No matter what you do, if you collect, store and use customer data, the General Data Protection Regulation (GDPR) will affect your business.
According to ITProPortal: “less than two-thirds of UK businesses are aware of the implications GDPR will have on their organisation.” This is a frightening statistic considering companies who fail to comply after May 25th could be subject to a fine of up to €20 million or 4% of their global turnover.
So how does exhibiting tie into the upcoming GDPR legislations? As you probably know, networking is the name of the trade show game: your lead generators collect prospects’ data so you can get more business and a better ROI from exhibiting.
Achieve the results you aspire to from your trade show while adhering to GDPR by using this guide to avoid any legal headaches.
GDPR in a Nutshell
As a replacement for the Data Protection Act 1998, GDPR is a retaliation against the misuse of personal data. Any organisation in the EU that collects or processes customer data is responsible for GDPR compliance after May 25th. Brexit negotiations will not stop these regulations coming into effect in the UK.
The last thing you probably want to do is give GDPR priority over other pressing business. But compliance is in everyone’s best interest. The Supervisory Authority’s (SA’s) goal is to help 750 million people across the EU understand how their personal data is being used. This will empower people to make better and more informed decisions when handing over private information.
Exhibiting Under New Data Regulations
Under the current Data Protection Act, it’s your responsibility to handle personal information appropriately. According to Gov.uk, data must be:
- Used for limited, specifically stated purposes
- Used in a way that is adequate, relevant and not excessive
- Accurate
- Kept for no longer than is absolutely necessary
- Handled according to people’s data protection rights
- Kept safe and secure
- Not transferred outside the European Economic Area without adequate protection
The GDPR proposes the same regulations but with an added layer of security. To collect data lawfully during your trade show in the EU, you must:
- Explain clearly the reason for processing data
- Inform the individual how long you can hold the data (according to the ICO this should be “ based on individual business needs”)
- Share this information in an easy and succinct way
The key change is that obtaining consent from the data subject is paramount for targeted marketing like email campaigns, e-newsletter sign-ups and personal offers.
When you consider the masses of data you can gather during a trade show, GDPR compliance might seem daunting. The good news: it’s simpler than you might think.
Consent for Compliance
How do you collect prospect data during an expo? Use of hand held scanners and the old line, “can I scan your badge” will no longer suffice. A well thought out lead generation strategy, that uses proactive engagement, attendee qualification, and gives compelling reasons for you to connect with the attendee after the exhibition is a must for GDPR compliance.
Using a customer relationship management system (CRM) is a popular choice: your booth team can capture relevant lead information and level of interest straight onto an iPad or Android tablet, saving time on scribbling notes on business cards or scraps of paper.
The major perk of using a CRM for lead generation is the ability to document consent. Certain CRMs can copy forms where consent was provided and add it to the contact’s records. As long as the document clearly shows the reason for data collection, when it was given and the context of consent, you can use this record as proof of GDPR compliance.
We recently partnered with Vivolead to give our clients an innovative GDPR compliant lead capture solution during their trade shows. With the ability to collect data through the Vivolead mobile app, you can minimise administration giving your team more time to engage with customers.
If you want to use the details gathered for another purpose, you’ll need further agreement. For example, a common reason for collecting customer data is for e-newsletter sign-ups. But if you decide to use the information for more targeted marketing – such as sending vouchers or offers which aren’t covered in the original opt-in – new permission is required.
If you don’t use a CRM, the minimum you can do is take a screen grab from when consent was provided and store it in an easily accessible place. Not sure what consent should look like? Let us explain.
Legitimate Opt-ins
Opt-ins usually appear as information with tick boxes at the end of a registration form. Each opt-in must point to the permission being requested, whether it’s to join a mailing list or receive regular updates about specific products or services.
If you’re gathering email addresses during a trade show, your sign-up method must have clear opt-ins to comply with GDPR for any unsolicited marketing.
There is one exception to this rule, however. If a prospect has given you written evidence of their interest in purchasing a product or service, this can be classed as a ‘soft opt-in’. In this case, you might not need their permission to send marketing material as long as you include who you are and provide a valid email address.
The ICO offers an example of a legitimate soft opt-in:
“A customer logs into a company’s website to browse its range of products. This is not enough to constitute negotiations. But if the customer completes an online enquiry form asking for more details about a product or range of products, this could be enough.”
But What About Business Cards?
Collecting business cards is commonplace when networking at a B2B trade show. But is gathering details in this way sufficient as consent to store and process said data? The short answer: no. When you can’t prove the context, time or source of data collection this isn’t compliant with GDPR’s rules.
What you can do is use the information on a business card to get in touch with someone as a ‘nice to meet you’ gesture. And if your goal is to turn your new contact into a lead, include your opt-ins at the bottom of the email as well as a link to your privacy policy.
Becoming GDPR compliant starts with understanding how these new regulations impact the way you generate leads. Now you know the necessary steps to lawfully collect and use customer data, start implementing these changes now to avoid serious penalties, so you can exhibit and follow-up those leads with ease.