On 25th May 2018, a new law comes into force that determines how organisations and businesses worldwide must treat the personal data of EU citizens.
The General Data Protection Regulation (GDPR) means businesses have to completely reassess how they handle and process people’s data, with a particular focus on three key areas:
- Consent – individuals need to give clear, explicit consent for businesses to contact them. This must be opt-in consent rather than opt-out. So you can say goodbye to the practice of buying contact lists, or burying a pre-ticked box subscribing to email updates within the small print.
- Purpose – businesses will need to be specific about why they need an individual’s personal data, and what for. It won’t be enough to say you need it ‘for marketing purposes’; businesses will need to provide greater clarity so individuals know what their data is being used for.
- The right to be forgotten – the GDPR legislation aims to give individuals greater control over their personal data. One way it does this is by giving individuals the right to be forgotten – requiring businesses to promptly delete people’s data when requested.
While we’ve seen companies put a lot of work into making sure their digital marketing and sales activities comply with the new legislation, events have been all but forgotten. So how can companies exhibiting at events ensure that they’re collecting leads – attendees’ personal data – in a way that complies with the GDPR?
We’re looking at three common processes for capturing leads at events, and assessing how each method complies with the GDPR – or where it falls short.
Paper forms can be easily customised so you’re only collecting the information you require from each attendee – though to cover every eventuality you could end up with a very long, complex form. You can also include an informative statement about what each person’s contact details will be used for, and an explicit opt-in statement for them to tick, in order to gather the necessary consent.
If you’re careful, and you spend a lot of time specifically designing paper lead capture forms to comply with GDPR and gather all the required opt-in consent required, then this method of lead capture at events may comply with the GDPR.
Verdict: Might comply with regulations – if you’re careful. 5/10.
Business cards in a fishbowl
If an attendee drops their business card in a bowl at your event stand, what exactly are their details going to be used for? Entry into a competition? Weekly marketing emails? A phone call from your sales team? It’s impossible for them to know, or for you to gather consent to cover every eventuality.
As a result, it’s hard to imagine how collecting people’s contact data via the common fishbowl method could be adapted to meet GDPR requirements.
Verdict: Extremely unlikely to comply with regulations. 2/10.
Badge scanners introduce lots of unknowns into your lead capture process. When using badge scanners to collect leads, you’re relying on the event organiser to have collected the relevant consent from attendees. How do you know that the person whose badge you are scanning has expressly given consent for your company to contact them – and what type of follow-up communication they’ve consented to?
You could use a badge scanner in conjunction with a paper form, to gather that explicit, opt-in consent – but that just adds more complexity for your events team to deal with when they’re already busy staffing your show booth.
Verdict: Might comply – but not worth the risk. 4/10.
A better solution for event lead capture
So far we’ve only looked at the ‘traditional’ methods of collecting leads at events. It’s natural that these are unlikely to comply with GDPR – because they were never designed to, so there’s a lot of work to be done to try and adapt these methods to the new regulations.
Instead, an event lead management solution may be the best option for achieving compliance with GDPR. For example, using Integrate’s Event Lead Management solution.
- Collect specific, opt-in consent for you to contact this person after the event.
- Tailor your lead capture forms so you ask the right questions to the right people, and you avoid collecting unnecessary data.
- Send an immediate follow-up email specifying how and where you collected their details, and reminding them what you will use their contact data for.
- Only store people’s data digitally, rather than taking business cards or paper records – so if someone requests the removal of their data you can delete the record and be sure you don’t have their details elsewhere, easily complying with the right to be forgotten.
It may be tempting to assume that your existing processes for capturing leads at events will comply with the new regulations, but this may not be the case. To avoid falling foul of the GDPR (and the hefty fines that come with it), take the time to objectively assess your lead capture process and understand what you need to do to comply with GDPR when exhibiting and collecting leads at events.