GDPR Advice for B2B

What GDPR Means For Your B2B Business

Joe Barron GDPR Compliance, Marketing

General Data Protection Regulation (GDPR) is almost upon us. May 25th is when the new regulation takes effect, and the clock is ticking.

But do you know what GDPR means for your business, and your B2B marketing?

What GDPR is All About

GDPR has been designed to protect the personal data of EU citizens. Any data that can be used to identify individuals is included. This ranges from postal addresses to corporate email addresses, with web cookies and IP addresses in between. The new regulations seek to give people better control over their personal data, and to ask companies to take greater responsibility over its use, management and storage.

Key Ways to Get Ready for GDPR for any Businesss

Under GDPR, the onus will be on organisations to show that they have put adequate measures in place to make sure the data they hold is secure. All companies will need to take some basic steps:

Step 1: Data Management

The rules have been less than clear about how B2B marketing should be carried out under the new regulations. The waters have been muddied further because of the review of the Privacy and Electronic Communications Regulations, or PECR. Our advice? Seek to put in place good practice wherever you can, and demonstrate due process. This is likely to involve a range of actions:

    • Audit your data, so you know what you hold, and where.
      Think about integrating your data to one central CRM. This makes it easier to manage and keep up to date.
    • Document the processes, policies and guidelines you use for storing, managing and processing data.
    • Establish clear conditions for using your data. This might be opt-in consent, or it might mean applying one of the ‘legitimate interests’. Use the three standard questions. Are you pursuing a legitimate interest, or purpose? Is the data use necessary to achieve that purpose? And do the individual’s interests override the legitimate interest?
    • The Information Commissioner’s Office provides more detail on these questions.
    • Keep clear audit trails of all decisions relating to your data processing.

Step 2: Training

A major part of the process is ensuring all your staff know about the regulations, and what they mean. Senior leaders should be briefed on GDPR, and champion transparent data processing throughout the organisation. A positive, open culture is essential.

Provide training for anyone who deals with data, at whatever point in its lifecycle. Make sure all staff know who to go to ask questions about GDPR, and run regular awareness-raising sessions. And make policies, processes, and guidelines available and accessible.

Step 3: Communications

As well as training your staff, you need tell your clients and customers about the steps you have taken. Be sure to let people know – in your privacy statements and other notifications – why you're using their data. If they’ve opted in, let them know when. If you’re using a legitimate interest, explain what those interests are and why you are using them. Review all your public-facing documentation and make sure they’re transparent about your approach to GDPR.

Why You Should Worry About GDPR

The penalties related to GDPR are much greater than for previous data protection regulations. Depending on the infringement, the upper limits for fines will be up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher. But, rather than focus on the negative, think instead about how your company might gain advantage from the new regulations. Think about the benefits that having a complete, integrated picture of your customers and clients could bring.

The GDPR Guidelines for B2B Marketers

The rules for B2B and B2C are very different, with the latter being a much more extensive rule set. As well as this, the rules are not the same when marketing to different organizations. Since the target audience of most B2B companies are employees of corporations, LLCs, LLPs, and governments, we will focus on these rules.

Keep in mind, the rules for GDPR are not official yet - as of right now we only have general guidelines.

Implied Marketing Consent

The most basic guideline of GDPR is that when sending an email or any text, regardless of channel, the content must be relevant to the recipients’ job role.

By servicing the legitimate interests of a target audience, marketers have implied consent and can utilize a 'soft opt-in'.

GDPR Compliant 'Soft Opt-in'

The term ‘soft opt-in’ is usually used describes a rule about existing customers. The idea is that if an individual bought something from you recently, gave you their details, or did not opt out of marketing messages, they are probably willing to accept to marketing and sales messages from you. The soft opt-in rule means you may be able to email or text your own customers, but it does not apply to B2C or non-commercial promotions (eg charity fundraising or political campaigning).

However, you must have given them a clear chance to opt-out. Both when you first collected their details, and in every message you send.

The soft opt-in rule means you may be able to email or text your own customers, but it does not apply to B2C or non-commercial promotions (eg charity fundraising or political campaigning).

To be compliant markets still need to follow some rules:

    • Your company gives the contact an opportunity to opt-out when you receive their contact information.

  • You give the contact the opportunity to opt-out when you send them subsequent messages.

Examples Soft opt-in notices:

    • Oral Opt-in - Spoken communication from a client that indicates they would like to stop receiving calls. It’s a good idea to document this for your records.

  • Email Opt-in - Providing a clearly indicated link that clients can click to unsubscribe, or to simply reply to your message asking for removal. Be sure to include a link to your company’s privacy policy to be Data Protection Act compliant.

Record of Consent

B2B marketers must keep a record of when a prospect has opted-in to materials, whether that is for future marketing or sales messages, or general contact from the company.

The Information Commissioner’s Office provides more detail on these questions.

[ link: ]

How Cognism Helps B2B Companies Handle GDPR

Cognism is not only an extensive data set of over 400M business professionals, it is also a full suite of tools for improving your marketing and sales practices.

Cognism has partnered with top law firm Sheridan to build a sales and marketing data compliance engine to address B2B guidelines of GDPR. Data is maintained for accuracy, retention, and consent allowing our users to have compliant outreach and data management.