GDPR Compliance for B2B Marketers: 8 Essential Best Practices

This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice, or as a recommendation of any particular legal understanding.

I must admit it’s been quite fascinating to see the keywords such as “gdpr marketing” making their ways to the top of the Google trends in the second half of 2018. And if you’re a marketer, you’ve heard a lot about the General Data Privacy Regulation (GDPR) over the last two years and you’ve probably been making your own research on whether you should do anything about it or not.

Let’s be honest, for the majority of us GDPR was the afterthought especially in early 2018 when nobody really knew how to best approach it in a way that we could keep doing our marketing magic while staying away from the GDPR violations. Almost two years later, we can look back and based on the efforts of hundreds of thousands of fellow marketers we're able to put together a decent master plan of how to address the GDPR requirements related to B2B marketing.

‍

1. Always ask for a permission – never assume leads have opted in

You lead registration forms need to be adjusted so that you website visitors clearly see that they may or may not give their consent to receiving communications from you and that your privacy policy is right in front of them whenever they’re giving you their personal data.

‍

2. Always explain WHAT data you collect and HOW you obtain it

Your privacy policy needs to be posted on your website and your registration forms should link back to it. In the privacy policy you should clearly explain what data points are you collecting and how exactly.

‍

3. Always be consistent in your wording

For avoidance of doubts, always be consistent in the privacy statements and disclaimers. The two examples below are very similar and yet very different. On the left you can see that the text on the button is consistent with the privacy disclaimer, while on the right it’s not. While this may seem not important, it actually makes a huge difference.

‍

4. Always communicate

Those cookie policy pop-ups are so annoying, aren’t they? But in fact it’s a requirement to notify the website visitors if you are using cookies to track and record their behavior. Most companies are using quite tricky wording of “By continuing to use our website, you agree to our Cookie Policy” which has become standard for the majority of modern business websites.

‍

5. Always have proper electronic evidence and documentation

You need to collect and be able to report on:

• When a lead was created or obtained from a third party [Lead_Created_Date]
• How did you receive lead data [Lead_Source] and [Vendor_Name]
• Has a lead provided their consent to be contacted [Lead_Subscribed_Date]
• When a lead chose to unsubscribe [Lead_Unsubscribed_Date]

‍

6. Always escalate complaints to the legal department

If you’re facing a complaint from let’s say an unhappy prospect who claims that you’ve violated GDPR or any other regulation, always escalate to your legal department immediately. Do not start communicating directly with the person who’s complaining unless you were told to do so by the legal team.

‍

7. Always think in advance

Let’s imagine a major trade show’s approaching and you know that you’ll be scanning a bunch of leads. What should you do? Merely print out your privacy policy and place it on your booth so that it’s visible and can be handed off to anyone who wants to see it.

‍

8. Always check the contracts

Check all of the contracts with data service providers, who assist you with marketing or promotional services with your legal team before signing them. It’s also a good idea to instruct the corporate layers to look for provisions related to data privacy and data transfer to avoid any potential claims. In case someone asks “How did you get my information”, you’ll be able to easily address it.

‍