LinkedIn lead gen forms are a popular way for businesses to generate leads and build their contact lists. However, there has been some uncertainty around whether these forms comply with the EU’s General Data Protection Regulation (GDPR).
What are LinkedIn lead gen forms?
LinkedIn lead gen forms allow businesses to add a contact form to their LinkedIn Company Page. Site visitors can then fill in their details to download content like ebooks, whitepapers, and webinars. This provides the business with leads to follow up with.
The forms are highly customizable and can collect information like name, job title, company, email address, phone number and more. Businesses can then export these leads to use in their marketing and sales processes.
How do LinkedIn lead gen forms work?
Here is a quick overview of how LinkedIn lead gen forms work:
- Businesses create a LinkedIn lead gen form and embed it on their Company Page
- The form is connected to a gated content offer like an ebook
- Site visitors fill in their details to access the gated content
- Visitors details are exported as leads into the business’s LinkedIn Campaign Manager
- The business can then download the leads as CSV files to use in their CRM or marketing platform
So in summary, the lead gen forms provide an easy way for businesses to collect visitor data in exchange for gated content.
What are the GDPR requirements for lead gen forms?
The GDPR puts strict requirements on how personal data can be collected, stored and used. Here are some key requirements under the regulation that apply to lead gen forms:
- Consent – You must obtain clear, affirmative consent to collect and process visitor data.
- Transparency – You must be transparent about what data you are collecting and why.
- Purpose limitation – Data can only be collected for specified purposes.
- Data minimization – You should only collect the minimum amount of data needed.
- Accuracy – Data must be kept updated and accurate.
- Storage limits – You cannot store data longer than needed.
- Security – Appropriate security measures must be taken.
- Rights of access – Visitors have the right to access their data.
- Right to erasure – Visitors can request their data be deleted.
These requirements mean consent and transparency around data collection are critical. Businesses also need robust policies and processes to manage data properly under the regulation.
Are LinkedIn lead gen forms GDPR compliant?
The good news is that LinkedIn has designed their embedded lead gen forms to be compliant with GDPR requirements.
Here is how they achieve compliance:
- Consent – Users must actively check a consent box to submit their details.
- Transparency – LinkedIn provides notice about data collection and use.
- Purpose limitation – Data can only be used for defined purposes.
- Data minimization – Only necessary data fields are included by default.
- Accuracy – LinkedIn provides tools to manage consent preferences.
- Storage limits – Data is retained only as long as required.
- Security – LinkedIn uses encryption and other measures to protect data.
- Rights of access – Users can access their data through privacy tools.
- Right to erasure – LinkedIn enables users to delete their data.
Additionally, LinkedIn requires businesses to have their own GDPR compliant privacy policy and consent management processes in place. They also provide customers with information to help comply with regulations.
So in summary, LinkedIn lead gen forms are designed to enable compliance as long as businesses also implement appropriate data policies and consent procedures.
Tips for GDPR compliance with LinkedIn lead gen forms
Here are some tips for businesses to ensure their use of LinkedIn lead gen forms remains compliant with GDPR:
- Only collect necessary data fields on your forms.
- Avoid pre-checked consent boxes – use opt-in only.
- Be transparent and provide a privacy notice about data use.
- Regularly review and update your privacy policy.
- Allow users to access, edit or delete their data.
- Get consent before sending marketing communications.
- Have processes to handle data requests and erasure.
- Limit data access to only necessary personnel.
- Use secure storage and transfer mechanisms.
- Delete data that is no longer required.
GDPR considerations for LinkedIn lead gen form data
Once you have collected lead gen form data, there are also some key GDPR considerations around how you store, use and process that data:
- Only use data for purposes stated in consent and privacy policy
- Take care when sharing data with third parties like your CRM
- Store data securely with access controls
- Have retention policies to delete old data
- Keep data updated and accurate
- Allow users to access, edit or delete their data
- Get additional consent for marketing activities
- Remove data if user withdraws consent
- Have protocols in place to handle data requests
- Conduct regular GDPR audits on your data and processes
Following these tips will help ensure ongoing GDPR compliance when working with leads from LinkedIn forms.
Can you get GDPR fines for non-compliant LinkedIn lead gen forms?
Yes, companies can face GDPR fines and penalties if their use of LinkedIn lead gen forms is found to breach requirements. Fines can be up to 4% of global annual revenue or €20 million, whichever is higher.
Some potential areas of non-compliance include:
- Not having proper consent
- Failing to be transparent about data use
- Using data for other purposes
- Storing data longer than required
- Poor data security
- Not allowing user access to data
- Not having processes to manage data requests
- Sharing data irresponsibly with third parties
Fines can apply to both the business using the lead gen forms and to LinkedIn as the data processor. However, as noted earlier, LinkedIn takes steps to enable compliance, so responsibility often falls to the business.
It is critical that companies ensure proper consent, transparency and data management to avoid non-compliance risks.
Examples of GDPR enforcement around lead gen forms
There have been some high profile GDPR enforcements focused on non-compliant data collection and lead generation practices:
- Data company Globus was fined €2.5 million euros for pre-checked consent boxes on their website lead capture forms which did not meet GDPR standards.
- Portuguese sports club Belenenses was fined €52,000 euros for not having consent to send marketing texts to fans who had signed up via their website contact form.
- Bpost Belgium was fined €48,000 euros for not recording consent to collect and retain personal data of competition entrants who completed an online form.
These cases highlight the need for affirmative opt-in consent when using forms to generate leads. Fines can quickly accumulate if regulators deem consent was not valid or compliant.
Maintaining GDPR compliance with LinkedIn lead gen forms
Here are some ongoing practices businesses should adopt to maintain GDPR compliance with their LinkedIn lead gen activity:
- Regularly review consent practices and privacy notices to keep them up to date.
- Monitor legal developments and update compliance practices accordingly.
- Test form functionality regularly to ensure proper consent capture.
- Audit data retention periods and delete outdated data.
- Stay up to date with LinkedIn product changes that may impact compliance.
- Have defined processes to handle individual rights requests.
- Train staff on GDPR responsibilities when handling lead data.
- Update compliance documentation like DPIAs and policies.
- Use tools to monitor compliance across data collection channels.
- Stay aware of enforcement trends and fines in your industry.
Keeping compliance practices current is essential as regulations and best practices evolve. Regular reviews and audits will help spot any areas of non-compliance to address.
Conclusion
LinkedIn has designed their embedded lead gen forms to enable GDPR compliance from a data collection standpoint. However, businesses must also implement appropriate consent, transparency and data handling measures.
Monitoring regulations, getting consent, having data policies, limiting data use, and enabling user rights are key to staying compliant. With proper practices, LinkedIn lead gen forms can provide a useful source of compliant leads.
But businesses must take care to remain compliant across the entire data lifecycle. Fines and reputational damage from non-compliance could be very costly. Staying current with regulations, auditing processes and training staff are essential to leverage LinkedIn lead gen successfully and safely.