The EU General Data Protection Regulation (GDPR) has been controversial and distracting for marketers in the UK, even before it came into force in May of this year. But could it also be an opportunity? And is there a more positive way to approach our marketing strategies under it, especially when running webinars?
Webinars represent a unique way to engage with your audience, and for many businesses this allows a different approach to be used when meeting GDPR requirements.
Within the GDPR guidelines, there are numerous valid lawful basises under which we’re allowed to process data (basically the regulation lays out the permitted instances in which businesses are allowed to collect and use contact data). However, in the world of webinars - particularly B2B - there are two main reasons we see our customers use consistently:
In this piece (as well as in our recent webinar) I want to outline why we can use legitimate interest when both running webinars and sending post-webinar marketing communications, and how consent can be used to expand your communications remit.
The Information Commissioner's summary of when each of these reasons are appropriate is:
“You can rely on legitimate interests for marketing activities if you can show the way you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object to what you are doing – but only if you don’t need consent under PECR.
You also need to do more work to be transparent when you are relying on legitimate interests. You need to clearly explain in your privacy policy what the legitimate interests of the processing are.”
“Consent is appropriate if you can offer people real choice and control over how you use their data, and want to build their trust and engagement. But if you cannot offer a genuine choice, consent is not appropriate. If you would still process the personal data without consent, asking for consent is misleading and inherently unfair.
If you make consent a precondition of a service, it is unlikely to be the most appropriate lawful basis.”
For your specific organisation other reasons for collecting data may apply, but for our purposes we only want to share the areas in which we have real, tangible experience.
Please note: we are a webinar platform provider and cannot advise you legally. The purpose of this blog is to share the practices we see used and to point you to what could be the right GDPR footing for your organisation’s webinar program. Only you will know the specific nuances of your business and therefore if this advice is appropriate.
Most webinars are run for business-to-business (B2B) communication and marketing. Therefore, the intended audience at the webinar is an employee of a business who wishes to gain industry knowledge and have the opportunity to interact with subject matter experts.
Let’s take look at this registration page. It clearly expresses the subject area that will be explored and what the knowledge that will be gained by attending the webinar. It’s also clear from that this is a B2B event.
Again, every webinar is different but, in general, most will meet these criteria. This is important because businesses and marketing teams run webinars in some part to generate leads or at least stimulate leads. Being able to follow-up with additional emails after the webinar will likely also be a key goal.
Let’s run this test on a typical webinar scenario.
Given this decision making process, legitimate interest does seem like an appropriate basis for data collection and communication. So, generally speaking, businesses that run webinars for their own communication and marketing purposes (this includes running B2B webinars and providing follow-up and future email and text marketing on relevant subject matter) use legitimate interest appropriately.
This chart from the ICO backs up these assumptions.
The full ICO Legitimate Interest information can be found here.
Make sure you pay particular attention to the checklist and ensure that it’s appropriate for your business needs. A couple of points to note from this document are:
It’s important to make sure your rationale for using legitimate interest is documented and updated for every webinar you run. If you subsequently use the data gathered from webinars, then add a reference to this and outline what rationale you are applying.
For example, if I run a webinar about apple production, then have a sale of apple harvesting equipment, I can reason that the attendee is interested in apple production and they would reasonably expect me to share further information about apple production.
However, if I diversified into orange production, then I would have to consider the rationale carefully and identify that a legitimate interest in fruit production is appropriate. Again, probably OK if you clearly document your thinking and the justification that may be reasonable.
One additional area we see relates to post event email marketing by ‘sponsors’. I won’t go into too much detail here, as it is very specific to the type of customer. However, we do see regular use of legitimate interest where a sponsor is also a speaker. The reasoning for this is that the attendee registered to hear to the speaker talk about a subject/product. Therefore, it’s appropriate to use B2B email marketing from the speaker’s company where it relates to the product discussed in the webinar.
The legitimate interest can be for a business (you) or for a 3rd party (the speakers company) if all the other criteria are also met.
We often see consent used in conjunction with legitimate interest. For example, legitimate interest may apply for the reasons above, but the organisation is large and has many products across a broad spectrum of subjects or business areas about which you would like to communicate to your contacts. In this case, a number of opt-in consent questions would generally need to be added to the registration form. So if you want to market your amazing carrot production techniques to the attendees at the apple webinar, you may need to get consent.
Consent is also important if your business wants to share the data with a 3rd party who may not be directly involved in the webinar. You shouldn’t do this without clearly and easily allowing your contacts to consent.
The great thing is, consent questions can be added easily to most webinar platforms (but remember, these should not be a requirement to attend the webinar and should, by default, be unchecked).
If your webinars are not focused on B2B then consent is also probably the most appropriate option. We see some use of consent questions on consumer related subjects, where the webinars are generally information sharing events. Here, consent is given by almost 100% of attendees.
They want to attend the webinar because of their personal interest in the subject. For this same reason, we can conclude that they want additional information that could be provided on similar subjects.
While legitimate interest is an appropriate lawful basises for communication for many B2B webinars, relying on it still comes with responsibilities for your organisation. Make sure you review the information commissioner's information fully (see references below) and understand your business’ use of the data.
You should also ensure you use a webinar provider (the processor) that does not use registrant data in any way other than to help the registrant access the webinar.
I’d recommend reviewing the information commissioners checklist fully. These points below are are those that I consider critical:
Finally, most webinar attendees see webinars as a ‘fair’ form of communication. It’s a way for them to engage in a subject or product discussion without being heavily sold to. The best webinars avoid the temptation to sell and instead try to inform the attendee - they get to decide whether to be passive or actively engage with the speakers.
This approach gets to the heart of GDPR. Letting the attendee drive their level of engagement is surely one of the goals of the GDPR legislation.
