This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice, or as a recommendation of any particular legal understanding.
Lately I've been thinking that I've reached a very interesting point in my career. For more than ten years I've been a digital marketing professional, but lately I changed lanes and became a manager of a customer success organization. Though I think that marketing is still my core competency, I can’t help but think that I find it fascinating that instead of generating traffic, MQLs and pipeline, my major goal now is listening to MR’s customers and solving their problems so that they become successful.
Since me and my squad are dealing primarily with B2B digital marketing and sales operations leaders, we are getting lots of questions on how could a certain tool (i.e. lead enrichment tool or email validation tool or landing page builder) affect their organization from the GDPR compliance perspective. But even more often we’re getting really basic questions about the GDPR compliance and how it affects the daily routine of B2B marketers. That being said, my gang an I thought that we’d create an blog post in the form of an FAQ, which we’ll be constantly updating with the most relevant and actionable information on GDPR compliance. We also created a blog post on GDPR best practices for B2B marketers that you might want to checkout in addition to the below FAQ.
Why is GDPR so “dangerous” to the marketers?
We as marketers deal with a lot of personally identifiable information(PII). In fact we’ve developed our own term for PII, we call it "lead data" or "lead profile". Merely look at your marketing channels and you’ll see that you’re collecting it from everywhere including trade shows,webinars, website, landing pages, joint activities with channel partners, and other executions. Are you sure that for every single record that you’re collecting you’ve got consent? And if you’re thinking you have, can you prove it?
Lead data = Personally Identifiable Information (PII)
Can you also prove it with documentation that all of the vendors you’re working with that are providing you the lead data, i.e. list of people you’ve scanned on a trade show, have actually educated those leads that their data will be disclosed to a third party? Have they asked those leads for their consent to transfer their PII to someone else outside the EU? These are just a few examples of GDPR-related questions causing marketers’ mood to change abruptly...
What’s special about GDPR and why there’s been so much hype around it?
Firstly, unlike other data security and privacy regulations, GDPR allows individuals, not just organizations to report a suspected GDPR violation to a local supervisory authority. Now think about your email marketing campaigns targeting those individuals in EU companies. They can actually cause a lot of trouble to your business if you’re not being careful. Secondly, GDPR implies a“class action lawsuit”, which in human language means that if a breach happens,you can face a group of individuals suing your company in case all of them got affected by it. Thirdly, the fines are quite substantial and constitute 4% of the global turnover or up to 20 million Euro.
Does GDPR apply to my marketing team? We’re a US-based company!
Unfortunately, the answer is “yes, it’s still does” as long as you’re doing business in Europe. However, even if your business hasn’t closed a deal in Europe, you still need to be careful since I bet at least a small portion of your prospects is from there and you’re collecting their personal identifiable information (PII).