Are your landing pages GDPR-compliant?

Published Aug 07, 2018 | Written by Jeremy Knight


The GDPR (General Data Protection Regulation) was introduced across Europe in May 2018 to strengthen individuals’ rights when it comes to the handling and processing of their data.

As inbound marketers, we’ve always put the power in the hands of our prospects - and the GDPR champions that notion, so it's a regulation we should all willingly, and easily abide by.

Our communications and the ability to generate leads are dependent on high-quality data acquisition. Landing pages are an integral part of that acquisition process, so it’s natural to be dubious over the thought of tweaking and overhauling your existing landing pages and conversion paths. What if we put prospects off? What if people choose not to tick the box?

Thankfully, GDPR isn’t here to crucify your chances of converting leads. Instead, it is here to support a more genuine and transparent means of communicating, resulting in more high-quality contacts and leads.

If you haven’t by now, it’s vital that you ensure all of your landing pages and conversion paths are GDPR compliant. After having two years of warning to get our ducks in a row, the ICO will not forgive subpar efforts when it comes to compliance. 

The purpose of this post is to help you:

  • Become well-informed on GDPR best practice for lead capture
  • Double-check all of your landing pages are GDPR compliant
  • Understand how to tweak your language to satisfy GDPR guidelines adequately.

Your lawful basis

Before collecting someone’s data, the GDPR states that you must have a legal basis for doing so.

For GDPR, there are 6 lawful bases:

  • Consent
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interest

In this instance, we will focus on consent.

A landing page requires the prospect to exchange their personal details for your content or value offer consensually.

Generally speaking, the only other type of lawful basis marketers will rely upon is ‘legitimate interest’, which enables the processing of an individual’s data when it is in their legitimate interest to do so. 

While legitimate interest is certainly not your ‘get out of jail free card’, it's the opportunity to provide further communications to a prospect when it is within their reasonable expectations for you to do so without invading their privacy rights.

Keep in mind your lawful basis whenever collecting or processing the data of certain individuals.

Unbundled consent

Unbundled consent’ dictates that any consent request must be separate from any other terms and conditions.

If a prospect consents to having an eBook emailed to them it does not automatically mean they also have subscribed to a newsletter or agreed to regular update emails.

Legitimate interest, on the other hand, would constitute similar content offers related to the same topic of interest could be within the legitimate interest of the individual, and so, their contact information could be used to deliver this content. But always use your lawful basis to inform this type of decision.

For HubSpot users, there is now an array of new features that will help you on your way to compliance including the ability to track consent on your forms.

Remember, consent cannot be assumed in any circumstances.

Granular options

You should empower the user to sign up to separate content offers by providing granular options on your landing page forms, such as a series of YES/NO tick boxes for each of your subscription options, for example.

Your prospect should have the autonomy to subscribe to your blog, but forgo your monthly newsletter if they so wish. 

Rather than the non-granular and rather unclear: ‘I consent to further communications from you', after the prospect has provided a telephone number and email address (which is ambiguous and could be deemed misleading), a series of tick boxes labelled as following would be a far more transparent approach.

  • ‘I agree to receive SMS updates related to nearby events from XXX’
  • ‘I would like to sign up to your newsletter’
  • ‘I would like to subscribe to your blog’

Lose all pre-ticked boxes

Pre-ticked check boxes to GDPR are like a red rag to a bull. Under no circumstances should you have pre-ticked boxes on your landing page forms. 

Pre-ticked boxes can mislead the prospects into signing up, usually unintentionally. That kind of tactic does nothing for your reputation apart from the damage it.

The GDPR is about being open and honest in your approach to marketing communications. By having an explicit consent tick box so that the prospect can affirmatively give their consent, plus a link to the privacy policy, you are demonstrating GDPR best practices.

Consent must be freely given, this cannot be a required field (unless there is a YES/NO option), nor can it be pre-ticked.

The power is in the prospect’s hands, and that’s where it should always be.

GDPR-friendly language

In order to satisfy the ICO, the language used on your forms and any dialogue surrounding consent must always be understandable, unambiguous, conscious, affirmative and clear.

Complicated legal language is another no-no. Consent must always be given freely, so should be worded in the simplest form. Conversely, withdrawing consent should be as easy as giving it, and this should be communicated in your copy.

You must also describe exactly what your reasons are for collecting said data, and what you intend to do with it. If you need to know the industry in which your prospect works because it will help you tailor their future content offers, let them know.

Similarly, opt-ins must always be positive. That means no more 'I do not consent to communications' as a tick box to try and trick the user. Be plain, clear, unambiguous, and when in doubt, spell it out. 

The upside for marketers 

The good news is that privacy and trust equate to great marketing. Particularly with regards to a remarkable inbound strategy.

The recipients of your marketing communications will be willing and accepting of your content. By providing them with aligned content that works to solve their problems and answer their questions, you can work to build your authority as a trusted partner, someone with whom they would consider working with when the time comes to make that decision

Ultimately, it puts an end to unscrupulous marketing, spamming, unwanted communications and irrelevant content that would’ve previously clogged up people’s inbox.

What does that mean for you? Less noise to get lost in.

That’s great news for inbound marketing.

New call-to-action

Published by Jeremy Knight August 7, 2018
Jeremy Knight