What specific personal data is typically involved in testimonials?
A testimonial may include personal data, such as the name of the person, a picture (e.g., a photo or video), and a description of the person’s job or company. Even the testimonial itself, which can be the speaker’s opinion or experience, is considered personal data and is covered by the GDPR.
How do you obtain valid consent from a person to use their testimonial?
Obtaining valid consent is the cornerstone of GDPR compliance for testimonials.
· The existence of a genuine alternative is necessary, and consent should remain separate from the provision of a service.
· The precise data collected should be disclosed along with the intended purpose.
· The individual should have a transparent understanding of their testimonial usage.
· The method by which consent is obtained should be characterized by a definite, positive action, as, for example, the signing of the document.
What should be included in a consent form for testimonials?
Without a doubt, the consent form must be a straightforward document that explains how the testimonial will be used. It should include:
· Data collected about the individual (e.g., name, photo, company).
· The reason for its use (e.g., on the website, in the promotional materials).
· The duration for which the material will be used.
· The process of setting out how an individual may revoke the consent given at any time.
How can individuals withdraw their consent, and what is your obligation once they do?
Individuals have the right to revoke their consent at any time. You should facilitate the withdrawal process as simply as giving consent, maybe through a straightforward email link or a form on your website. The use and display of feedback on published platforms is subject to change based on consent status. It is the “right to be forgotten” under the GDPR.
How do you handle testimonials from third-party review sites?
Testimonials from sources such as Google Reviews or Trustpilot require a separate approach. While linking to a review may be allowed, you must not copy and paste the testimonial on your site without new consent. The application of data to a distinct purpose requires acquiring further authorization, regardless of its public accessibility on another site. Search the terms of service of the third-party platform and get unique consent from the individual to use their testimonial on your platforms.
What are the consequences of non-compliance?
GDPR compliance is associated with specific business outcomes. Observing the regulation reduces potential fines of up to €20 million or 4% of annual global turnover, and there may be a relationship with reputation and customer trust. Compliance reflects certain operational aspects like responsibility, transparency, and data handling, which could relate to credibility and market position.
Pros and Cons of using testimonials under GDPR
| + | – |
| May foster trust and credibility with customers. | Requires a formal consent process. |
| Social proof is utilized as a marketing tool. | The process can involve administrative steps. |
| It has the potential to affect conversion rates and sales figures. | Fines are a financial consideration related to instances of non-compliance. |
| Delivers customer feedback to new customers. | A defined process for withdrawal is required. |
Conclusão
Utilizing testimonials as a business tool may align with GDPR requirements, but valid consent should be the primary goal of your work, along with complete transparency and clear procedures for consent withdrawal. This process intends to mitigate legal vulnerabilities and has the potential to influence customer trust perceptions. Furthermore, marketing efforts may see changes in effectiveness and perceived ethical standards.
