using cookies isn't actually fully compliant?
PS: Don’t forget to make sure that you include cookie banners in every language your customers may speak. (e.g., include French for businesses with customers in Canada.)
2. Ask for consent to store/process data
Most tech companies are using some sort of disclaimer under their website forms that alerts users to the fact that they’re signing up for future marketing messages—but did you know that technically you’re also supposed to get permission to store/process their information in your CRM?
If that’s news to you, you’re not alone. While 93% of companies we surveyed do indeed collect “consent to communicate” from users who submit a form, only one company also said that it is explicitly collecting “consent to process data.”
Though you’re probably not keen on adding even MORE disclaimer language under forms, it’s technically the most compliant way to do things.
3. Switch from implied consent to explicit consent
Is your tech company using checkboxes to collect consent on website forms? If not, it’s time to upgrade from implied to explicit consent.
You receive implied consent when a contact provides you with their email address as part of your normal business relationship, but they DON’T explicitly permit you to do anything with that data…probably because you didn’t give them that option on the form!
Providing a disclaimer under forms letting visitors know that by submitting their information, they are consenting to the storing and processing of their personal data (say that five times fast 😮) is a good first step. But, it’s still considered implied consent because there’s no checkbox to opt-in/out.
You receive explicit consent, on the other hand, when a contact gives you their express permission to store/process their personal information. To receive this level of consent, you need to include an opt-in checkbox under forms…ideally one that’s NOT pre-checked by default.
4. Dump pre-checked consent boxes
The most compliant way to collect consent is with opt-in checkboxes that are not pre-checked. Why? When you use unchecked boxes, your visitors have to intentionally click to consent to you processing their data and communicating with them.
This subtle distinction allows visitors to actively give their permission, rather than passively offer it by clicking “submit” after scanning a notice populated with one or more pre-checked boxes.
Removing pre-checked boxes may seem counterproductive—you don’t want to lose out on easy additions to your CRM—but the truth is that no one wants to hear from a company that banks on securing consent by being unclear.
Get rid of your pre-checked boxes and you can be sure that all of your leads actually want to hear from you!
- How long do you plan on storing someone’s data (i.e., Do you promise to delete it after 90 days, or do you plan on keeping it forever?)
- The physical data center where you’re storing their information
- Who has access to their data
- An outline of the security measures you or your vendors employ to protect customer data
- How customers can request access to their data
- Contact information for additional questions they may have
DISCLAIMER: We’re pretty smart tech marketers, but definitely not lawyers…the legal information in this blog is not intended to be taken as legal advice. You may neither rely on this document as legal advice nor as a recommendation of any legal understanding. In other words, check with your legal counsel.