Unless you’ve been living under a rock, you’ve likely heard about the General Data Privacy Regulation (GDPR). As of May 25, 2018, your organization needs to be compliant with GDPR or you risk facing severe penalties. With the deadline looming closer, it’s important to educate yourselves on the GDPR and the effect it may have on your business. According to a study conducted by HubSpot, only 36% of marketers have heard of GDPR. Given the seriousness of GDPR and its looming deadline, that number should terrify most businesses.
The good news is, you still have time to take action to ensure you are GDPR compliant. In this blog, I will discuss the fundamentals of GDPR from a marketing perspective and what impact it will have on B2B marketing.
Please Note: This website is neither a magnum opus on EU data privacy nor legal advice for your company to use in complying with EU data privacy laws like the GDPR. This information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so please consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, don’t be nut! We recommend you seek legal advice on how to apply GDPR as well as other data privacy laws to your organization. The situations, services and other capabilities described here are not suitable for all situations and may have restricted availability.
What is GDPR?
For those of you who aren’t familiar with GDPR, it is a regulation in EU law on data protection and privacy for all individuals in the European Union. The new rules are pushing organizations to pseudonymize personally identifiable information prior to processing it, making it so that data can’t be attributed back to a particular person. This includes everything from an email address to an IP address photo.
Why do B2B marketers need to care about GDPR?
The main reason anyone, not just marketers, should care about the GDPR is because failure to comply will result in severe penalties, such as fines. These fines can be up to €20 million or 4% of global annual revenue (whichever is greater).
In addition, the GDPR will affect how you collect and store data. For marketers, data is the key to running successful campaigns. It helps identify web visitors and ensures you’re targeting the right people with the right content. Because the data marketers collect falls under personally identifiable information, you’ll need to consider changing how you collect and store your this data.
How will GDPR impact B2B email marketing?
Email is an essential tool for B2B marketers. But with the new regulations coming into effect, you’ll have to go about your email marketing in a different way. According to EU law, you can only collect freely given, specific, informed and unambiguous consent. In order to ensure your email marketing is compliant with the GDPR, you need:
- Track consent by lawful basis, consent to receive ‘xyz‘, notice of consent…
- Proof of consent storing systems, contact’s right to access personal data…
- Means of permanently deleting contacts (a.k.a. the right to be forgotten).
- Access to alter subscription preferences and unsubscribe from all communications.
You can also consider instating a double opt-in policy for every new EU contact, reconfirming enrollment into your contact list; at this time, this does not appear to be a GDPR requirement. This just means that individuals need to take an extra step before being added to your mailing list, such as confirming their email address before receiving any email communications from you or your organization.
How will GDPR impact B2B marketing lead generation?
The consent-based rules introduced by the GDPR add new challenges and complexities to lead generation. For example, lead scoring will require user consent as it is considered ‘user profiling’. You’ll also have to be able to delete any records accumulated without opting in, as well as remove all data from anyone who withdraws consent or requests their personal information to be deleted.
If you’re using a marketing automation platform, such as Pardot, Hubspot or Marketo, you’ll have to declare all data enhancements and have past data audited. You may also need to state the origin and the purpose if you are further enhancing data from a third-party source, according to Perkuto.
If you are processing European citizens data, bare in mind that anyone else processing your prospects data must be GDPR compliant, too.
GDPR is for EU Compliance – Why Should I Care?
You may be asking yourself why European compliance applies to you and why you should care, as many clients we work with are based in North America.
A common misconception with the GDPR is that this regulation won’t apply to you if you’re outside of Europe. Unfortunately, that isn’t the case. As long as you control or process the data of European citizens, the GDPR will apply to you regardless of if you’re based in Europe or not. That means if anyone from Europe so much as filling out a form on your website, you need to be GDPR compliant if you plan to continue to possess or use this personal data moving forward.
Alternatively, you can obliterate any EU contact data from your systems and not except any EU contacts moving forward, which is an opportunity cost that many organizations are considering given these changes.
The GDPR compliance legislation has been a hot topic all over European in recent years, the question of how it will impact North America remains, but if you plan to continue to collect, store and/or process data from EU citizens it is best to. I think we will begin to see the impact more and more over the next few months, so if you haven’t started taking the steps towards GDPR compliance – now is the time to do so!
As the deadline gets closer, feel free to reach out to me for more information on the GDPR in the comments section below.