Although the General Data Protection Regulation (better known as GDPR) had been in the works since January 2012, the likelihood is that you’ve only just this year learned about it. This is because it took four years to arrive at the agreement and even longer for it to start applying to businesses outside of Europe. Now, GDPR is one of the most important regulations for digital marketers across the world.

What Is GDPR?

GDPR sets out rules for businesses working with EU citizens to ensure that any personal data of these citizens is protected. Such data includes names, addresses, photos, IP addresses, genetic and biometric data, and anything else that could identify a person.

Although GDPR still only applies to the EU, it now affects any organization doing business with EU citizens. Businesses that fail to comply with the rules face hefty penalties. In other words, to avoid a fine of up to 4 percent of your annual global turnover or €20 million (you pay whichever is higher), you need to comply. This involves gaining consent of customers before you use their personal information, including when you want to communicate with them for marketing purposes.

How Does GDPR Impact Lead Generation?

If you use lead magnets to gather information from prospects, GDPR will impact your lead generation strategy. You’ll no longer be able to send marketing material (such as an email newsletter) to contacts simply by gaining an email address. Furthermore, you’ll need to make it clear what your data protection policies are and immediately delete a user’s data upon request. Finally, you’ll need to make sure that the data you collect is protected from misuse.

Ways to Comply

1. Gain Consent

You can now only gather data when you have a legal reason to do so. For digital marketers, this will usually mean you can collect data for contract purposes (such as to send a invoice) and when a user has a legitimate interest (such as when a customer asks for information). For lead generation purposes, there’s also a third way: consent. This means users must opt in for you keep, store, or use their data.

It is simple to add consent to all your lead generation forms. All you need to do is add another field that explicitly states that the user is opting in. The box next to the field must not be automatically checked — the user must actively check the box for consent to be valid.

Another place where you need consent is cookies. This is actually part of ePrivacy regulations rather than GDPR, but it will be soon be standard as well. All this means is that before you start using cookies, you must ask for users’ consent. To comply, add a cookie bar to your site.

2. Notify Users of Your Data Protection Policies

Returning to GDPR: you also need to ensure that users know what they are consenting to when they agree to let you use their data. If you are using Google AdWords, you should already have privacy and data protection policies on your site. If not, now is the time to add them.

Make sure the button inviting users to read your privacy policy is clearly visible. It is best if clicking on the button leads to a popup window. Like this, users can check out the policy without leaving the page. As soon as they’ve finished reading (or skimming), they can return to your content and finish the action to convert.

3. Delete Data Upon Request

You’ve probably heard the phrase “the right to be forgotten” in relation to GDPR. For digital marketers, this relates to deleting personal data as soon as a user asks. For instance, if a lead no longer wants to receive marketing material and asks to be taken off your email list, you need to comply immediately. This applies whether the user unsubscribes through a link in an email or sends a message to your customer service team.

4. Secure Handling of Data

GDPR also means that you need to make sure you handle all personal data securely. A simple way to achieve this is to use SSL encryption. This is a good practice anyway, as many users look for encryption before they are willing to provide a company with their contact details. In other words, using SSL encryption will make you compliant and may increase the amount of leads you generate.

5. Work with Trusted Service Providers

Finally, if a third-party service is handling your data for you, confirm that the provider is complying with GDPR. All you need to do is sign a data protection addendum and you’ll be covered.

Becoming GDPR compliant is less challenging than it may appear on the surface. The most important thing to do when it comes to complying for lead generation purposes is to obtain consent from prospects. It is worthwhile to do this even if you are unsure that you have any customers in the EU, as complying is much less expensive than the potential fines.