General Data Protection Regulation (GDPR): What it means for B2B marketers

By Kristin Connell

Unambiguous consent. Non-bundled consent. Right to erasure. Calling all B2B marketers! If your organization stores and uses European Union (EU) citizens’ data, you need to become very familiar with these three terms – and at least half a dozen others – as soon as possible. Why? GDPR.

I’m not saying that you, as a B2B marketer, are solely responsible for what these terms represent. Your organization will be responsible for related GDPR overarching items, such as the placement of a Data Protection Officer (DPO); establishing an annual privacy assessment; strengthening data center security; and building the right team – both internal and external – to govern how your organization uses personal data from customers and prospects.

But to that last point of building the right data protection team, you should expect to be and if not, loudly request to be, on that team. You need to have a designated seat at that table. Because, as my teenage son is often heard saying around our house, “it’s about to get real, folks.”

In this post, I’m going to address some of the questions that we’re already received from our global customers doing business in the EU – questions that we’re addressing ourselves as GDPR impacts our organization as well as many of our customers’. I’d like to help you be more prepared, as you take your seat at that table, to respond to the questions and concerns the other team members will have for you, the B2B marketer in the room, as to the impact of GDPR and your plan to mitigate the impact to the bottom line.

We’ll be sharing more in the weeks and months ahead, but this initial post will help you get started to ensure that you – and I – continue to earn the trust and loyalty of our customers AND the trust and loyalty of our key business stakeholders. To do that, we need to start paying much more attention to the concept of “permission marketing.” But I’m jumping ahead – let’s start with a definition of GDPR.

What is GDPR?

Briefly, let’s make sure we’re all working from the same general understanding of GDPR: refers to: bottom-line, GDPR is a set of new regulations standardizing data privacy laws across the European Union (EU), which will force organizations to adopt consent-based marketing strategies or risk large fines. How large? We’ll get to that in a moment.

Why does my organization need to implement a framework to support GDPR?

GDPR will affect all organizations storing and using EU citizens’ data. A key element of GDPR is that an organization shows demonstrable proof of process compliance. The “due date” is May 25, 2018. From May 25, 2018, B2B marketers will need to prove they have explicit opt-ins from their contacts to be able to continue marketing to them via email or SMS.

The implications are significant:

  • Serious Breach – Fined up to $20 million or 4% of annual turnover, whichever is the higher of the two.
  • Less Serious Breach – Fined up to $10 million or 2% of annual turnover, whichever is the higher of the two.

From a B2B marketing operations perspective, tightening up processes and documentation may be time consuming now – actually, let’s face it, it WILL be time consuming – but once it’s in place it means the wider team will be far more efficient in case a breach occurs. In other words, it’s worth the effort now to not be caught with your “breaches” down later.

What do you need to do regarding GDPR as a B2B marketer?

Determine who the internal stakeholders are that you need to connect with in your organization:

  • Identify the relevant internal legal and privacy stakeholders you need to engage when planning data management and campaign changes
  • Understand who needs to be involved in case a breach occurs

Understand your organization’s B2B marketing data processes and document them:

  • Where is data captured and stored?
  • How is your data recorded?
  • What happens if you need to retrieve data?
  • How is data deletion handled?
  • What happens in the event of a breach? Where is approved messaging held?

Start planning and building for the GDPR – top 3 areas to consider are:

  1. Marketing automation: data management, nurturing programs and your preference center. Depending on how you’ve been managing marketing automation to date, this may be a relatively simple exercise or it may be massively complex – either way, if you haven’t already, start addressing them all now in the context of consent.
  2. Persona development: dust off that binder on the shelf, it’s time to get serious about personas. Why? Personas enable your messaging to be pinpointed to the relevant segment of your audience which can only help to build your database of contacts who willingly opted in when requested.
  3. Legal review: privacy policy, terms and conditions, cookie consent – oh my. You should review it all and ensure Legal has signed off on the most recent version (or provides an update to you – for which you will need to promise them half of your future lottery winnings – just kidding, but seriously, your Legal team is not clamoring to do this for you.)

Obviously, this is not an all-inclusive list of what you need to do, but it’s enough to get you started while I’m writing my next GDPR post. Seriously, the legal review alone may take you weeks. The other day, one of my customers discovered their privacy policy was last updated in 2012 – it was eye-opening for them, to say the least.

So, I’ve addressed what GDPR is; why your organization needs to implement a framework to support it; and what you as a B2B marketer need to do now that you’re in the know. Next? For the purpose of this post, we’re back to the concept of permission marketing.

What is permission marketing?

According to Seth Godin (who coined the term), “permission marketing is the privilege (not the right) of delivering anticipated, personal, and relevant messages to people who actually want them.”*

It sounds too good to be true, right? Marketing to people that actually want to hear from you. People that call to complain when they don’t hear from you. Many organizations have been doing this for years and very successfully. Who are they and how are they doing it? Good questions! Stay tuned for my next post – “Are B2B Marketers Ready for GDPR?” – to find out more.

To learn more about GDPR Services that Sojourn Solutions provides for B2B marketers like you, please contact us today.

Note: This blog post and the linked content, if any, is not intended to include, nor should be construed to include, any legal advice or business solution addressing the content, interpretation or application of the European Union General Data Protection Regulation (GDPR) generally or specifically to any client’s or potential client’s circumstances.

Sojourn Solutions advises all parties to seek qualified legal counsel regarding the applicability of GDPR to their processing of any personal data, including and especially through any third-party products and/or services.

* Source: Marketing-Schools.org

About the author:

Kristin considers herself an entrepreneur at heart. She loves trying new things and taking educated risks on new ventures, both professionally and in her personal life. Kristin brings that passion to work every day where she enjoys helping her customers and colleagues discover the power of innovation at the intersection of marketing, technology, and the customer experience. Last, but not least, Kristin and her husband have two madly amazing children and a Toto dog.

Kristin Connell

Head of Marketing

SIGN UP TO RECEIVE OUR LATEST BLOGS