Big changes are on the horizon regarding B2B data compliance regulations. And 2024 is the year in which B2B companies need to continue to uphold high standards and provide the best possible services for their customers.
If you’re looking for tips to refresh your memory, we’ve got you covered. Keep scrolling 👇 to hear from Delfina Vallve, Cognism’s Head of Security & Compliance. Or get globally compliant B2B data lists now.
The General Data Protection Regulation, or GDPR, came into force in May 2018 across the whole of the EU and EEA.
The GDPR aims to:
GDPR rules around processing personal data do apply to B2B companies. But they can still carry out marketing activities such as cold calls or emails if they have a lawful basis (e.g., legitimate interest) and comply with applicable requirements.
Penalties for not adhering to the GDPR are severe, with the maximum fine being €20 million or 4% of annual worldwide turnover for the preceding year - whichever is greater.
The California Consumer Privacy Act, or CCPA, came into effect in the US state of California in 2018. It applies to any for-profit entity doing business in California that meets one of the following:
The law also applies to any entity that either:
The CCPA is similar to the GDPR in that it requires companies to identify all personal information they hold on their customers and how they sourced that information.
It also stipulates that companies must:
B2B marketing activity is covered by the CCPA, although B2B companies did not have to comply with some parts of the act until 2021.
The maximum penalty granted under the CCPA is $7,500 per violation if the violation is found to be intentional.
The CPRA (California Privacy Rights Act) is a ballot initiative that amends the CCPA. It includes extra privacy protections for consumers and established the California Privacy Protection Agency, a government body with powers to enforce the law.
The CPRA came into force on 1st January 2023.
Currently, no federal data privacy law exists in the United States.
But this could soon change if the push for greater privacy protection continues.
The American Data and Privacy Protection Act (ADPPA) could become the first federal data privacy law that protects individual privacy rights.
Several other states have joined California in creating their own privacy acts. These include:
There are currently 19 other states that have bills that offer varying levels of data protection, all at different stages of development. This is a good indicator that data privacy and compliance will be an industry that continues to grow and develop in the USA in the coming years.
Alongside the EU and USA’s rules on data protection, Brazil has added its own General Protection Data Protection Law (LGPD).
Like the GDPR and CCPA, the LGPD restricts the use, processing, collection and storage of personal data. It applies to data gathered physically and electronically across all industries within the Brazilian economy.
To enforce these new rules, the country has created the Brazilian National Data Protection Agency.
Currently, LGPD doesn’t cover B2B marketing activity. But this could change in the future, so it’s vital to be aware and compliant.
More and more countries have started to legislate and tighten their rules regarding data protection. So companies must be ahead of the curve when it comes to compliance.
But how do you achieve this?
Working with technology that already ensures a high standard of compliance is a great place to start! Keep reading to learn how Cognism ensures B2B data compliance.
Delfina Vallve is the Head of Security & Compliance at Cognism. She gave us a run-down of how Cognism adheres to GDPR compliance.
“Cognism is a GDPR-compliant B2B lead generation tool, and we ensure that we have all necessary processes and mechanisms in place to collect, process and share the data with our clients in a compliant way.”
Cognism achieves this through methods that broadly include (and are not limited to):
The GDPR already puts a requirement on controllers and processors to notify individuals about how their data is collected and processed.
This has been part of the GDPR since its inception, but it came into sharp focus in 2021 after an enforcement action was taken against Experian (although the First-Tier Tribunal found in Experian’s favour during an appeal in early 2023).
Following the Experian enforcement action, and to ensure Cognism remained compliant, Cognism decided to notify its entire database.
Notification means that we inform data subjects that we have data on them, and our processing activities at the moment of collection of the data. This ensures that data subjects are aware of this and can easily exercise any of their rights.
Notifying individuals under Article 14 of the GDPR when the data is not collected directly from the individuals is key to ensuring you remain compliant. It prevents a breach of data protection laws and subsequent enforcement action by the supervisory authorities.
Cognism only provides B2B emails; we do not have any B2C emails in our database.
Cognism’s customers can be reassured that the emails on our database are B2B and within the bounds of the law.
Do Not Call (DNC) lists consist of individuals who do not wish to be contacted for marketing purposes. Each country usually has its own national Do Not Call list and its own process under which individuals can register their telephone number so that they cannot be contacted for marketing purposes.
The UK has the TPS and CTPS lists; Cognism screens against both of these. This is important to our customers because many enforcement actions have been taken against companies calling people listed on the TPS.
Cognism also screens against the following DNC lists outside the UK: USA, Germany, France, Australia, Canada, Spain, Portugal, Belgium, Sweden, and Croatia.
We are also constantly working to register in other Do Not Call lists around the world.
Fines for failing to ensure compliance are now common practice, with companies such as British Airways and Clearview AI being fined €20 million (in 2019 and 2022, respectively) for non-compliance.
What should companies take into account to ensure they remain compliant? Delfina explains:
“Companies need to make sure that they comply with any applicable data privacy and/or marketing regulations that might apply to them based on their processing activities.”
“This means that they must have appropriate mechanisms, analysis, and procedures in place to comply with data privacy and marketing obligations. This includes having an opt-out procedure, a privacy policy, lawful basis to process data, among others.”
“Companies need to analyse their processing activities and compliance processes to ensure that they can process their data for their intended purposes while upholding data subjects’ rights and interests.”
Delfina explains the benefits of choosing a GDPR-compliant data provider:
“Cognism provides its customers with GDPR-compliant data that has been lawfully collected and processed.”
“In addition, we screen our telephone database against more than ten Do Not Call registries around the world, and notify our database following GDPR requirements.”
“All of these measures give our customers the trust they need to work with us. They’re also reflected in our platform and functionalities, which makes it easy for customers to access compliant data.”
B2B data compliance is a complex topic, but here are the really important things you need to remember:
The contents of this article are for the purposes of general awareness only. They do not constitute legal or professional advice. The content may have changed since this article was published. Readers should take appropriate professional advice for their own particular circumstances.