Are You Ready for GDPR? How B2B Marketers Can Comply with GDPR

GDPR Took Effect on May 25, 2018

Why B2B Marketers Must Address GDPR

Most B2B companies leverage online marketing as a key element of their B2B Marketing Strategy. In fact, online lead generation can be a powerful contributor to the sales pipeline. But when your offers are online, you attract visitors from across the world. Take a look at your website analytics. Even if your market is regional or national, you may be surprised at where your visitors are located.

GDPR, or the General Data Protection Regulation takes effect on May 25, 2018. This new regulation is designed to protect citizens of European Union member countries. And if a resident of one of those countries fills out a form on your website or responds online to your advertisement, your business is now held to GDPR regulations. Thus, nearly all B2B businesses need to be sensitive to these regulations.

The penalties for non-compliance are stiff. Fines for not following GDPR can be up to the greater of €20 million or 4% of global annual turnover, regardless of where your business is located. If an EU citizen is involved, your company is expected to comply.

What is GDPR?

GDPR, or General Data Protection Regulation, is a new set of regulations put in place by the European Union that affects how businesses may contact prospects who are residents of the EU by means of email marketing, among other data collection and communication practices. Put simply, the regulation is aimed at protecting consumers’ personal information (email addresses, phone numbers, postal addresses) while also lowering the number of unwanted emails. While this may sound like a death knell for email marketing campaigns, it can actually increase deliverability as you will be communicating with people who you know want to hear from you – either by their opting in, or by choosing to not opt out.

How GDPR Applies in B2B

In B2B Marketing, we use push and pull marketing campaigns to attract, nurture and engage leads. Visitors sign up online for a variety of offers.

• Soft offers including signups for white papers, executive briefs, webinars, online calculators and brochures.
• Product/solution offers such as free trials, demos, freemiums.
• Sales offers including consultations and sales engagements.

How B2B Marketing Companies Can Lawfully Process Personal Data

A very important thing to note about GDPR is that it is aimed at protecting consumer privacy rights. In a B2B model, marketing is not directed at individual consumers but rather another business, or business prospects, and therefore the appropriate way to process this personal information can be done one of two ways: consent or legitimate interest. Both approaches are equally acceptable for B2B organizations to process data under GDPR, so long as they are applied correctly.

Option 1: Consent

The consent approach requires that you get your information directly from the prospect, such as filling out a form that has a blank communications consent checkbox that they must check in order to download a whitepaper, access a free trial, view a webinar, subscribe to a newsletter, etc. Consent must be explicitly given and cannot be given by default. The ICO’s official stance on consent is: “Consent must be freely given, specific, informed and unambiguous.” Meaning, you must be very clear with the prospect at the time that you obtain their information who you are, how you will use their information, who you will be transferring their information to (i.e. a third party such as MailChimp), how long you intend to keep their data, the person’s right to opt-out and have all of their information deleted, and whether their data is used in any kind of automated decision making. This information must also be disclosed in simple, plain English in your website’s privacy policy.

Much of the current discussion regarding GDPR compliance assumes this option is applied. However, this option can have a very negative impact on conversion rates. Visitors cannot be defaulted to receive ongoing emails and must explicitly agree. Persuasive copy or additional offers will help convince visitors to consent, but the consent approach will affect lead flow.

Option 2: Legitimate Interest

There’s a common misconception that explicit consent from a prospect is the only way to comply with GDPR when it comes to online marketing. Fortunately, that’s not the case. GDPR allows for processing of personal data without opting in if it falls under the category of Legitimate Interest. In Recital 47 of GDPR’s guidelines, legitimate interest is specifically tied to direct marketing: “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” Guidelines also specify that a case for legitimate interest can be made if the communications are not unexpected, i.e. if they have already expressed interest in your business or product offering by signing up for a free trial, or attending a webinar specific to your business. GDPR stipulates that you must also always offer a way for them to quickly, easily and permanently opt out from your communications, and make it clear just like with consent how you are using their data. Also just like with consent, all information on how you collect and use their data must be disclosed in plain English in your website’s privacy policy.

Which Option is Best In Your Situation?

Both approaches are equally acceptable under GDPR, so the answer to which option is best for your business comes from weighing the legal risk against the commercial risk. Consent has a much lower legal risk in that you are getting the direct, precise approval from the prospect to be added to your list of communications, so there is no ambiguity in how you got their information or why they are receiving email campaigns from you. However, the risk in B2B Marketing is pretty staggering: statistics have shown that lead generation is a whopping 10 times lower when you go the consent route, and less than 10% of existing leads will actually convert to confirmed subscribers. If you instead use legitimate interest to comply with GDPR, there is a higher legal risk simply because the rules surrounding what qualifies as “legitimate interest” are currently still a bit of a grey area. However, the commercial benefits could outweigh the potential legal risks, because not only do you not have to get existing prospects to re-confirm their consent to receive communications, you also don’t have to get express permission for future communications with new leads.

General Guidelines to Help Choose Your Approach

Consent is ideal if at least one of the below applies:

• Your use of personal data has a high privacy impact
• You use or plan to use personal data in a way that people would not reasonably expect
• You think people would likely object if you explained to them how you use their data
• You need opt-in for communicating under PECR

Legitimate Interest is ideal if all of the below apply:

• Your use of personal data has minimal privacy impact
• You don’t think people would be surprised or likely to object to your use of their data
• You do not need consent under PECR (this is true for B2B marketing in the UK)

Summary

GDPR will have a significant impact B2B marketing and online lead generation. Marketing software providers are updating their tools to support GDPR. But tool updates are not sufficient. The consequence of non-compliance is too great for B2B businesses and marketers to ignore. We strongly recommend that you review your lead capture and lead management practices to ensure you are compliant with this new regulation. If you’re looking for additional assistance on this, we encourage you to contact us.

Notice: We are B2B Marketers, not legal experts. This article is for discussion purposes only and is not intended to provide legal advice on the interpretation of the GDPR or any other rule or regulation. To understand how the GDPR or any other law impacts you or your business, you should seek independent advice of qualified legal counsel.