By drafting the General Data Protection Regulation (GDPR) in January of 2012, the European Commission opened the floor for four years of intense debate on the practicality and interpretation of the new regulation. From the initial confusion, there has sprung a dizzying range of articles and information.
With recent months clarifying the specifics of the legislation, more is known about how B2B marketers and businesses will cope in the new legal environment once GDPR come into force in May next year.
Subsequent statements and revisions to the GDPR in 2017 have left the internet flooded with inaccurate information. While the GDPR is similar to the current Data Protection Act, it is more stringent. Penalties for non-compliance will rise dramatically to up to €20 million or 4% of annual global turnover, whichever is greater.
This one-stop guide covers the key implications of the forthcoming EU GDPR and how to best prepare to ensure compliance.
Data & Consent
The GDPR, in addition to refining the laws on consent for individuals receiving marketing communications, will require businesses to be more proactive and attentive in the management of their sales and marketing data.
Your company will need to consider and act upon the following points prior to the law coming into effect in May 2018:
- Employee awareness:
It isn’t enough for only senior management to be aware of GDPR. Cascading details of the changes through your organisation is critical to avoid penalties for non-compliance. This can be easily achieved by ensuring all staff have read comprehensive summaries of the changes, such as our GDPR B2B overview.
- Auditing and editing data:
Your business must be fully aware of the data it holds and how to edit or (safely) destroy it. You may have to amend your data as it is used, particularly for outbound marketing campaigns. A simple data audit will help. Designating a member of staff to manage your data will also help. Create a SOP (standard operating procedure) document detailing these processes and ensure it is easily accessed.
- Clarity of consent and privacy notices:
It is vital that you review how you obtain and manage consent. You may need to refresh existing data to meet the GDPR standard if your previous processes were unclear or inconsistent. In your privacy notices, you will need to explain clearly to any data subject the way you process and retain the information you hold about them. The ICO has a comprehensive guide on privacy notices under the GDPR.
- Consumer (B2C) marketing will change significantly:
It is pertinent to mention that B2C marketing is impacted heavily by GDPR. Remaining in the most recent revision of the law is the need for marketing companies to obtain prior opt-in for email marketing to consumers. This major shift in law forms a large part of the GDPR’s drive to give greater protection to consumers from unsolicited marketing.
For a more detailed breakdown of general practices to adopt, we recommend referring to the ICO’s ’12 steps to take now’ document.
GDPR for B2B: What you need to know
The initial release of the GDPR led to extensive discussion and concern amongst B2B marketers worldwide. This apprehension over the future viability of established B2B ways of working is understandable, but is largely overblown due to poor understanding of the GDPR’s fine print.
Although your B2B practices will need to change to remain compliant to GDPR, you have almost a full year to adapt.
- Telesales and email marketing
Fortunately, these traditional B2B practices may continue under GDPR. Initial fears over these being restricted were alleviated in a recent statement from the Direct Marketing Association. The GDPR initially stated that email marketing would require a prior opt-in; a drastic and challenging change to the industry. This has now been rescinded.
The key change required for B2B activity is a clear and simple opt-out process. Under the GDPR, this applies to both telemarketing and email marketing. Legitimate interest must also be protected; you may only contact individuals whose job role is relevant to the service you provide. Untargeted contact that is not relevant may incur fines.
- Pay-Per-Click and other outbound marketing
Pay-Per-Click and other outbound marketing channels such as display advertising, content marketing and social media are not expected to be affected significantly by GDPR. Although the law could be revised again prior to May 2018, these channels are expected to remain consistent with current requirements under the Data Protection Act.
It is, however, predicted that channels such as Pay-Per-Click will become increasingly viable under GDPR. With greater diligence required in the handling of marketing data, cost-effectiveness and overall value may increase in comparison other channels.
While the B2C sector will be affected significantly, B2B will be largely unaffected by the current version of GDPR (to avoid any confusion, this article was publish on 28 June 2017).
The primary threat posed to companies — and marketing teams in particular — lies in the auditing and maintenance of their data under the new requirements; research firm Gartner predicts that over 50% of companies affected by GDPR will fail to prepare appropriately. These companies may incur fines.
With the GDPR still scheduled to come into effect on 25 May 2018, there is adequate time to adjust.