3 Ways to Make Online Forms GDPR Compliant

Hearing a lot about the General Data Protection Regulation (GDPR) coming out of the European Union? If so, you may be concerned about how your company can prepare for GDPR compliance.

Effective May 25, 2018, the GDPR is intended to crack down on how companies capture and manage people’s data from digital platforms such as websites and social media. It’s setting a new bar in this space because 1) the regulations are the most far reaching to date and 2) large fines can be levied on any company that markets to EU citizens if they do not follow the requirements for GDPR compliance.

Find out more about who needs to follow the GDPR

Whether required to be compliant or not, it’s yet another reminder that businesses will become more accountable around data privacy in the coming years. We are in the age of stolen identities and shady collection practices like the Cambridge Analytica scandal. We’re also in the age of data-driven decision making, where the demand for more data to fuel our marketing and advertising continues to grow.

How well is your company collecting and handling people’s data? If you aren’t sure, the GDPR is your perfect catalyst to find out. Use the GDPR as the push you need to audit what’s happening. By conforming to the GDPR, you signal to your customers that you’re serious about protecting their data. Being serious about protecting their data will increase their trust in your brand.

One area that is ripe for GDPR infringement is the lead capture form on a website. This form could be a “contact us” form, a “join our email list” form or a “request a quote” form. These forms are critical. They drive our CRM databases and content marketing engines. They are conversion points and KPIs in our marketing plans.

To be GDPR compliant, businesses need to think carefully about how they approach online forms. The GDPR may require some changes, but these changes aren’t drastic; they’re just good business practices and good user experience. Let’s look at three specific examples of how to make improvements to an online form for GDPR compliance:

1. Only ask for the information you need. Don’t try to collect information that you may want later, but don’t need or can’t use now. There needs to be a clear reason why the information is required in your form. Keep it short and ask for a limited amount of information. The less intrusive the better. Long forms are intimidating and time consuming. (Personally, if I ever come across a form that requires my phone number, I leave. Shouldn’t my email address be enough?)

2. Provide a clear way to opt-in. Gone are the days of providing a pre-checked opt-in box for the user. The GDPR requires the user to check the box. And there better be a clear description of what they are opting in for. The goal is to create transparency between you and the user’s agreement. You’re creating trust. Use messaging that makes it clear you are not trying to trick them.

“I would like to receive periodic email communications.” = good
“I agree to the terms and conditions.” = bad

3. Link to a privacy policy and a path to be forgotten. Create a privacy policy that clearly states what you do with personal data and indicate how someone can contact you to be removed from your records. The GDPR calls the latter the “right to be forgotten.” This practice will add further legitimacy to your request for the user’s personal information.

The online form is a great starting point, but there are certainly more regulations that comprise the GDPR. For example, some are more behind-the-scenes, such as protecting data once it is collected, but still center around being a good steward of a person’s information.

The GDPR is strict, but in these times it’s a good thing for business and a good thing for digital. It’s only a matter of time before the U.S. follows suit and demands more rights and transparency for its citizens. So, let’s follow the spirit of GDPR compliance to improve the overall user experience of business in digital.