Does The GDPR Coming For You ?
GDPR covers a small business entrepreneur in Europe region and you should be aware that you are not the GDPR’s main “target”. GDPR is about the processing of people’s private data online. GDPR primarily aims to regulate businesses that do a lot of data processing – and especially businesses that make their money from selling or “exploiting” the data they collect about people.
More Core Companies data harvesting giants like Facebook or Google.
The average entrepreneur and website owner does very little data harvesting or processing. If you have a website with some opt-in forms on it, the EU isn’t coming straight for your regulations.
Can You be punished with Fines?
Many marketers fear massive fines if they don’t get everything on their website 100% compliant by May 25.
According to Elizabeth Dunham, the UK’s Information Commissioner, that’s just “scaremongering”. She further states that “Issuing fines has always been and will continue to be, a last resort.”
If your site is not compliant, fines are not the first thing that happens. There’s no squad of EU goons waiting to kick down your door.
The expected process for non-compliant websites looks like this: the first step would be for your users/visitors to take up the issue with you directly.
For example, a user might ask you (the website owner) to see, change or remove their private data. If you can’t comply with that, the user can escalate this to a complaint, which would lead to a multi-step process by an EU data regulation agency, starting with an “information notice”.
Only if you are still not compliant after having received various notices and warnings will fines come into play.
In short: there’s no reason to believe you’ll face immediate punishment for a missing disclaimer link or a poorly worded checkbox label on your site.
We Still Need to Clear These Obstacles
I hope you now see that these regulations are less threatening than you may have thought. Let’s take a second to breathe a sigh of relief.
Of course, that doesn’t mean we can just ignore the regulations. Even as small business owners with very little data processing, we still have to make sure we’re compliant.
Strangely, I’ve seen that many writers feel obliged to “reframe” GDPR when they write about it and make a statement like: “why GDPR is actually a good thing for marketers!”Apparently, these regulations will help us get higher quality leads or they’ll weed out the bad marketers or something.
What’s conveniently omitted is that GDPR doesn’t do anything for your lead quality that you couldn’t have done before.
Protecting people’s privacy is a laudable, and in my opinion important goal. But let’s not pretend like these regulations make things better for small businesses. They represent extra hoops you must jump through as well as additional time (and possibly money) you have to spend.
What’s worse: if you follow a lot of common advice about GDPR and email marketing, it can harm your conversion rates and your bottom line, all without adding anything of value to your visitors.
Computer Solution Malta, we have a strong focus on conversions, so it’s particularly this last problem I want to help you with. We’ll look at how you can make your opt-in forms and email marketing GDPR compliant without hurting your conversion rates.
How GDPR Affects Email Marketing
GDPR isn’t primarily about email marketing. It’s about how people’s personal data is handled and email marketing contains such data (e.g. someone’s email address). The main rights given to EU citizens under the regulation are as follows:
- The “tell me what’s going to happen” right:the citizen has the right to be told what will happen with personal data before it is submitted, and the data shall only be used if explicit consent is given.
- The “show me my data” right:the citizen has the right to know what data is being collected about them, why it’s being collected and how it’s being used.
- The “I want to change that” right:the citizen has the right to have data modified or updated.
- The “forget about me” right:the citizen has the right to have their private data removed completely.
For email marketing, this translates to:
- Tell visitors what you will do with their email address beforethey sign up.
- Give visitors a view of the data you’ve collected about them (probably only their name and email address).
- Give visitors a way to modify their data (e.g. get the emails sent to a different address) and unsubscribe.
- Remove all data you have about a visitor completely, if they request it.
The Checkbox Myth
How do you make your opt-in forms GDPR compliant?
There is common impression that most of marketers would add check boxes to forms to make process GDPR compatible.
In practice yes possible but GDPR doesn’t mean adding checkboxes. You need the subscriber’s explicit consent to send them emails, but a checkbox is not the only way (and not the best way) to get this consent.
Let’s look at an example of a typical opt-in form, pre-GDPR:
If someone signs up through this form and you then start sending them emails, that’s not GDPR compliant.
Because there was no indication in this form that you’d be sending emails (and visitors can’t consent to something you haven’t told them about). The entire form is about getting a PDF. The visitor who signs up agrees to receiving a PDF, but nothing else.
Here’s how it seems most “how to GDPR” articles suggest improving this form:
Okay, I’m exaggerating. But I’m exaggerating to make a point: adding checkboxes to this form makes it worse.
No one wants to read fine print. Just like we all “read and agree to” the terms and conditions of every software and app we use, people may or may not check these boxes, but they won’t actually read your terms or even pay close attention to what the label of each checkbox implies.
Adding checkboxes makes the opt-in form worse for the user (makes a poor user experience) and it will likely lower your conversion rates. This is still true if we take a more conservative approach like this:
Plus, there’s an extra twist: under GDPR, you are not allowed to disadvantage anyone because they don’t provide consent. That means in a form like this one, you can’t make the checkbox required.
If someone signs up but doesn’t check the box, you have to still give them access to your PDF, but you can’t send them any emails.
For the business owner, there are 2 main problems with this:
- The checkbox label might as well read “please also spam my inbox with annoying promotional messages”.Nobody wants another “newsletter” and even if your newsletter is neither spammy nor annoying, visitors won’t know that before they sign up.
- You have to set up a potentially complicated system that ensures that people who sign up but don’t check the box receive your free PDF but aren’t added to your mailing list. Those who do check the box need to get the PDF andbe added to the mailing list.
How to Fix Your Opt-In Forms give on the Checkboxes
There are two approaches you can use to make your opt-in forms GDPR compliant without adding checkboxes or extra hoops for your visitors to jump through:
- Change the copy in your opt-in forms.
- Change the nature flow of your opt-in offer.
Fix 1: Change the Copy
Here’s what the form could look like, with modified copy:
Here’s exactly what we changed, to make this form GDPR compliant:
- We add “Subscribe to get…”to the title and mention the newsletter in the text. This way, it’s clear that the user is consenting to a newsletter by signing up.
- We are still providing an opt-in offer (or lead magnet) in the form of our free report. However, instead of the free report and the newsletter being totally separate, the “main action” on the form is signing up for the newsletterand getting the PDF is a bonus provided to newsletter subscribers.
- We’ve added a link to our terms in the disclaimer part of the form.
That’s it. This form now acts as explicit consent to receive a newsletter and we’re good to go. No checkboxes needed.
What if you have a form or landing page with a killer headline that you’ve tested and optimized to perfection and you don’t want to mess it up? Here’s another version of the form, with nothing changed in the title:
The key point here is that the offer is framed in such a way that there is no separation between the free PDF and the newsletter. The form clearly states what is to be expected.
Fix 2: Change the Offer
One way in which the GDPR might actually do some good for consumers is that it makes old-school, high pressure sales style email marketing much more difficult.
What I advocate is a way to make your entire email marketing process not only GDPR compliant, but better and more effective in general. We call this approach “Newsletter-as-a-Service”.
To explain how NaaS works, let’s do a quick thought experiment. Think of the difference between TV ads and product placement.
TV ads: you’re watching a movie for entertainment (which is what you want) and you get interrupted by ads (which is what you put up with, if you have to). You see ads for a fancy looking watch and maybe, if you see them often enough, you’ll buy the advertised watch at some point. But you probably won’t, and you’d rather cut the ads out of the movie.
Product placement: you’re watching a James Bond movie for entertainment and James Bond happens to be wearing a stylish watch.
The watch comes with a bunch of gadgets, so it’s shown in close-ups several times and it becomes part of the plot. You end up buying the watch because James Bond is cool as a cucumber and you want to be like him. What’s more, it never feels like an ad and it wouldn’t even occur to you to cut the watch out of the movie.
Newsletter-as-a-Service is taking marketing concept to the next level.
Old vs. New Email Marketing
Let’s contrast NaaS against the old way of email marketing, which is not only unpleasant for your subscribers, but also much more at odds with GDPR.
Here’s the kind of thing I mean:
The Old and Spammy Way
- You have a lead generated offer or you sell something.
- When people sign up or purchase, you send them affiliate offers non-stop until they unsubscribe.
If you’ve bought some rubbish products on Internet marketing forums, you’ve been on the receiving end of this marketing style.
Few marketers stop so low as to follow this old, “hard sell” approach. But if we look at the more common approach these days it’s not great, either:
The Slightly Less Spammy Way
- You have a lead magnet (opt-in offer) to get people onto your mailing list.
- When people sign up, they get your lead magnet and they also start getting emails from you (these may or may not be related to the thing they signed up for).
- Some emails are educational and useful, some are purely promotional.
This approach stems from an attitude that sees subscribers only as potential profit sources. You send useful, informative content to your subscribers only to “keep them warm” for the promotional stuff.
There is a better way to do email marketing and it also happens to be GDPR compliant:
The New Way
- Your emails are never purely promotional or unrelated to the original offer that got people onto your mailing list.
- Your emails, which are educational and useful, link to interesting content and contain secondary promotionsor soft promotions (more about this below).
- All of the content you send to subscribers is your “newsletter service”.
Your subscribers sign up for and subsequently receive this useful and valuable Newsletter-as-a-Service mix of content.
Computer Solution Malta adopted new way of marketing into its valuable clients to gain more and create more effective conclusions.
What Else Do You Need, to Make Your Email Marketing GDPR Compliant?
There are several more regulations that are relevant for email marketing, but you are almost certainly already compliant with those.
Unsubscribe & Modify Links
First, you need to make sure that every email you send contains an unsubscribe link and you should also have a “modify my subscription” type link, where your subscribers can update their data.
This kind of thing:
This is hardly a new practice for email marketers.
Proof of Opt-In
You also need to be able to provide a proof of opt-in or a proof of consent. Basically, if a subscriber claims you started sending them emails out of the blue, you need to be able to prove otherwise.
Your email marketing service may provide such a proof log or, if you use Computer Solution Malta Online Marketing Service, you’ll find email addresses associated with specific opt-in forms in your reporting dashboard.
Your Action Steps
Now that you know what tools you have at your disposal to make your email marketing GDPR compliant, here’s what to do next:
- Take an index of all the opt-in forms and lead generation landing pages on your website.
- For each opt-in offer you have, decide which of the 2 approaches is best. Will you add a checkbox to the forms or change the copy? And to what extent will you change the offer itself?
- Update your opt-in forms and lead generation landing pages to reframe your offer and make sure visitors can clearly anticipate what’s going to happen after they sign up.
- Make sure your emails all contain an unsubscribe link and a “modify my subscription” link.
- Get all this over with, so you can go back to focusing on more important parts of your business.
Finally, consider to what degree you can and want to implement a Newsletter-as-a-Service approach in your email marketing.
Finally, consider to what degree you can and want to implement a Newsletter-as-a-Service approach in your email marketing. Computer Solution Malta Marketing Team always in your assistance to improve your services and online presence.