GDPR Compliance: Context, Consent, and the Digital Handshake

GDPR Compliance: Context, Consent, and the Digital Handshake

This post is part of our series: Find Out Fast If Your Business is GDPR Ready. Our goal is to help businesses make sense of privacy and data. AE is your Babel Fish for GDPR Legalese. 

In the age of social login, every company seems to ask for permission to access your personal information through Facebook, Twitter, LinkedIn, Google, Spotify, Instagram…and so on.

Social login has become a way to generate opt-ins without forms, giving you higher conversion rates and, for some businesses, doing deep data-mining.

But, are these companies crossing a line by not asking for permission? Should they be made to ask permission before using your personal data?

According to General Data Protection Regulation (GDPR), the answer is “Yes.” Or even, “Heck, YES!”

Think of it like a digital handshake between your business and your customer. If your customers allow you to use their data, the expectation is that your business promises, “We’ll keep your data safe and use it to make your life better.”

A cellphone with an illustration of a handshake on the screen

Requesting access to customer data is like a digital handshake between the brand and the user.

Context is the New King in Data Collection and Use

Asking for permission to access and use personal data must be more transparent because of the GDPR. Explicit consent and user deletion are the cornerstones of the GDPR.

Pre-Checked Boxes

Using pre-checked boxes may have once been an easy way for brands to encourage newsletter signup, but with GDPR in effect, all option boxes must be unchecked, and the action of opt-in requires a positive action by the visitor. Visitors need to actually check the box themselves to opt in to anything you offer.

Preconditions of Service

GDPR also means no more preconditions of service. What, you ask? It means consent cannot be a precondition. For example, the signup for a service newsletter can’t be bundled together with your terms and conditions. It’s all about keeping everything clear and clean.

Explicit Consent for Specific Uses

When customers consent to providing their personal data, it must specifically relate to what you are using the data for. This means you are required to get separate instances of explicit consent for each type of activity you perform with someone’s personal data.

Along the same lines, you can only use the data you collected for the reason you said. No double-dipping with consent. Customers MUST be provided with the context of use prior to consent and how easy it is to opt out.

The importance of context means you need to re-work your marketing and email collection strategies. Start thinking about how context can make the biggest difference for your conversion signup rate.

Consent in Context

Let’s look at some examples of smart integrations with social login that make sense for the end-customer.

Canva logo

A tool like Canva requests permission to access your Facebook account. Their platform creates graphics for social media and by having access to your Facebook profile, sharing your created works with your Facebook account is streamlined. Context makes sense for a Facebook social login.

An example of Spotify Pre-Save on the Snow Patrol website.

The context in a Spotify Pre-Save campaign can also be very successful. With AE, we allow you to access and analyze the personal data of users through a Spotify social login.

When customers consent to a Spotify Pre-Save album, they know the context. They are giving personal information in exchange for an album or playlist being added automatically to their Spotify account. Context-appropriate marketing gives you great conversion rates and makes sense to your customer.

The Digital Handshake

The goal of smart marketing has always been to get the right message, to the right person, at the right time. For the past few years, companies around the world have been engaging in a personal data feeding frenzy, grabbing everything they can.

Today, we are seeing a backlash where governments around the world are stepping in to regulate the collection and use of personal data.

So remember, context is the Digital Handshake you need to be using. You can only use data for the explicit use your customer has agreed to. If you wish to use a piece of customer data in different ways, the customer must agree to each of those uses in advance. 

Being clearer with your customers is going to grow trust. And with trust comes a better relationship and better sales. So instead of seeing all the GDPR rules as “compliance”, think about how your relationships will improve, develop, and deepen. After all, having more trust online is a good thing.

<a href="" target="_self">Annabel Youens</a>

Annabel Youens

I'm a co-founder and CMO at AE. I believe that truly successful internet businesses have to connect people. {wave} When I'm not online I'm exploring beautiful Vancouver Island. Things I love: everything scifi, literary fiction, coffee, YouTube Music, my workhorse sewing machine and board games.