In May 2016, new B2B marketing legislation was approved. The General Data Protection Regulation (GDPR) will have massive implications for anyone carrying out B2B communications.
What does the GDPR say?
To date, the details are a little vague. But from what we know, it’s clear that the new rules will have a huge impact on B2B marketers.
Will your firm be affected?
The regulation will affect any firm that:
- Possesses or processes data pertaining to an identifiable person
- Contacts those individuals via email, phone, SMS or mail
- Tracks their engagement via e-shots, cookies, or landing pages for the purpose of profiling an individual
In reality almost all, if not all, B2B firms will fall into one or more of these categories.
What do you need to do?
You need to start thinking now about the new regulations will affect you, and take action to ensure you comply in time.
The rules are due to come into force on 25 May 2018 – and while nearly two years sounds a long time, in reality you need to act immediately to address the required changes.
Although the UK will leave the EU at some point in future, this is unlikely to happen in full before the legislation comes into force – so Brexit is no reason for firms not to prepare.
What does the new B2B marketing regulation mean?
- There is no distinction between business and personal data
Currently, B2C data is treated more strictly than B2B data. There are rules about how you can market to individuals via their personal email address or phone number – but these aren’t as stringent when it comes to business contact details.
The General Data Protection Regulation changes that. It views all data as personal and makes it subject to the same rules. It defines personal data as:
- Full name
- Job title
- Work email address
- Direct telephone number
- Any data relating to an individual’s actions or behaviours – eg, areas of interest
- Computer IP address
B2B marketers will need to update their processes to make sure they comply.
Contacts now need to opt in, rather than opt out
The new obligations propose that the familiar ‘opt-out’ clause on emails and websites will be replaced by the need for proactive opt-in consent.
- Informed consent is key
If you manage data (are a ‘data controller’ in the eyes of the legislation) you need to be able to show that your contacts gave unambiguous, informed, contextual consent. In other words, that they were aware of what they were signing up for.
- Contacts can force data controllers to delete their data
Under the new regulation, any individual has the right to force data controllers to delete all the information they hold about them. Firms will need to ensure that all personal information is comprehensively deleted.
- A contact’s EU citizenship, not the country where the data is used, governs the rules
Previous legislation has applied to data held just in EU countries. The new law differs in that it applies to any EU citizen, no matter where in the world the data is held.
3 things you need to do now
- Review your processes. Does your current opt-in meet the new rules? If not, you need to change it. Contact everyone in your database and start collating their responses. You will need to make sure you store this information so you have evidence of their opt-in if you need it.
- Start now. Get ahead of your competitors. If you’re the first financial services firm asking for marketing consent, you’re more likely to get it than if you’re the tenth. Get started asap.
- Remember your existing compliance requirements. If you’re regulated by the Financial Conduct Authority (FCA), you need to make sure you continue meeting its requirements as well as falling in line with the GDPR. Getting prepared for the GDPR will help to ensure you’re treating your customers fairly (a big FCA focus). That’s one good thing about regulation – complying in one area is likely to enhance your good corporate conduct across the whole range of legislation you face.
What are the penalties if you don’t comply?
The Information Commissioner’s Office (ICO) investigates non-compliance with the new rules. If any firm is deemed to be in serious breach, they face potential fines of up to €20 million or 4% of the firm’s global turnover. The penalties are therefore significant.
The GDPR will create a lot of work for all B2B firms. You need to start with our three priorities above, and take action to update your processes as soon as possible. Meanwhile, don’t take your eye off the ball when it comes to existing requirements.
If you are a regulated firm, you need to make sure your financial promotions remain compliant, and your marketing project management and approval processes are up to scratch all the while you’re focusing on the new rules.
Source: Perivan Solutions
How can we help!
LS Consultancy has wealth of experience in reviewing financial promotions and can do so on a one-off or on an on-going basis.