The B2B Marketer’s Guide to the GDPR
What is GDPR and Why B2B Marketers Need to Care
Are you ready for the next chapter in data privacy regulation? The EU General Data Protection Regulation (GDPR) goes into effect May 25, 2018, and adds new requirements for organizations regarding the collection, storage, and administration of personal data for EU residents.
“Great,” you think, ”I’ll add that to my already too-long list of critical issues that I need to research so I can formulate a strategy to mitigate risk!”
SmartAcre® can help. Here are a few FAQs to help B2B marketers plan and prepare for GDPR. These FAQs, which include a strategy to begin addressing the new regulations, will help you determine the impact this will have on your 2018 lead and demand generation strategies. For more info, download our full GDPR compliance guide to learn the steps you need to take to be in line with the new regulations by May 25th.
NOTE: We admit we are not lawyers; but we have done a fair amount of research on the topic of GDPR for our clients. The purpose and intent of this article is informational in nature, and we encourage you to seek legal counsel for your business’ specific responsibility regarding this upcoming regulation.
GDPR B2B Marketing FAQs
Who is affected by GDPR?
It’s a pretty safe bet that YOU are. Any organization that collects data from residents of the European Union (whether knowingly or unknowingly) is affected. It is important to note that your organization does not need to be physically located in the EU.
What data does the GDPR cover?
The GDPR regulates the “processing” of personal data — including its collection, storage, and transfer. The general definition of personal data is extremely broad and includes any information related to identifying an individual.
What is changing from the current regulations?
- Affirmative content must be obtained in order to process data. You may not implicitly interpret opt-ins. *Read: No pre-checked checkboxes or ambiguous privacy policies.
- Residents have the right to data portability. If they ask for their data you must be able to furnish it.
- Residents have the right to be forgotten. Since 2014, EU residents have been able to ask Google to remove them from the database. Now, they can ask you, as a marketer, to do that same thing. This is different from a contact opting out/unsubscribing. When a contact unsubscribes, their data is kept in the database, but they are unable to be emailed. Under GDPR, the contact’s data must be deleted from the database altogether.
- Organizations must demonstrate compliance in very specific ways. These include documenting internal processes, assessing new technology to ensure compliance, hiring compliance officers, updating privacy policies to reflect compliance, and dutifully reporting breaches.
What does this mean for me?
It means you can only send emails to people who have “freely given specific, informed, and unambiguous” consent to be marketed to by you. List buyers: let that sink in. While this isn’t new ground, the specific requirements for marketers are much more precise.
For instance, you must inform subscribers about the purposes of collecting personal data, and you need to clearly document when and how you obtained consent from your subscriber. Practically speaking, that means every data collection form needs to be updated to be compliant and, moving forward, you must have a double opt-in process. If you fail to meet these new requirements, you could be fined up to €20 million or four percent of your company’s annual revenue (whichever is greater).
Is this going to impact my lead generation funnel?
Definitely. You should expect list growth to slow and administrative complexity to increase. However, there are smart things you can do (let’s talk) to maintain the contacts you have and to use the double-opt-in as an opportunity to generate higher quality leads.
Your Guide to GDPR Compliance
Since it likely isn’t practical to stop doing business with the EU, there are options to comply, maintain your EU contacts, and continue running a lead and demand generation machine. To start, you can adjust your data collection process to meet affirmative opt-in requirements ASAP and begin a permission-based email campaign to make legacy data compliant. You may elect to do this universally or to adapt your data collection processes to be regionally specific.
Download Our Full Free Guide to Building A GDPR Compliance Strategy Here!
To help, here are the four steps we recommend to help B2B marketers develop a strategy for GDPR compliance.
- Define a strategy: Work with a legal team and internal stakeholders to define risks, business impact, and legal next steps related to the GDPR and marketing activities. Recommend a process for demonstrating and documenting compliance, and ensure your internal stakeholders understand, adopt, and commit to the new procedures.
- Audit and plan: It is important to audit your current privacy-related marketing and sales activities, looking at the overall process and gaps in compliance. Be sure to assess the current range of data intake from marketing activities and the technology used to store and monitor contact records. For example, are you collecting leads at events? From other list imports? Based on these gaps, outline and plan to determine the highest priority changes to both your process and your technology.
- Implement: At the minimum, create a double opt-in process and run a permissions campaign prior to May 25, 2018.
- Document and adopt: Keep in mind that you will need demonstrable proof of compliance under GDPR. It is important to ensure compliance internally through training, procedure documentation, training, and audits. Security and legal teams should be involved in this long-term process.
These four steps will require internal buy-in, marketing legwork, and long-term compliance. However, by breaking down the big challenge of GDPR into these phases, you will have the framework for a successful plan.
More GDPR Information
We’ve compiled a short list of links to help you further understand how the industry is adapting and preparing for this change. Heavyweights like Pardot, Salesforce, and Hubspot all have plenty to say on the topic and are working to update their systems to ensure you are implementing GDPR compliant campaigns. We’re here to help, too. SmartAcre is happy to provide specific strategy, tactics, and execution to aide your team. Comment and tell us your biggest GDPR challenges.
Industry Links