You might have heard about the General Data Protection Regulation (GDPR). In May 2018, all businesses that traded with or collected visitor data of European Union data subjects were required to enact a series of measures designed to protect their customers’ personal data.
Banks, charities, hospitals and, yes, e-commerce businesses are now all legally obliged to inform their customers (and gain their consent) about how their data is used. Let’s break down how you can earn back your readers’ trust in a post-GDPR world.
Be Completely Transparent
They say the devil is in the details, but Satan is really in the small print. Those barely legible words at the bottom of sign-up forms are what really trip customers up and make them mistrustful of businesses.
GDPR requires you to be transparent about everything you do with regards to consumer data. Nothing should be hidden, and every possible way visitors’ data could be used should be made clear.
Eschew hidden details and legal caveats. Where customers have to enter their personal information on a form, add a dedicated section explaining it all (“How Will You Use My Personal Data?”), and outline the following:
- What data you will collect
- Why you will collect it
- How you will use their data
- What they need to do to opt-out
Lay it all out, down to the last detail. No, it doesn’t make for inspiring copy. But it does build trust with your customers through honesty and transparency.
Make It Accessible
It is a legal requirement of GDPR to make it clear how you plan to use your customers’ personal data. Failure to do so will result in official reprimands, temporary bans on data intake, and special measures, to name but a few — and that’s not to mention the substantial fines incurred when you breach GDPR.
Consequently, businesses need to meet these requirements. But rather than simply meeting legal requirements, go one step beyond and make it accessible to your audience. The average consumer struggles to understand the legalese associated with GDPR, so strive to make it as comprehensible as possible.
Ditch the legal jargon and use layman’s terms to ensure your audience actually understands what the GDPR requirements mean. Run it by a colleague or use the Hemingway App to ensure it’s readable by everyone, not just a select few.
It’s a good idea to combine this with visual elements such as graphics or flow charts — these help your readers better take on otherwise complex and impregnable data.
Encourage Conversation and Involve Your Audience
You can lay out all your legal requirements on the table and make them as understandable as possible. But no matter how transparent and accessible you are, your customers will still have questions.
And that’s understandable. GDPR was hugely hyped in the media, and all sorts of fearmongering headlines appeared: stories of websites crashing before the deadline, tech brands blocking its users, and so on. As a consequence, the public became only more wary and confused.
As such, your customers will have questions about GDPR and how you use their personal data. Actively encourage those questions — and answer them. Create a forum in which your customers can ask questions and receive a personalized response.
Pre-empt these questions too and create a dedicated FAQ section. As before, keep it all concise and comprehensible.
What GDPR Does (and Doesn't) Mean for Personalization
In a post-GDPR world, it might seem impossible to increase and optimize your marketing conversation rate. When you can’t personalize your campaigns with the personal data of customers or prospects, how can you create tailored marketing that resonates?
But advanced conversion rate optimization is still possible post-GDPR. In a 2018 conversation with Stephen Spencer on the MarketingSpeak podcast, CRO expert Brian Massey noted that GDPR would be a concern for brands seeking to enhance their conversion rates.
Consequently, it’s clear that the industry has been aware of the issue for a while. It all comes down to what the GDPR text terms “legitimate interest”. This phrase refers to marketing that is necessary to the purchase itself.
For example, your business would not need to ask for permission about using your customers’ personal data for offering relevant special offers or sending transactional emails such as receipts or cart abandonment notifications.
However, you would not be able to automatically sign a customer up for an email newsletter just because they bought something from you. It’s not strictly necessary for the transaction, and as such would constitute a breach of GDPR.
As outlined before, make all of your legitimate interest use of personal data clear and understandable. Even though it’s legal, not explaining it to your customers will negatively impact their trust in you, damaging your brand as a result.
In a post-GDPR world, the issue of what personal data businesses collect and how they use it is at the forefront of consumers’ minds. The trust between the customer and the brand has been tainted — but not irreparably so.
Follow the tips above, and be transparent, accessible, and open. Do so, and your customers will have greater faith in you as a result.
Check out Kentico’s GDPR and Data Protection app to see how having a GDPR-savvy CMS can bring data protection compliance to your tech stack.
DISCLAIMER: All data and information provided in this blog post are for informational purposes only. Kentico makes no representations as to the accuracy, completeness, currentness, suitability, or validity of any information contained herein. We recommend consulting with a lawyer for any legal advice pertaining to data protection compliance.