As GDPR comes into action (and becomes fully enforceable) on 25th May, there’s no surprise it’s on our minds. The past few months have been paramount for us all, as companies re-evaluate their systems and processes to ensure GDPR compliance, and we’ve been doing exactly the same. At Lead Forensics, we see GDPR as a positive act, empowering businesses to have the slickest and safest B2B marketing systems, and we’ve done our due diligence in getting both our product and company happily compliant with GDPR (find out more here!).
The good news for B2B marketers lies in the knowledge that the changes we’ll see are fairly minimal, so we can happily say that the “impact” caused by the GDPR won’t be too impactful! Let’s quickly recap the major changes GDPR will have on B2B marketing (which I’m sure you’re already well versed with), then look into the impact these changes could have…
As B2B marketers, it’s great to know that the GDPR only applies to personal data - so anything relating purely to a business (business name, company landline, and generic “info @” email address) doesn’t need to be considered under GDPR regulations. However, any data pertaining to a specific individual, such as their name or email address (even business ones) do fall under GDPR, so you’ll need to look at all the data your marketing team process, and fish out the data considered “personal”. (Check the ICO website for more information on personal data.)
Once you know what data falls under the GDPR, you know where to focus your efforts in ensuring compliance. Don’t forget to document the process in which you assess your systems; record every detail about your data- how you get it, where you keep it, how long for, and most importantly- why it’s necessary for you to gather, process and store that data.
Changes to your process
The biggest change brought about by the GDPR for B2B marketers lies in the lawful basis behind processing personal data. As the rules surrounding consent become far more structured and stringent, B2B marketers need to decide whether consent is the best option for their department’s data processing. Some marketers may find that their process is still compliant under the new rules for consent, but others may turn to one of the other lawful basis for processing, of which (contrary to popular belief) there are six.
Many B2B marketers see “legitimate interests” as the lawful basis of processing best suited to their needs, whereby the processing of personal data is done on the grounds of the individual holding a legitimate interest in what you’re marketing, and your communications with that individual not compromising their rights, clearly outlined by the ICO. These legitimate interests include business interests, so the basis fits B2B marketing like a glove- however ensure you’ve completed and documented a Legitimate Interests Assessment (LIA) , so you’re positive your use of legitimate interests is the best option for your B2B marketing department.
What to expect
What’s the impact of all these changes? Here are a few things you can expect, and how to tackle them head on…
- Impact of process changes- The biggest change for B2B marketers under the new GDPR lies in the actual process - how you go about gathering, storing and using personal data. For many businesses, this means implementing new systems, and in B2B marketing, this means members of your team will need a change of mind-set. Naturally, this may take time for your team to adjust to, and you may see an impact on some KPIs that appear to bring performance down, but this impact will be short lived. The sooner your compliant systems are implemented, the sooner you’ll see them running to smooth perfection.
- Team morale- Though you may be a whiz with GDPR knowledge, there’s been a high amount of scare mongering surrounding the topic, so your team may be unsure or confused in their work, meaning moral could become low and negative. Take the time to prepare your team by talking them through GDPR and what it means for them. Aim for your whole team to be experts, and see that GDPR is there to educate and protect, not hinder and blame. This way, everyone will feel confident in their work and understanding of the changes implemented, and you’ll boost a positive moral around the month of May.
- Misinformed or concerned individuals- The ICO tells us that only 1 in 5 members of the public fully trust businesses with their data - this is a sad fact to face, and something we would all do well to change! With GDPR in circulation, individuals carry far more awareness of their rights and will be much more likely to call you out on the use of their data - which is a good thing! However, there has been a high amount of miscommunication around GDPR, mainly in the idea that “consent is the only way”- which it isn’t! Expect some backlash from your marketing efforts and be prepared to explain how your processes are compliant to the masses. Get your security notices in check and readily available, ensure your team know the individual’s rights and understand every inch of your company and its compliance. Do everything you can to put the public as ease with your marketing systems.
- Third parties– Many B2B marketing departments spend a huge amount of time and money working with third parties, which often involves the movement of data. Many think GDPR will put a full stop to this, and it will no longer be possible. This is not the case! Remember - GDPR doesn’t want to stop all marketing - it just wants us to do it fairly and safely. When working with third parties, you need to practice due diligence in checking their GDPR policy surrounding the data you’ll be working with. By law, they need their own privacy notices and lawful basis of processing, so check theirs is as compliant as yours and you’ve nothing to worry about!
IMPORTANT NOTE: Just a heads up on third parties!
When working under the GDPR with third parties, you need to identify yourself as the “controller” (who determines the purpose and means of processing data) or the “processor” (who is responsible for processing personal data on behalf of the controller)- more info here! If you’re the controller, then to be compliant you’re required to have a “contract of processing agreement” with the third party (who would be the “processor” in this situation). This is a contractual document between the two parties, outlining the responsibilities of each party and the use of personal data in alignment with GDPR compliance. It is very important you get these contracts right- as there is specific and vital information they must contain. The ICO has created this great guide to tell you everything you need to know about “contract of processing agreements”!
- Questions- This seems simple and obvious, but the amount of questions you’ll receive will impact you both internally and externally. This is where the data-protection officer comes in! It is the duty of every company under the new GDPR to know whether or not they need a data protection officer, which is determined by a mixture of variables from the activities carried out, to company function and size- see the ICO website for more details. Whether you need a DPO or not, we’d recommend having an appointment person as the voice of GDPR, who knows all the answers inside out. As of 25th May, this person will come into their own and answer any questions that come your way, allowing you to be a voice of comfort and knowledge to both your team and the public.
It’s no surprise that GDPR’s impact surrounding the gathering of data stands as a concern for B2B marketers, as for many, this activity is crucial. Lead Forensics continues to work hard in providing a GDPR compliant, lead generation solution, allowing B2B companies to generate hot, sales-ready leads they can convert into clients with no concerns. Our software tells you which businesses are visiting your website, and provides the contact information to match in real time, so you can be in contact with a lead seconds after they’ve shown a legitimate interest in your offering by visiting your website! Our software is market-leading and we’d love to show you how we can help your businesses harvest a record amount of leads whilst reaming 100% GDPR complaint. Why not book a 10 minute, free demo? Get started today!
Free guide - GDPR: What does it mean for business? All of the essential information you need on GDPR at your fingertips. Download for free today!
DISCLAIMER: Lead Forensics is a global market leading SaaS organisation. We have conducted extensive research into the GDPR and have an active working knowledge intended to help our clients to become better prepared ahead of the GDPR coming into force. Lead Forensics however does not provide legal advice on the GDPR and cannot be held responsible for the GDPR compliance of any organisation other than its own, it is the responsibility of each business to ensure their own compliance with the GDPR. If you have any need for legal advice, please contact a solicitor or visit the ICO website for further information https://www.ico.org.uk