GDPR stands for General Data Protection Regulation adopted by the European Union (EU) in April of 16. It extends and codifies previous “agreements” between EU and US regarding transfer of personal data and applies if the data controller (collector), processor, or subject (user) is a EU resident. The regulation includes steep sanctions of up to four percent of revenue or €10 million for violators.
Ok… What does that actually mean?
Ultimately GDPR is a series of regulations that give EU citizens greater control of their data.
It’s a concern for companies that have users in both the EU and the United States because there have already been regulations passed in California that are similar to GDPR. It’s expected that these regulations will continue to expand across the United States and to other countries throughout the world, so we recommend being compliant regardless of where your users and customers live.
Fortunately we’ve broken down what you should do into four areas of focus:
# 1 – Inform
When data is collected, clearly inform users what data is collected, the legal basis for processing, how long it will be retained, if their data is transferred to a third party, and if any automated decision-making is made on a solely algorithmic basis. Data subjects (users) must also be informed of their rights to data access and erasure.
When updating your online policies for GDPR, consider including the following:
- What data is collected and processed, legal basis, how long it is retained, and transfers
- If solely automated decision-making processes are used
- Link to forms for data access and erasure
- Include a categorized cookie list
There are a variety of tools that can be utilized to scan and inventory your site for data collection but it’s important to partner with a company that understands these results and can help you to get your website GDPR compliant.
#2 – Consent
Attain informed, explicit consent to collect user data, and be able to demonstrate compliance by following these steps:
- Provide a cookie banner that requires positive consent (opt-in) vs implied consent to drop cookies
- Provide a mechanism for users to withdraw consent
- Ensure all forms include consent language and opt-ins
- Consent language should include what data is collected, reason and legal basis for collection, retention
- Provide separate opt-ins for requirements to process requests vs additional purposes such as marketing
- Provide a link to your privacy policy whenever collecting user data (e.g., forms, transactions)
Make sure you’re adding the appropriate consent fields and integrating them with your existing consent management system. There are tools available that ensure your cookies and consent management are compliant with GDPR regulations, but again, it’s important to have someone on-staff or working with a partner that understands this software and GDPR compliance.
#3 – Access and Erase
Allow users to access and delete their data, as well as change their consents at any time.
To ensure your users can update their data consider these steps:
- List contact info of the responsible party for collected data in your Privacy Policy
- Create workflows for receiving and routing data access and erasure requests
- Create workflows for gathering, packaging, and delivering data.
- Develop provisions that allow your company to retain personal data if it is required to process transactions, meet legal obligations, or poses undue hardships
Creating workflows and processes for dealing with user data can be time consuming and tedious work as it involves all personal data, not just data collected or accessed by your website.
#4 – Alert
Perhaps most importantly, inform users if there is a breach of their data. The standard is to alert your users within 72 hours if there has been a breach of data. This may involve working with a crisis communication professional, posting the information on your website, and creating a press release or series of communications depending on the level of the breach.
Conclusion
GDPR can sound incredibly overwhelming but there are many dedicated professionals and businesses that have strong commitments and expertise in guiding companies through compliance. If there were any topics in this post that didn’t make sense, or you weren’t sure if you have them employed on your website, we strongly recommend talking with your website and IT teams/vendors to make sure you’re headed towards compliance. If your internal resources can’t ensure compliance, reach out to a trusted partner like Risdall to walk you through the processes to ensure you’re handling user data appropriately and avoid noncompliance in any current data regulation.
This is the first in a series of pieces from Risdall about GDPR. Check back soon to keep up-to-date on what you can do to be GDPR compliant.
The Risdall digital team attended DNN Summit, the largest DotNetNuke conference in the United States. The conference offered sessions on the direction of the DNN platform, modern development practices, current themes in digital marketing and practical advice for running DNN websites across multiple verticals. Keynotes were delivered by Andy Tryba, the new CEO of DNN Software, and Shawn Walker, the creator of DNN.
Risdall team member Erik Hinds led a comprehensive session on creating high-converting landing pages in DNN. Erik addressed all aspects of landing page creation:
-
- Definition & goals
- Creating a workflow
- Audience definition
- Crafting an offer
- Tools for effectively building a page
- Best practices for landing page design
- Conversion Rate Optimization (CRO)
- How to build landing pages in DNN
The bulk of the session focused on planning a proper conversion campaign by addressing the prospect’s needs, challenges, pain points and questions. Erik offered several strategies and tools to help identify those points and how your offer can help. Some of the tactics included:
- Creating customer personas
- Using a “Before and After” grid
- Outlining your touch points with a customer journey map
- Marketing automation
As Erik said, “Landing pages are merely a conduit for creating multiple touch points in a marketing program. The effectiveness of the landing page is contingent on creating a very specific offer and presenting it to a segmented and qualified audience. Speaking in a transformational manner and presenting your solution in the right sequential order is much more effective than directing high volumes of traffic at a web page and hoping for the best.”
Best Practices for Building Landing Pages in DNN
A fair amount of time was dedicated to covering best practices when designing and developing a DNN landing page. These best practices are universal across CMS platforms and addressed four key areas:
- Offer – is the offer clear, relevant and maintains “ad scent”?
- Form – are you asking for the right information, lowering form friction and building strong CTA’s?
- Building trust – are you using strategies for positioning your offer as trustworthy with testimonials and other forms of social proof?
- Visualization – have you ensured the page is laid out correctly, has visual appeal and doesn’t contain exit paths?
Testing CRO in DNN Landing Pages
Building a landing page is only the beginning of a successful landing page campaign. Erik discussed how to conduct optimization testing and some of the tools that can be leveraged.
As Erik noted, “Collecting quantitative and qualitative data is crucial to making smart decisions when determining whether the page is successful. There are a multitude of third party tools that can be easily integrated into DNN.”
Some of the types of testing and analysis Erik recommends are:
- Heat mapping / click testing
- Session recording
- Form drop off analysis
- Exit polls
- Preference testing
- 5 second testing
Erik finished up the presentation with an engaging Q&A session with audience members on some of the challenges they have faced when creating landing pages in DNN.
“It was a really great audience consisting of marketers and developers across multiple verticals. I loved how they engaged with thoughtful questions. I hope they received a lot of value from the presentation and Q&A.”