Revsure Marketing

Edit
Click here to add content.

The GDPR

GDPR Compliance for Business-to-Business Marketers

The GDPR will have an impact on B2B marketing in a variety of ways. We’ve taken precautions to safeguard our clients and subscribers so that we can continue to deliver marketing success. This manual will go over:

  1. What is the GDPR’s purpose?
  2. What it means for marketing
  3. Obtaining permission for data processing
  4. If you have a legitimate interest in B2B communications
  5. How to Maintain Compliance When Collaborating with Partners
  6. How to capitalize on legislative changes.

The General Data Protection Regulation, or GDPR, went into effect on May 25, 2018. Compliance is obviously critical, with potential fines of 4% of turnover or €20 million.

This Europe-wide slew of legislation fundamentally changes how marketing works, but there are opportunities for marketers with the imagination to spot them.

What is the GDPR's goal?

The GDPR governs how personal data is collected, stored, and used. The Data Protection Act (1998) of the United Kingdom and the Data Protection Directive of the European Union both serve the same purpose. However, in the 20 years since these were written, our way of life and work has changed so drastically that the Act is no longer considered effective.

The rate at which we generate and store data is one factor. According to Forbes, between 2014 and 2016, we generated more data than in the entire history of the human race. It is estimated that by 2020, 1.7 metabytes will be created every second for each human on the planet.

Previous data regulations are evolved and updated by the GDPR. It includes documentation requirements, risk assessments, and procedures for notifying data subjects and authorities in the event of a breach. GDPR also includes “Privacy By Design,” an approach that promotes data protection from the start rather than after the fact.

 
How are we complying with GDPR?

“Privacy By Design” at Revsure means that we’ve gone through a process of reviewing our software, processes, and documents in order to integrate the GDPR naturally into our business.

It entailed risk-assessing our activities and ensuring the company’s data-handling procedures were watertight.

As we’ve been training our team, this has helped boost confidence throughout the company.

The most important GDPR aspects for marketers

So, what do these changes mean for people who work with data on a daily basis, such as marketers?

Email addresses are probably at the top of the list when it comes to personal data and data protection. However, the term “personal data” is much broader. It can be “any information related to a natural person… that can directly or indirectly identify the person.” This can include their real or online names, location data, phone number, postal address, IP addresses, and a variety of other information. In a nutshell, anything you know about your customers or how you track prospects for digital marketing purposes.

Data subjects have the right to access their information, to know what you store and where you store it, to correct or delete it, and to be notified if there is a breach. You must also inform them of how their data will be used, which will most likely entail updating privacy policies, data collection systems such as online forms, and evaluating existing databases.

To make this possible, data handling procedures must be robust and detailed. This means that marketing teams must collaborate with any other departments that handle data, such as HR and customer service. Because data security is a key component of the GDPR, marketers will find themselves working more closely with IT teams than ever before, as any new resources or tools must be tested for flaws.

TRANSLUCENT APPROVAL

In most cases, the individual must give explicit permission for their information to be stored and used. The ICO spells it out in a series of bullet points, including the prohibition of default consent, blanket agreements, and vague wording. “Authentic consent should empower individuals, foster trust and engagement, and improve your reputation.”

One of the most well-known forms of explicit permission is the opt-in email subscription: a user subscribes to a newsletter or responds to a marketing message, and then clicks to confirm their consent to be contacted in the future.
Many businesses have been using opt-in forms for some time in preparation, and some email marketing platforms have made them mandatory.

However, keep in mind that your audience has agreed to have a specific set of data stored and used in a specific manner. Your privacy policy may need to be updated; Taylor Wessing has a handy checklist to help you make sure you’ve covered all of your bases.

How are we complying with consent?

We took specific legal advice regarding our disclaimers as a company to ensure that we are fully GDPR compliant.

This means that the opt-in messaging on our landing pages is clear, specific, and requires a positive action on the part of the individual.

As part of our GDPR initiative, we have also updated our privacy policy. We inform each subscriber about what happens to their data if they respond to an offer promoted by one of our advertisers.

Genuine interest in business-to-business marketing

The clause of “legitimate interest” provides some leeway for B2B marketers. Individuals’ data can be processed and used “in ways they would reasonably expect and with minimal privacy impact, or where there is a compelling justification for the processing,” according to the ICO guidelines.

According to the Direct Marketing Association, this is sufficient for you to send them marketing messages as long as they can easily opt-out and the content is about products and services that you believe will be of interest to them. To ensure that your communications are highly relevant, legitimate interest necessitates intelligent targeting and understanding of the customer.

The ICO proposes three components to the legitimate interest basis for data processing. You must do the following:

  • determine a legitimate interest;
  • demonstrate that the processing is required to achieve it; and
  • weigh it against the interests, rights, and freedoms of individuals

If you contact someone for this reason, you assume additional responsibility for their rights and interests. You must keep track of why you believe your message is relevant to them and be prepared to defend it if challenged.

Who has access to your data?

GDPR will also require you to reconsider your relationships with suppliers, particularly those who handle data on your behalf or have access to any of the data.

Third-party data processors include email marketing platforms and CRMs, which handle a company’s data on its behalf. You and the platform are both accountable for the data. A Data Protection Agreement, or DPA, outlines both parties’ responsibilities for ensuring that data processing standards are met. If you don’t have a template, most platforms will be able to provide one.

When it comes to cloud-based services, data can be stored anywhere in the world, including multiple countries. The “Privacy Shield” is a framework developed by the United States and the European Union to assist businesses in complying with data protection regulations on both sides of the Atlantic. Joining the Privacy Shield is entirely voluntary, but once a company has enrolled, the commitment is legally binding. You can check which companies have signed up for the Privacy Shield by visiting the Privacy Shield website.

Major companies such as Facebook, Salesforce, and Dropbox are certified, but smaller businesses should double-check. Keep in mind that an increasing number of programs are cloud-based, so this could include everyday programs such as spreadsheets and text documents, in addition to cloud storage, file transfer services, and CRMs.

How are Data Processors Compliant?

We have signed up for Privacy Shield and recommend it to our clients.

We carry out campaigns using our in-house content marketing platform. We audit data processors and require them to sign Data Protection Agreements when we work with them.

A chance to get ahead of the competition

The GDPR certainly presents some challenges in terms of data handling and mailing list building. However, there are opportunities to distinguish yourself and your company.

It doesn’t take long for data to become cloudy and of poor quality, and few businesses devote sufficient time to database maintenance. Poor data quality reduces ROI and makes gaining meaningful insights from campaigns difficult. Although 92 percent of marketers consider better data management a priority, only 8 percent have done so effectively so far. The GDPR requires marketers to review their data, but those who go above and beyond can use this as a springboard to data-driven, truly personalized communications.

Requiring subscribers to re-subscribe will inevitably reduce the size of mailing lists, but it will improve their quality. Those who have chosen to stay clearly want to be there, and as long as your messages are relevant, you can foster trust and loyalty.

Users will have more transparency and control over their data, resulting in less noise and increased engagement with brands and topics of interest. Better targeting and messaging will enable you to outperform the competition.

Many businesses have settled for automated, mass-market, poorly targeted communications in recent years. Success in the future will be determined by developing much closer relationships with customers: learning about their pain points and creating creative, relevant content. For creative marketers, the GDPR presents an opportunity to stand out from the crowd and win customers away from competitors.

Finally, you are not alone.

Amplifying your content via compliant channels allows you to deliver content to the right prospects while posing less risk than mass marketing yourself.

Serving relevant audiences with the most recent insights provides you with the ideal opportunity to hire the right professionals for your future marketing efforts.