GDPR: Why you might not need consent when capturing leads through a Demo Request landing page
As the countdown to General Data Protection Regulations (GDPR) continues, marketers across the EU can still be found scratching their heads in confusion as they try to decipher the directive’s requirements and its implications.
If you’re a marketer in the EU and you have no idea what I’m talking about, grab yourself a (large) coffee, and head here for a good overview.
Instead, in this post I’m going to assume that you have a basic grasp of GDPR, and focus in on one area that seems to be mass confusion for marketers – when, and where do I need marketing consent when capturing inbound leads through a landing page?
Do you always need consent?
F.U.D (fear, uncertainty and doubt) prevails because the days of “assuming” consent, and enrolling leads via an auto opt-in, will soon be over (and punishable by a fine).
Instead, if you’re marketing to leads, we’re told you’ll need them to have opted-in.
Or do you?
One scenario I’ve recently worked on is whether a Demo Request form on a B2B SaaS business’s website will require a new consent button and disclaimer to be added once GDPR comes into force.
Besides a free trial, offering a demo is one of the most tried and tested B2B marketing techniques, and asking a lead to opt-in (and explaining to them how you’ll use their data) before submitting a web form sounds relatively straight-forward.
However, there’s no doubt that it will impact page conversion, and form completion metrics. Also, given that GDPR only relates to EU residents, you might also be having to look at multiple versions of your landing pages depending on the visitor’s geographic IP.
All of a sudden, that simple opt-in check box doesn’t seem so innocuous. Besides, what do you do if they don't tick the box?
Fortunately, in the above “Demo Request” scenario, the answer is no – you won’t need consent to process the lead’s information.
Lawful basis for processing
When it comes to GDPR and marketing, gaining Consent is the most visible, obvious, and discussed lawful base for processing personal data.
However, under the GDPR terms, there are in fact six available lawful bases for processing data. At least one must apply and none is more important than another. You simply need to have documented your lawful basis and stick to it.
When it comes to processing Demo Request leads, rather than asking for consent, you’ll instead* be able to use the personal data under the lawful base defined as “Contract” :-
“The [data] processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.”
In the context of your Demo Request landing page, collecting personal data (names, email, contact numbers etc), would clearly fall under this category. You are collecting the data for the express purpose of making contact, and scheduling a demo (with the ambition of ultimately entering into a commercial contract).
Of course, this implies that you do not intend to use the personal data for any other purposes (for example, marketing a different solution in your portfolio). If you do intend to do this, you might be safer asking for consent up-front – however, even then the consent might not be transferable between products.
"Collecting Demo Request leads can be performed under the "Contract" legal basis, meaning you probably don't need to ask for opt-in consent."
Documenting your lawful basis
So, for those of you collecting leads through a Demo Request landing page, it’s almost business as usual.
I say “almost” because it’s your responsibility to ensure that you can demonstrate which lawful basis applies.
At a minimum, make sure the form title that was used to collect the data is stored alongside the lead details in your CRM (ie: Demo_Request_Form_2). By doing this you have a way of recording the legal basis by which you processed the data, should you ever be audited. It will also be useful in future outbound campaigns to understand which leads you can / can’t use, and for which purpose.
Theoretically, the legal basis that you use has no expiry date. That means if you fail to book the demo immediately, there’s nothing to stop you running a campaign to that lead several months later asking them if they’d like to re-engage and schedule a demo.
If you’re a SaaS business looking to understand how GDPR will impact your inbound (and outbound) marketing operations, then we can help by providing a simple audit of your operations and actionable plan to ensure you avoid a potentially costly fine.
Share your thoughts below (and, of course, share this article!)
* The content of this web page is a commentary on GDPR, as Boostwax Marketing Ltd interprets it, as of the date of publication. The application of GDPR is highly fact-specific, and not all aspects and interpretations of GDPR are well-settled. As a result, this content is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your organisation. You should work with a legally qualified professional to discuss GDPR, how it applies specifically to your organisation, and how best to ensure compliance.