September 5, 2018

How to counteract & comply with GDPR on your website – a Facebook case study


Are you getting traffic from anywhere in Europe to your website? If you do, you must be GDPR compliant!

What is GDPR (General Data Protection Regulation)?

To put it simply, GDPR is a new set of rules designed to give European citizens more control over who collects their personal data.

Basically, in today’s digital world, almost every aspect of our lives revolves around data. From social media companies to banks, governments, digital services & even our mobile phones — almost every service we use today involves the collection and analysis of our precious data. Our names, IDs and social security numbers are analyzed and, perhaps most importantly, stored by different companies and brands.

Those who aren’t GDPR-compliant may face some hefty fines, not to mention the damage that may be caused to the reputation and branding of businesses that fail to comply with these regulations.

From a consumer point of view, this is actually a very good thing, as our personal data will be more protected from now on while browsing and interacting with different brands on the web.

Case Study – Optimizing for conversion on Facebook

One of yellowHEAD’s partners – a world class brand and one of the biggest companies in the world – has faced the implications of these new regulations and had to react almost immediately in order not lose momentum.

The partner’s campaign was subscription-based, and yellowHEAD’s goal was to generate quality traffic (user acquisition) from Facebook directly to the partner’s website, where the user could choose from different packages to purchase a subscription to a popular product for a low monthly fee.

Initial results were great. The yellowHEAD team managed to get the conversation rate and CPA (Cost per Acquisition) very close to the partner’s target cost. Engagement on the ads (Likes, Shares & Comments) was great and everything looked promising from the start.

It’s important to note that our Facebook ad campaigns were optimized for conversion. In order for conversion campaigns to be optimized by Facebook’s algorithm and find the best possible audience, we need to implement a pixel inside the website or landing page to which we send the traffic. The Facebook pixel is actually a piece of code that sends data on each user back to Facebook, thus allowing Facebook to find the best group of users for the desired action we want them to take, which was a purchase in this case.

What happened when GDPR entered the picture?

On the 25th of May, the GDPR deadline was due and our partner had to remove the Facebook pixel, as they didn’t have any consent banners allowing users to give their consent before tracking them. The immediate result of removing the pixel was high CPAs, since without the pixel, the campaign could not be optimized and the quality of the traffic was relatively low.

After carefully examining the available options to counteract the implications of the GDPR, the partner decided to test four different consent banners:

  1. Banner that appears on a large part of the screen; users cannot proceed to the website without giving their consent
  2. The same banner as #1, only here users can opt out of the banner and continue browsing without giving consent
  3. Small banner that appears on the bottom of the screen
  4. Small banner that appears in the middle of the screen

After testing the different banners, we noticed that the first banner (#1) was generating the best conversion rates on the consent => Around 65-70% of the users gave their consent. On banners #2, #3 & #4, we had a conversion rate that ranged between 30-45%.

This allowed us to re-optimize the campaign & achieve low CPAs once again.

What can we take away from this?

This case study emphasizes the importance of the following:

  • The implementation of the Facebook pixel is critical in order to get results when going with conversion campaigns. The pixel allows Facebook to optimize for the best possible audiences that will convert for the desired goal (Purchase, Subscription, Newsletter sign-ups, etc.)
  • Although GDPR complicates things a bit, it’s actually a very good thing:
    • From a consumer point of view, we get more control of our personal data and we get to choose who sees it.
    • From a business point of view, GDPR will enforce companies to invest more on building trust with their customers and followers. The more we as users will feel comfortable with the businesses we interact with online, the more we will feel open to sharing our personal data with them.

Whether you’re a small or big business, as long as you have an online asset such as a website or blog, or you sell your products and services online, make sure you make the necessary changes in order to be GDPR-compliant. Invest in your customers and followers and make them feel confident regarding the data they share with you. This will benefit both sides (Business & Consumer) in the long run.

That’s it for our GDPR case study! Stay tuned for other case studies in the future revolving around the implications of the GDPR and the implementations of this regulation by different brands around the world.

Let's talk Marketing
Get in touch!