<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2091254041141547&amp;ev=PageView&amp;noscript=1">
GDPR | 7 min read

Law Firms: 5 Questions to Ask About Your Clients' Data

21 February 2018 Written by Alexander Costello

The new General Data Protection Regulation (GDPR) is reshaping how all businesses across the European Union gather, store and use people’s data to market themselves.


Due to the sensitive nature of the data gathered, the legal industry must be especially careful to ensure they are GDPR compliant. Despite this, to date, only 25% of UK law firms are ready for GDPR.


With this in mind we’ve crafted answers to some of the most commonly asked questions in relation to client data, alongside suggestions on what law firms can do to make sure they are GDPR-ready by 25th May 2018.


So, without further ado...


1. Why Do I Need Customer Data?

Knowing the challenges and needs of your target market should be at the heart of any marketing strategy. In busy firms though, legal professionals may feel they do not have the time required to fully learn about their potential clients challenges.


However, finding the time to learn about your potential customers is proven to transform your marketing and pay for itself, by developing more leads and increasing the conversion rate of leads into clients.


Imagine if every email you sent was tailored to the recipient’s specific legal interest, without having to write each of them individually. Or if you knew a lead was ready to buy before you called them. By gathering client data, the possibilities are endless.


In order to achieve this, the data you gather must be used in the right way. That’s where the inbound methodology – using information about your leads to provide them with valuable content – really comes into its own.


Inbound is something we’ll come onto in more detail a little later, but for now, let’s make sure you’re gathering and storing data correctly.


2. Do My Clients Know I Am Asking For Their Data?

Law firms deal with sensitive information on a day-to-day basis, and so ensuring clients are confident that their information will be used responsibly is key. This trust can be built from a potential client’s first interaction with your firm, by providing a transparent consent that details exactly what your firm plans to use their data for.


Often, knowing exactly how your details are used within a business is unclear. Under current rules how data is used can legitimately be buried in privacy policies or consent to data usage ‘assumed’ from other types of consent. All of this has damaged the trust between data holders and data subjects - something that has led to the new rules in GDPR as a response. 


Under GDPR, businesses will only be able to gather, store and use data from a person who has positively opted-in and provided consent. As a result, pre-ticked consent boxes that add people to a mailing list will be history.


Alongside this, GDPR requires firms to be more transparent about why they are gathering a subject’s data and how they intend to use it. If you intend to use the data to send promotional emails about your legal services, then this must be clear and obvious at the point of consent.


As a result, you may find that you require multiple consents from a data subject for each way you intend to use their data. Sounds like a pain? The silver lining is that if you use inbound marketing to obtain consent you can learn a little more about your potential new client each time, which will help you provide relevant content to nurture them from lead into customer.


3. How Do I Store My Clients’ Data?

Vital to any successful law firm, it goes without saying that client information must be kept strictly confidential.


This mantra should be applied to all of the data you collect, whether it be a sensitive piece of client information or the name of a new potential client.


Under GDPR, any breach of your data that risks a person’s rights or freedoms must be reported to the relevant supervisory authority. Therefore, being able to demonstrate responsible storage and handling of your subject’s data is vital to your defence should you be accused of non-compliance.


Secure storage requires auditing your data to identify how and where it is kept. If data is spread across your organisation, collect it in a single digital location and ensure it is only accessible by those who need it.


With all the additional, valuable data you’ll be learning about your potential clients from your new consent, you’ll need a structured storage system to find and update data easily. Secure storage is also vital to preventing cyber attacks, something a huge 44% of law firms say they have experienced in the last year.


While auditing, identify any data that was not gathered in a GDPR compliant manner, as you will have to request new consents to use this information come May 2018. You may find you are unable to gather new consents for all your contacts. This is once again not a problem. It’s an opportunity to streamline your contact database and help you focus on the viable leads.


GDPR also demands that firms provide clients and leads access to their data should it be asked for. These requests must be answered within one month and firms are no longer able to charge a fee, unless the request is deemed to be excessive, unreasonable or repetitive.


4. How Can I Gather More Client Data?

Now you know what you need to do to collect client data safely, it is time to consider strategies for gathering more of it. Inbound marketing is built around providing valuable content in return for subject data, creating a mutually beneficial relationship from the beginning.


As potential clients part with more data, your business learns more about them and is able to provide more targeted content, all while moving them along the path to becoming a client. With 97% of law firm websites not delivering any personalised content, embracing GDPR compliance and gathering high quality data is the key to getting ahead of your competition.


This idea of providing people with marketing that is valuable to them is at the heart of GDPR, so it is no wonder that inbound practices fit perfectly within the new regulation.


To gather data, inbound marketing uses a variety of tools, including:


  • Calls-to-Actions (CTAs); CTAs are the crucial link that moves people from simply visiting your website to sharing their information with your firm. Placing a CTA strategically, for example on a blog post, helps visitors find your next piece of valuable content. This is a simple way to get ahead of the competition, with research showing that 70% of law firms do not have a CTA on their homepage.
  • Landing Pages; landing pages are optimised web pages where you provide more information about the next valuable piece of content you are sharing with a lead – whether that be an eBook, consultation, or more – and request data in return via a form.
  • Personalised Emails; once you have gathered a lead’s contact information via a landing page, it is time to get in touch. Through inbound, emails are used to nurture a lead with further helpful information until they are ready to use your product or service.

Using these tools are just some of the ways inbound creates a clear path from stranger to client. And the best bit? Everything in inbound marketing is measurable, whether it be CTA clicks or the number of times an email was opened. This user data helps you learn more about your leads and shows you which parts of your marketing work and don’t work, allowing you to adapt and improve for the future. If you want to learn more about how inbound marketing can benefit your firm, book a free Marketing Assessment.


5. What Are the Common Mistakes to Avoid?

Collecting lead and client data is important, but even more important is how it is gathered. Which area of your site, or which service, triggers a lead to share their data tells you how to approach them in the future, so the first big mistake to avoid is…


Don’t skip the hard work and purchase user data

This may seem a quick and simple option, but contacting people out of the blue about legal services seems intrusive. Most likely your emails will be marked as spam or unsubscribed from, both of which will damage your ability to contact other clients in the future. Most importantly though, these people will not have consented to be contacted by you, and so you may be breaching GDPR.


Don’t ask for too much at once

How much data you request will depend on what you are providing them in return. If you are offering content of relatively low value, such as a short presentation, don’t expect potential clients to fill in a two-page form. On the other hand, for higher value offers such as eBooks and free consultations, ensure you are asking for more than just an email address.


Don’t forget to monitor your data

Just because a person has consented for you to use their data in the past, doesn’t mean they won’t withdraw that consent in the future. The right to withdraw your data is clearly defined under GDPR, and companies who contact people who have, for example, unsubscribed to email updates, can land themselves in hot water (as we saw with Flybe!).


In return for demanding stricter use of client data, GDPR opens the door for firms to enhance their marketing using tried and tested inbound methods.

Make sure your firm is completely up-to-date with everything you need in order to be GDPR compliant by 25th May 2018 with our free toolkit.


Share this page to Facebook Share this page to Instagram Share this page to LinkedIn Share this page to Twitter

Keep up to date with Digital Media Stream – Subscribe to our weekly blogs

Download the Guide