General Data Protection Regulation (GDPR) will bring about one of the biggest changes to data security in decades. Getting in line with GDPR is a lengthy process for any company, especially ones with a web presence.
What is GDPR?
GDPR is a law being put into place in the EU, May 25, 2018. The goal of GDPR is to protect individuals’ personal information (by requiring higher data security measures) and to increase the rights of users.
4 new rights for users under GDPR:
(The final imposes changes to your company’s website.)
If there is a breach or unauthorized access of personal data, the user must be informed within 72 hours.
- The right to access information
Users have the right to view what personal information your company has about them. Their data must be kept accessible to do that.
- The right to be forgotten
If users have given information to your company, they have the right to withdraw their consent, and the data must be deleted upon request.
Anytime web-users’ data is taken or stored through a webform or other means, the user must be clearly informed and then give active consent.
5 steps to preparing your forms for GDPR consent
Consent added to your webforms, must meet new specific requirements. Here’s what you need to know:
- Consent must be informed.
The user must be informed exactly who will have access to their information (the name of your company or any third parties), why you need that information, and what you will do with their information.
- Consent must be specific and clear.
Including consent in the terms and conditions no longer meets the regulations. It must be separate, clear, and concise, so it can be easily understood by the user.
- Consent must be freely given.
Consent can no longer be passive, included in default settings, or pre-ticked in boxes. The user must actively check their permission for you to store and use their personal information.
- Consent must be granular.
Different pieces of user information are often used for different purposes or given to different parties. Each difference must be consented to individually through separate check boxes.
- Consent must be easy to withdraw.
Under DGPR, users have the right to view or delete their data at any time. Companies should inform the users that this is the case.
These are some good examples of consent:
Lancome:
The Guardian:
Why GDPR is important for your company?
The EU is not joking around about this one. It is crucial that your forms meet GDPR requirements.
Companies that do not abide by the regulations could face fines up to 20 million euros or 4% of annual turnover, whichever is greater. All this is usually topped with newspaper headlines and a bad reputation.
If your site has many pages and forms, it is essential that you devote a team to verifying that each form has been properly changed to meet the GDPR requirements, or you can hire a team of experts to do it for you.
How will GDPR affect marketing and the user experience?
The end goal for you, as a company, is still to receive as much information as possible while staying in line with GDPR.
Yes, from a marketing perspective, you are more restricted from taking information as easily and as freely as before.
However, protection and consent are very important to the user, so implementing these rules can actually lead to a positive, trusting experience for the user.
… that is, if and only if, the user is not agitated by any forms not working correctly. As you make many changes to your webforms, it is easy for human error to occur which result in glitches in your forms.
Anything that prevents the user from easily flowing through your forms, ends up pushing them away. It is advised that you devote time, or hire a team of experts, to test each newly edited form. This will ensure that your forms run smoothly for the user and that your acquisition will not be affected by GDPR.
At StarDust, it's our job to detect those kind of bugs. Contact us to know more.
Best of luck, getting those forms rolling and the consent flowing!