The Impact Of GDPR on B2B Marketing
The GDPR is upon us and marketers should take notice if they haven’t already. If you store the personal data of EU citizens, regardless of where your company and its databases are located, you must adhere to the new guidelines.
The General Data Protection Regulation will come into force in May 2018, applies to practically everyone, but digital marketers whose bread and butter is collecting and storing digital data should really pay attention.
What is GDPR and how will marketers be affected?
By May 2018, any marketer who is targeting the EU must be compliant, or risk heavy fines or sanctions. The digital Wild West where you could get away with almost anything is over. Yes, it means that everything that uses personal data, including opt-in forms, nurturing flows, newsletters and blog subscriber lists needs to be GDPR compliant. So before you start building your next campaign, you’ll want to make sure to know what the rules are and how to follow them.
The GDPR covers a wide area, including cybersecurity and data protection, but several key areas specifically affect marketers. Some of the requirements will be challenging to accommodate at first, but hopefully we’ll be able to turn it around to our advantage and design more effective, customer-friendly and transparent campaigns.
By being clear about how we utilize personal information, we can build a more trusting relationship with our prospects. Users will also receive less unwanted content that distracts from the campaigns they might be interested in.
GDPR covers several areas of crucial importance for B2B marketers, such as:
Marketing Lists and Databases
The rules that cover how lists and databases are handled will likely be the most challenging for marketers to comply with. This will apply to any current lists, so beware, more than two-thirds of all marketing data might be lost if it isn’t updated soon.
- All subscription lists must be opt-in with a secondary confirmation only. If you’re not sure, or do not have the ability to confirm that existing databases follow protocol, you risk losing the entire list.
- When you design a form, it must be clearly noted what type of messaging will be sent, and how it will be received. A checkbox that confirms an email subscription will not apply to phone calls, SMS or paper post.
- How personal information will be used and who it will be shared with must also be published clearly on any web page where users will enter their personal details.
Right to Access
Individuals will be able to request any personal data being stored or processed by an organisation and ask what it is being used for. This includes listing any partners the data might be shared with. Any time a customer submits their information to you, those partners must be noted on the same page.
Right to be Forgotten
Individuals may request to remove their information from your databases at anytime, and to never be contacted again. If they want to sign up for the same list after a deletion request, they will have to use new contact information. While we all already include unsubscribe buttons in our campaigns, this is much more comprehensive than simply no longer sending messages to an individual. All data must be promptly deleted from any servers in your control.
Portability of Data
Individuals may request their data in a readable, electronic format at any time. This means that everyone in the department needs to keep their spreadsheets organized and their CRM entries in order and up to date.
Meet the New Team Member: A Data Protection Officer
Depending on the size of your company and volume of work, your department may need to appoint a data protection officer to oversee personal data processing and observe best practices for the new regulations. Compliance won’t come cheap!
Privacy by Design
This applies more to IT departments than marketing teams but essentially, databases will have to be anonymized if they aren’t already. Data that could be used to directly identify individuals, such as home addresses, credit card numbers or ID numbers, must be encrypted. Those familiar with PII best practices are likely ready for the new rules. For marketing campaigns, this also means that all information describing how user details will be maintained must be clear and not hidden.
If any of your data has been compromised because of a cyber attack or any other reason, you will be required to report the event within 72 hours of it being detected. While this applies to every department, it is important for marketing teams to understand that they are responsible for the data they collect and store.
GDPR is almost here, but don’t panic
The new regulations may seem challenging to approach, but learning the ground rules will allow you to build more sincere, trustworthy campaigns.
An internal audit of your current practices and systems will highlight the points that need to be updated. Many areas may not even need significant changes if you’re already careful about how you manage your databases.
The upcoming GDPR regulations are actually a great opportunity to reevaluate your B2B marketing campaigns. Investing the time and resources to meet the regulations might seem inconvenient at first. But ultimately, marketing teams will be forced into targeting more interested prospects, exemplifying the inbound marketing principles of providing relevant content to potential customers only when they are actually interested to hear about it. And treating your prospects personal data with care is a good development in any case.