How to write GDPR consent questionsBlogs
GDPR is very much here, but not everyone is quite ready yet. One of the major points of debate is over gaining consent. The regulations now require that any organisation wishing to collect and process (i.e. use) a persons information must have sound legal grounds to do so. In many cases, these legal grounds will simply be that the individual has requested a service, and certain elements of information are essential to this. But when this isnt the case, such as when it comes to marketing, consent must be acquired. Naturally this means that lots of businesses are now having to alter contact forms and similar pages on their websites. Where it used to be the case that a business could simply collect information from a form and use it however they wished, this is no longer the case. In this article, were going to go through a few of the main points to bear in mind when youre thinking about writing consent questions on contact forms, quote forms, or any other kind of page that collects information about an individual.
GDPR is very clear in wanting individuals to have control over their data, which means that you need to reflect this where possible. If there are several different things that you want consent for, then split them down where practical. Bundling options together could well fall foul of regulation, so dont do this. There does of course need to be some consideration for ease of use - using too many questions could well be off-putting and confusing, so use common sense. In general, its best to split things out into consent for your general terms and conditions for carrying out the requested service, and then consent for any additional types of processing that you want to carry out, such as marketing. You may also have different ways to contact the individual, such as through email, text or phone. Its good practice to allow the individual to choose from these options. If youre in doubt, then ask the question. This is the safest position to take.
Ensure the question has been read
You must be sure that the user has read and understood the question that youve asked of them, and decided whether or not to agree. The regulations are clearer than they used to be, and implied opt-in is now on very shaky grounds. You mustnt use automatically checked boxes - you need definitive proof going forward that the user actively opted into whatever data processing youve requested. Make sure that all boxes are unchecked and that the user has read the question in order to have given consent.
Explain the benefits
Getting consent isnt purely about staying on the right side of GDPR. Its also your opportunity to sell the benefits of collecting data. Explain why youd like consent to send marketing emails or other reasons for processing information. Will you be sending out exclusive offers or discount codes? What does the user get out of this? Will you be able to provide a better service with certain bits of information? You dont want to go overboard, but it really does help to give users a reason to check that box. Its also worth noting that you need to ensure that the user doesn't feel like they are obliged to give consent to get a good service.
GDPR training is available for those looking for more information about the regulations. Click here to be taken to the Virtual College course page on the subject.
Author: Fiona Sheen
Fiona is a Learning Technology Consultant with Virtual College and has over 20 years of experience in customer service and relationship management in various industries. A graduate from Aberdeen University, Fiona enjoys baking, reading and running in her spare time.