Lead Generation in a GDPR World and Best Practices

Lead Generation in a GDPR World and Best Practices

Dec 2, 2019

VICKI PARKERDirector of Digital Content

It’s been almost a year since the General Data Protection Regulation (GDPR) went into effect. As the most important change in data privacy regulation in 20 years, it has reshaped the way data is collected and handled across every sector. Now, organizations out of compliance face heavy fines. Authorities in 11 European economic area countries have issued administrative fines totaling 55,955,871. To be compliant, businesses must be careful from the earliest interactions with people, beginning with capturing leads.

What is GDPR-Compliant Lead Generation?

GDPR-compliant lead generation is gathering explicit consent to collect, process, and store pertinent user information prior to collecting the data and clearly stating how that data will be used.

So, what does this mean for businesses? Data is critical for every business, and perhaps no data is more important than that of current and potential customers. GDPR has a significant effect on lead generation, and it may not be in the ways you’d expect. There are numerous methods for capturing leads, and unfortunately, many of them need to be updated to be GDPR-compliant.

Not sure if your organization’s lead generation is GDPR-friendly? Here are best practices for compliant lead capture.

Best Practices for GDPR-Compliant Lead Generation

1. Limit Your Questions and Focus on Asking the Right Ones

According to GDPR, data must be used for limited, specifically stated purposes and used in a way that is adequate and relevant. This means that compliance is going to require significant forethought to ensure that the data you ask for is tied back to a specific and reasonable purpose.

Everything from website sign-up forms to lead generation at shows and expos have been affected. While many businesses have been updating websites and forms, they haven’t given shows and expos the same consideration. At shows and expos, businesses now have to ask participants very tailored questions. On the positive side, this can lead to higher quality leads and better conversions than simply asking to scan a badge.

2. Be Clear About Your Purpose and Get Explicit Consent

You must now clearly explain the reason for processing data and share this information in an easy and succinct way. Always have an active-consent checkbox, a link to your Privacy Policy, and a description of how the personal data collected will be used. For example, in the past, you could have a form with a pre-checked checkbox, automatically signing a user up for a newsletter. However, this doesn’t comply with new European regulations.

3. Store Consent in a Way that Supports Easy Audits for as Long as Necessary

Proof of GDPR compliance is critical if your organization is audited. Proactively organizing that data will save significant time, and could help prevent fines.

4. Cover All Your Bases, Including Contractors

If you’re working with a third party (e.g., agency or automation platform) who will be collecting leads for you, you’re still responsible for ensuring GDPR compliance related to those leads and their data. Make sure to work with a reputable and ethical agency. Requesting that the agency signs a “Data Processor Addendum” affirms the agency’s commitment to protecting data in a GDPR-compliant manner.

Finding Success with GDPR Compliance

Even though GDPR has been in effect for almost a year, many organizations still find GDPR compliance confusing. Working with a reliable partner can add clarity to the process and help relieve internal pressure. An agency can also be an easy way to have a compliant lead-generation process. One of the main purposes of GDPR is to empower people to make better and more informed decisions when handing over private information. Keeping that in mind helps clarify the best way to move ahead. Remember, GDPR-compliant lead generation comes down to this: Get explicit consent from users prior to tracking them and collecting their data, and be transparent about how the data will be used.


1 https://eugdpr.org/
2 https://securityboulevard.com/2019/10/gdpr-one-year-on-lessons-learned/
3 https://eugdpr.org/
4 https://www.expostars.com/exhibiting-success-tips/gdpr-exhibition-lead-generation

E-commerce Offerings

Download PDF

Sign up for our eNewsletter

Don’t worry. We hate spam, too. Sign up for our quarterly
newsletter packed with market updates and research insights.