The Smart Way to Make Your Opt-In Forms & Email Marketing GDPR Compliant
The new European data protection regulations (GDPR) are right around the corner and many website owners are in a panic. There’s been a lot of talk about rules, regulations and hefty fines that await those that don’t comply.
Most “how to GDPR” content seems to suggest that you have to add multiple checkboxes, prompts and extra steps all over your website.
In this post, we’ll take a look at what GDPR actually means for small business entrepreneurs and email marketers. And you’ll discover ways in which you can make your website compliant without sacrificing your visitors’ user experience or your conversion rates.
Disclaimer: I’m not a lawyer and this post does not contain legal advice. Always work with your legal counsel to determine the right decisions to make about regulations.
First, let's start with some good news:
The EU Isn’t Coming For You
Before we get into further details, let’s get some perspective on these regulations in general. As a small business entrepreneur, you should be aware that you are not the GDPR’s main “target”. GDPR is about the processing of people’s private data online. GDPR primarily aims to regulate businesses that do a lot of data processing - and especially businesses that make their money from selling or “exploiting” the data they collect about people.
Think: data harvesting giants like Facebook or Google.
The average entrepreneur and website owner does very little data harvesting or processing. If you have a website with some opt-in forms on it, the EU isn’t coming straight for your jugular.
Will You Be Hit With Huge Fines?
Many marketers fear massive fines if they don’t get everything on their website 100% compliant by May 25.
According to Elizabeth Dunham, the UK’s Information Commissioner, that’s just “scaremongering”. She further states that “Issuing fines has always been and will continue to be, a last resort.”
If your site is not compliant, fines are not the first thing that happens. There's no squad of EU goons waiting to kick down your door.
The expected process for non-compliant websites looks like this: the first step would be for your users/visitors to take up the issue with you directly.
For example, a user might ask you (the website owner) to see, change or remove their private data. If you can’t comply with that, the user can escalate this to a complaint, which would lead to a multi-step process by an EU data regulation agency, starting with an “information notice”.
Only if you are still not compliant after having received various notices and warnings will fines come into play.
In short: there’s no reason to believe you’ll face immediate punishment for a missing disclaimer link or a poorly worded checkbox label on your site.
We Still Need to Clear These Obstacles
I hope you now see that these regulations are less threatening than you may have thought. Let's take a second to breathe a sigh of relief.
Of course, that doesn't mean we can just ignore the regulations. Even as small business owners with very little data processing, we still have to make sure we’re compliant.
Strangely, I’ve seen that many writers feel obliged to “reframe” GDPR when they write about it and make a statement like: “why GDPR is actually a good thing for marketers!” Apparently, these regulations will help us get higher quality leads or they’ll weed out the bad marketers or something.
What’s conveniently omitted is that GDPR doesn’t do anything for your lead quality that you couldn’t have done before.
Protecting people’s privacy is a laudable, and in my opinion important goal. But let’s not pretend like these regulations make things better for small businesses. They represent extra hoops you must jump through as well as additional time (and possibly money) you have to spend.
What’s worse: if you follow a lot of common advice about GDPR and email marketing, it can harm your conversion rates and your bottom line, all without adding anything of value to your visitors.
Here at Thrive Themes, we have a strong focus on conversions, so it’s particularly this last problem I want to help you with. We’ll take a look at how you can make your opt-in forms and email marketing GDPR compliant without hurting your conversion rates.
How GDPR Affects Email Marketing
GDPR isn’t primarily about email marketing. It’s about how people’s personal data is handled and email marketing contains such data (e.g. someone’s email address). The main rights given to EU citizens under the regulation are as follows:
- The “tell me what’s going to happen” right: the citizen has the right to be told what will happen with personal data before it is submitted and the data shall only be used if explicit consent is given.
- The “show me my data” right: the citizen has the right to know what data is being collected about them, why it’s being collected and how it’s being used.
- The “I want to change that” right: the citizen has the right to have data modified or updated.
- The “forget about me” right: the citizen has the right to have their private data removed completely.
For email marketing, this translates to:
- Tell visitors what you will do with their email address before they sign up.
- Give visitors a view of the data you’ve collected about them (probably only their name and email address).
- Give visitors a way to modify their data (e.g. get the emails sent to a different address) and unsubscribe.
- Remove all data you have about a visitor completely, if they request it.
The Checkbox Myth
How do you make your opt-in forms GDPR compliant?
I get the impression that 9 out of 10 marketers would answer: “by adding checkboxes!”
I don’t know where this idea came from, but GDPR doesn’t mean adding checkboxes. You need the subscriber’s explicit consent to send them emails, but a checkbox is not the only way (and definitely not the best way) to get this consent.
Let’s look at an example of a typical opt-in form, pre-GDPR:
If someone signs up through this form and you then start sending them emails, that’s not GDPR compliant.
Because there was no indication in this form that you’d be sending emails (and visitors can’t consent to something you haven’t told them about). The entire form is about getting a PDF. The visitor who signs up agrees to receiving a PDF, but nothing else.
Here’s how it seems most “how to GDPR” articles suggest to improve this form:
Okay, I’m exaggerating. But I’m exaggerating to make a point: adding checkboxes to this form makes it worse.
No one wants to read fine print. Just like we all “read and agree to” the terms and conditions of every software and app we use, people may or may not check these boxes, but they won’t actually read your terms or even pay close attention to what the label of each checkbox implies.
Adding checkboxes makes the opt-in form worse for the user (makes a poor user experience) and it will likely lower your conversion rates. This is still true if we take a more conservative approach like this:
Plus, there's an extra twist: under GDPR, you are not allowed to disadvantage anyone because they don’t provide consent. That means in a form like this one, you can’t make the checkbox required.
If someone signs up but doesn’t check the box, you have to still give them access to your PDF, but you can’t send them any emails.
For the business owner, there are 2 main problems with this:
- The checkbox label might as well read “please also spam my inbox with annoying promotional messages”. Nobody wants another “newsletter” and even if your newsletter is neither spammy nor annoying, visitors won’t know that before they sign up.
- You have to set up a potentially complicated system that ensures that people who sign up but don’t check the box receive your free PDF, but aren’t added to your mailing list. Those who do check the box need to get the PDF and be added to the mailing list.
Note: you can set up a 2-track system to separate consenting from non-consenting signups using the Thrive Leads plugin and the Asset Delivery feature. You can learn exactly how it's done in this tutorial.
How to Fix Your Opt-In Forms & Ditch the Checkbox
There are two approaches you can use to make your opt-in forms GDPR compliant without adding checkboxes or extra hoops for your visitors to jump through:
- Change the copy in your opt-in forms.
- Change the nature of your opt-in offer.
Fix 1: Change the Copy
Here’s what the form could look like, with modified copy:
Here’s exactly what we changed, to make this form GDPR compliant:
- We add “Subscribe to get…” to the title and mention the newsletter in the text. This way, it’s clear that the user is consenting to a newsletter by signing up.
- We are still providing an opt-in offer (or lead magnet) in the form of our free report. However, instead of the free report and the newsletter being totally separate, the “main action” on the form is signing up for the newsletter and getting the PDF is a bonus provided to newsletter subscribers.
- We’ve added a link to our terms in the disclaimer part of the form.
That’s it. This form now acts as explicit consent to receive a newsletter and we’re good to go. No checkboxes needed.
What if you have a form or landing page with a killer headline that you’ve tested and optimized to perfection and you don’t want to mess it up? Here’s another version of the form, with nothing changed in the title:
The key point here is that the offer is framed in such a way that there is no separation between the free PDF and the newsletter. The form clearly states what is to be expected.
Fix 2: Change the Offer
One way in which the GDPR might actually do some good for consumers is that it makes old-school, high pressure sales style email marketing much more difficult.
What I advocate is a way to make your entire email marketing process not only GDPR compliant, but better and more effective in general. I call this approach "Newsletter-as-a-Service".
Newsletter as a Service (NaaS)
To explain how NaaS works, let's do a quick thought experiment. Think of the difference between TV ads and product placement.
TV ads: you’re watching a movie for entertainment (which is what you want) and you get interrupted by ads (which is what you put up with, if you have to). You see ads for a fancy looking watch and maybe, if you see them often enough, you’ll buy the advertised watch at some point. But you probably won’t and you’d rather cut the ads out of the movie.
Product placement: you’re watching a James Bond movie for entertainment and James Bond happens to be wearing a really stylish watch.
The watch comes with a bunch of gadgets, so it’s shown in close-ups several times and it becomes part of the plot. You end up buying the watch because James Bond is cool as a cucumber and you want to be like him. What’s more, it never feels like an ad and it wouldn’t even occur to you to cut the watch out of the movie.
Newsletter-as-a-Service is taking this concept to the next level.
Here’s a video with an example of what I mean:
“Newsletter-as-a-Service” is the new, more effective way to do email marketing. And it happens to be GDPR friendly as well...
Old vs. New Email Marketing
Let's contrast NaaS against the old way of email marketing, which is not only unpleasant for your subscribers, but also much more at odds with GDPR.
Here’s the kind of thing I mean:
The Old and Spammy Way
- You have a lead gen offer or you sell something.
- When people sign up or purchase, you send them affiliate offers non-stop until they unsubscribe.
If you’ve bought some rubbish products on Internet marketing forums, you’ve been on the receiving end of this marketing style.
Few marketers stoop so low as to follow this old, "hard sell" approach. But if we look at the more common approach these days it's not great, either:
The Slightly Less Spammy Way
- You have a lead magnet (opt-in offer) to get people onto your mailing list.
- When people sign up, they get your lead magnet and they also start getting emails from you (these may or may not be related to the thing they signed up for).
- Some emails are educational and useful, some are purely promotional.
This approach stems from an attitude that sees subscribers only as potential profit sources. You send useful, informative content to your subscribers only to “keep them warm” for the promotional stuff.
There is a better way to do email marketing and it also happens to be GDPR compliant:
The New Way
- Your emails are never purely promotional or unrelated to the original offer that got people onto your mailing list.
- Your emails, which are educational and useful, link to interesting content and contain secondary promotions or soft promotions (more about this below).
- All of the content you send to subscribers is your “newsletter service”.
Your subscribers sign up for and subsequently receive this useful and valuable Newsletter-as-a-Service mix of content.
NaaS Example: Thrive Themes
For an example of a Newsletter-as-a-Service, look no further than Thrive Themes. Most commonly, when you get an email from us, it’s to announce a new blog post or a new Thrive University course.
Right off the bat, that means the email itself is not promotional in nature.
Our blog posts are almost always based around helping entrepreneurs and website owners solve a problem or improve their conversions. Promotions of our products and features are incidental to this educational service provided in our content.
- How to Create Better Content, Faster (by Using Content Patterns) - this post helps you with your content marketing and in it, you’ll learn about a Thrive University course to help you further and you’ll learn that Thrive Architect can be used to create content patterns more easily.
- Busting the Exit Intent Myth - this post helps you build your mailing list faster by showing why “exit intent” forms aren’t ideal and it shows you what to do instead, using Thrive Leads as an example of how to do it.
- How to Create Visually Amazing Content for Your Blog - this post teaches how to make your blog content more readable and more professional looking and you’ll discover that making visually beautiful blog posts is easy when you use Thrive Architect.
- Build a Mailing List Like Ramit Sethi - this post teaches advanced list building techniques in great detail and it mentions Thrive Leads.
- How to Create High-Converting Personality Quizzes for Any Business - this post teaches how to create engaging and conversion focused “personality type” quizzes and shows how it can be done with Thrive Quiz Builder.
You get the idea. None of these posts are straight-up “buy this product” promotions. Even if you don’t use any of our tools, you can learn a lot and seriously upgrade your marketing by following the Thrive Themes blog.
And because this is our approach, there is no clear separation between “content” and “promotion”. When you are subscribed to the Thrive Themes mailing list, you get a constant stream of emails that all have one and the same purpose: to help you build a better website.
This is what it means to offer a Newsletter-as-a-Service.
The GDPR Grey Areas
Maybe you're wondering: is the Newsletter-as-a-Service concept 100% compliant with GDPR? Am I 100% on the safe side, following this advice instead of adding many checkboxes to every form?
The answer is: no one knows for sure. Depending on which lawyer you ask, you'll get different answers about anything that still constitutes a gray area. And right now, there's a lot of gray area.
One source I am going by is this consent guidance document by the ICO, which gives the following example:
"If joining the retailer’s loyalty scheme comes with access to money-off vouchers, there is clearly some incentive to consent to marketing. The fact that this benefit is unavailable to those who don’t sign up does not amount to a detriment for refusal."
The example isn't perfect for the use described in this post, but it shows that incentives for subscriptions is still a viable option for marketers.
When is a Checkbox the Right Choice?
As we've seen, you have 2 options for making your opt-in forms GDPR compliant. You can:
- Add a checkbox to get consent for anything not mentioned in the form’s copy.
- Change the copy of your form.
None of these is “the right” choice to make. You have these options at your disposal and you can choose whichever one suits your needs best.
My Newsletter-as-a-Service approach is more than just a quick fix for some opt-in forms. It’s an entire marketing approach. I believe it is a superior approach for most businesses and I recommend it, but it’s not something you can just implement overnight.
Newsletter-as-a-Service makes your email marketing as a whole more GDPR friendly, but you still need to clearly communicate your offer. So, implementing NaaS doesn't save you from changing your form copy or adding checkboxes.
When it comes to choosing between changing your form’s copy or adding a checkbox, I believe changing the copy is generally the better choice. However, we have added a feature for adding a checkbox to opt-in forms in Thrive Leads, so the choice remains yours.
What Else Do You Need, to Make Your Email Marketing GDPR Compliant?
There are several more regulations that are relevant for email marketing, but you are almost certainly already compliant with those.
Unsubscribe & Modify Links
First, you need to make sure that every email you send contains an unsubscribe link and you should also have a “modify my subscription” type link, where your subscribers can update their data.
This kind of thing:
This is hardly a new practice for email marketers.
Proof of Opt-In
You also need to be able to provide a proof of opt-in or a proof of consent. Basically, if a subscriber claims you started sending them emails out of the blue, you need to be able to prove otherwise.
Your Action Steps
Now that you know what tools you have at your disposal to make your email marketing GDPR compliant, here’s what to do next:
- Take an index of all the opt-in forms and lead generation landing pages on your website.
- For each opt-in offer you have, decide which of the 2 approaches is best. Will you add a checkbox to the forms or change the copy? And to what extent will you change the offer itself?
- Update your opt-in forms and lead generation landing pages to reframe your offer and make sure visitors can clearly anticipate what’s going to happen after they sign up.
- Make sure your emails all contain an unsubscribe link and a “modify my subscription” link.
- Get all this over with, so you can go back to focusing on more important parts of your business.
Finally, consider to what degree you can and want to implement a Newsletter-as-a-Service approach in your email marketing.
If this is something you’d like to get more guidance from us about, let us know in the comments below!