The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union, it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation is into effect since May 25, 2018.
Since the law took effect, all companies operating in Europe need clearly granted permission before they can collect, save, and use data regarding personal information. If sales and marketing do not take action, but rather wait, the risk of degradation becomes enormous. Learn all about it in this practical guide to the GDPR!
The GDPR regulation recognizes different roles in dealing with data, the so-called ‘data processors’ and ‘data controllers’. As a marketer, your position is within at least one of these roles, and possibly even both. Whatever systems and processes you use to approach your leads; your database, CRM, email software or newly acquired marketing automation platform, they all fall under the privacy regulation. This means that you must have your business and contacts in order.
Some key principles of the GDPR to keep in mind during the implementation of your B2B marketing strategy and activities:
1. Everything starts with mapping your database; who is in there, what do we know of them exactly? Are they active or ‘asleep’? And does the current given permission suffice? This audit clarifies how much your data is worth in the light of the regulation and what opportunities there are. Are the contacts in your database really (potential) buyers?
2. Map who delivers leads and how they do that currently. Do your sales colleagues add names and information to the database themselves? Are you buying lists with contact information? Determine starting points per lead generation channel and take the lead. Try to make sure that you as a company gather and save as much data as possible. This makes you less dependent on external processes.
3. Critically review your current ‘customer processes’ regarding the regulation. Do the given opt-ins suffice? And where do you save this information? Preferably, you keep everything at one central spot, in one system. In addition, make sure you can track the given opt-ins and undertake action when you need to renew it.
4. Actively share and gather knowledge within your own organisation. What do your Sales colleagues know of the new regulation? What do your colleagues from Customer Service, Operations, and other departments know? A good plan is starting with the departments that have direct customer contact. They can help you sharpen your processes in order to meet the new rules in a smart manner. Test these processes with Legal when no clear guidelines are available.
5. Together with your team or an external party, create an action plan based on the audit results of your database, the lead generation channels you use, and the processes that you want to improve. For example, start with a campaign aimed at the ‘sleepers’ in your database. Activate and inspire them with your best performing (gated) content. Or test a new onboarding campaign on newly provided contacts.
In this practical guide, we are answering some of the most frequently asked questions in regards to the GDPR.
The specific rules for e-marketing and telephone marketing focuses on in the e-Privacy Regulation. The GDPR regulates general the rules for the use of personal information for direct marketing purposes. The definition direct marketing contains the name addressed print marketing. When personal information is processed for this type of direct marketing purposes, a right of objection must be offered at any time or an opt-out against the associated processing of personal information.
There are specific rules for sending commercial electronic communication and thus for sending an electronic newsletter. If these are sent to a so-called ‘current customer’, to offer an opt-out with the use of the e-mail address will suffice. It has to opt-out in every subsequent electronic message (so in every sent electronic newsletter).It is important to note that, the processing of personal information for direct marketing purposes (in combination with collecting personal information originating from an offline order and processing this information in a CRM-database) is subject to the criteria of the GDPR.
Based on the GDPR, the processing of personal information has to be able to be based on a foundation. Just like the Dutch Law for the protection of personal information (Wet bescherming persoonsgegevens). There are six possible foundations. The permission of the person involved is one of them.
Another one is the processing of information is necessary for the justified interest of the responsible person or a third person. Except when the privacy interests of the person involved (for example the customer) is more important.
The processing of personal information for direct marketing purposes can be based on the justified interest (as appears from the explanation of the GDPR). But an opt-out (or a right to object against the information processing) has to be offered. There is per se no need for permission for the use of personal information for direct marketing purposes.
Share this article
Subscribe to keep up with our latest B2B Marketing updates and exclusive events. Straight to your inbox, once a month.