Editorial Note: We earn a commission from partner links on Venture Harbour. Commissions do not affect our writers’ opinions or evaluations.

The General Data Protection Regulation (GDPR) has been hyped up as a kind of doomsday for data-driven marketing. This is particularly true for personalisation, which relies heavily on user data over various sessions (and devices) to deliver customised experiences.

GDPR doesn’t mean the end for personalised marketing, though. In this article, we’re going to look at how you can deal with GDPR and keep hitting targets with personalisation – and perhaps even improve results.

First, know what you need to do

Hopefully, you’re already GDPR compliant and have been since the deadline passed on May 25 or you could be subject to some of those nasty fines being handed out. Don’t expect any legal advice from this article or rely on us to tell you what your requirements are – get the necessary legal advice, if you haven’t already, and make sure you’re covered.

That being said, there are some important points to keep in mind regarding GDPR and personalised marketing.

GDPR for EU data

GDPR applies to all personal data collected from EU citizens (including the UK after Brexit). This means you don’t need to worry about GDPR for data you collect from outside of the EU but also means companies elsewhere in the world need to be GDPR compliant for any data they collect from EU citizens.

This makes GDPR particularly complex for international companies based outside of the EU. Various sites have simply blocked traffic from the EU since May 25, including a number of major US news publications.

It’s all about personal data

A major part of GDPR is the requirement to get consent from users before collecting any personal data from them. Therefore, it’s important to understand what counts as personal data and what doesn’t.

Essentially, any data that could be used to identify a person or be connected to their identity counts as personal. For example, an email address is tied to a single individual, which means this counts as personal information that requires consent. However, a first name by itself or a person’s location alone can’t be used to identify an individual.

You also need to think about combinations. Collecting someone’s first and last name doesn’t necessarily require consent under GDPR because multiple people around the world can have the same name. If you combine this info with someone’s location data, though, you’re getting very personal and consent is going to be needed.

GDPR vs ePrivacy

In the build-up to May 25, email inboxes were crammed with messages from brands asking users to opt-in in order to keep receiving emails from them. The problem is, many of these brands were confusing GDPR with another set of privacy laws that have been in effect since 2002 – the European Union (EU) ePrivacy Directive.

While GDPR regulates the collection and use of personal data, it’s the ePrivacy Directive that specifies how you can use this data for electronic communications. This is why you can’t send unsolicited emails to people or track users with cookies without getting consent first.

As soon as you use people’s data to sent them marketing messages, you need to comply with GDPR and the ePrivacy Directive.

Because personalised marketing relies on… well, personal data, you’re going to have to design a consent process that gets people handing over their details. Looking at the GDPR requirements for on consent makes this sound like a difficult mission but studies have shown that over 75% of consumers are happy to share their details with brands they trust.

Source: What Is the Future of Data Sharing? – Consumer Mindsets and the Power of Brands published by David Rogers on Slideshare.

There’s your clue right there: trust. If you make it clear to people that their data is in safe hands and you give them enough incentive to opt-in, GDPR shouldn’t be a personalisation killer for you.

In fact, GDPR could be an opportunity to improve your personalisation efforts and generate more qualified leads – something I’ll talk about in more detail later. For now, though, let’s concentrate on designing a consent process that keeps the data coming in and doesn’t get in the way of conversions.

Hit your marketing goals.

Our latest venture, TrueNorth, is the only marketing strategy platform for projecting, planning and tracking your marketing under one roof.

Visit TrueNorth

One of the biggest concerns for marketers with GDPR is that a more complex consent process will add friction and hurt conversion rates. There’s a lot of reason to be cautious about this, too, and many of the consent forms I’ve seen over the past few months make a mockery of all the UX design progress we’ve made in the last decade.

Here’s what you need to do:

First, make sure you’re compliant

Before you design your consent requests, make a list of all your GDPR requirements because the most important thing is to make sure you’re covered. Generally speaking, you want to tick off all the items on your list of requirements while adding the least amount of friction and maintaining the best user experience possible.

Here are some of the requirements you’re going to need to meet:

  • Active opt-in: Users need to actively opt-in for you to collect their data, which means no more boxes ticked by default.
  • Prominence: Your consent options should be prominent enough for users to see and, if you’ve got multiple options, they should all be equal in size and prominence.
  • Clarity: You need to explain what users’ data will be used for clearly and concisely – don’t use any vague, ambiguous or confusing language.
  • Transparency: You need to name any third-party sources users’ data will be shared with.
  • Granular: If you’re using data for different purposes, provide multiple opt-in options for users to choose which applications they’re happy with.

This isn’t a complete list of your requirements but it gives you an idea of what you’ll need to consider when designing for consent. As you’ll see in the following points, it’s perfectly possible to be GDPR complaint without killing the user experience of your site or ruining your personalisation strategy.

Build trust and add incentive

There’s no denying that pointing people’s attention to the fact you’re going to use their data and increasing the number actions users need to take while converting is going to put some people off. However, we’ve already established that people are generally willing to hand over reasonable data to brands they trust – so this should be one of your priorities with GDPR.

Make the extra effort to earn user trust across your site and other platforms, especially on the pages and areas where you ask users to submit data.

You’ll also want to try and increase incentive (motivation) as much as possible. The more incentive you give people to convert, the less concerned they’ll be about data and the more willing they’ll be to take extra steps during the conversion process.

The multi-form ‘hack’

We’ve mentioned how multi-step forms can boost conversions plenty of times on this blog. Aside from reducing friction, increasing engagement and reducing failed completions, multi-step forms have another powerful trick up their sleeve – and it’s closely related to incentive.

Progress indicators are a standard feature of Leadformly forms, which are designed to maximise conversions.

By adding a progress indicator to your multi-step forms, it becomes increasingly difficult for users to quit the session before converting. This is thanks to a phenomenon known as loss aversion where users feel they’ll lose out on the time they invested in filling out 90% of a form only to quit before converting.

This enhances the incentive that prompts users to start filling out your form in the first place and reduces the negative impact of friction.

So what has this got to do with GDPR?

Well, if you save your opt-ins for the last stage of your multi-step form users know they will have wasted their time filling out the previous stages and it will be difficult to give up at this stage. They were happy enough to type in their data throughout your form until this poperint and not giving you permission to use it at this stage doesn’t make much sense.

Don’t let GDPR kill your personalised marketing strategy

GDPR is a going to make an impact on personalised marketing but it doesn’t have to be a negative one. Studies have shown that most people are willing to submit data to the brands they trust when they understand it’s going to improve the customer experience for them and this is an opportunity for companies and marketers alike to build a stronger sense of trust with their audiences.

The mistake many businesses are making in the early months of GDPR is to block European audiences or design consent requests that kill the user experience – neither of which is necessary.

Focus on providing the best possible experience, explain why users are going to be better off by sharing important data and make sure you keep the incentive at an all-time high. Pull this off and you should end up working with highly qualified leads that appreciate the personalised experience – the kind they’ve been used to getting for half a decade already.

There’s no reason GDPR needs to get in the way of this.

Aaron Brooks is a copywriter & digital strategist specialising in helping agencies & software companies find their voice in a crowded space.

More from Aaron