GDPR best practices for B2B marketers
This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice, or as a recommendation of any particular legal understanding.
I must admit it’s been quite fascinating to see the keywords such as “gdpr marketing” making their ways to the top of the Google trends in the second half of 2018. And if you’re a marketer, you’ve heard a lot about the General Data Privacy Regulation (GDPR) over the last two years and you’ve probably been making your own research on whether you should do anything about it or not.
Let’s be honest, for the majority of us GDPR was the afterthought especially in early 2018 when nobody really knew how to best approach it in a way that we could keep doing our marketing magic while staying away from the GDPR violations. Almost two years later, we can look back and based on the efforts of hundreds of thousands of fellow marketers we're able to put together a decent master plan of how to address the GDPR requirements related to B2B marketing.
1. Always ask for a permission – never assume leads have opted in
2. Always explain WHAT data you collect and HOW you obtain it
3. Always be consistent in your wording
For avoidance of doubts, always be consistent in the privacy statements and disclaimers. The two examples below are very similar and yet very different. On the left you can see that the text on the button is consistent with the privacy disclaimer, while on the right it’s not. While this may seem not important, it actually makes a huge difference.
4. Always communicate
5. Always have proper electronic evidence and documentation
You need to collect and be able to report on:
- When a lead was created or obtained from a third party [Lead_Created_Date]
- How did you receive lead data [Lead_Source] and [Vendor_Name]
- Has a lead provided their consent to be contacted [Lead_Subscribed_Date]
- When a lead chose to unsubscribe [Lead_Unsubscribed_Date]
6. Always escalate complaints to the legal department
If you’re facing a complaint from let’s say an unhappy prospect who claims that you’ve violated GDPR or any other regulation, always escalate to your legal department immediately. Do not start communicating directly with the person who’s complaining unless you were told to do so by the legal team.
7. Always think in advance
8. Always check the contracts
Check all of the contracts with data service providers, who assist you with marketing or promotional services with your legal team before signing them. It’s also a good idea to instruct the corporate layers to look for provisions related to data privacy and data transfer to avoid any potential claims. In case someone asks “How did you get my information”, you’ll be able to easily address it.