What is GDPR and What do B2B Tech Marketers Need to Know about it?
I’m convinced after being an online marketer for 15 years that I surely must have a law degree by now. So much of what I do day-to-day is deal with the outcomes of laws being made, and nothing is more important to know in today’s market than the consequences of the new law from the European Union on data protection – GDPR [General Data Protection Regulation].
If you’re sitting in Texas right now [or Singapore…..or even in Toronto, Canada] and getting ready to change the channel – don’t. This new law concerns you greatly. Not only does it affect you as a marketer and how you market to your European list (and gain new information) but it also affects you as a B2B IT Marketer because IT cares about this law change a great deal.
[AND – as a bonus – if you want to hear more from Bryan on marketing best practices for GDPR, please watch this video of him from our May 2017 TechTarget London ROI Summit.]
What is GDPR and what are its implications?
For those that don’t know, what is GDPR?
GDPR is the General Data Protection Regulation and it is the new European Union law on data protection, replacing the existing EU data protection directive and will be implemented by every individual country in the EU. It is due to become effective on the 25th of May, 2018. What this means is that every country in the EU will have to introduce its own version of GDPR as the definitive data protection regulation. Every business in the world that handles the personal data of EU citizens has to comply with GDPR. Unlike the previous data protection laws that applied just to the countries working in the EU, this law now applies to everyone.
Does a company have to be compliant by May 2018 or do they just have to have a plan by May 2018?
They have to be compliant by May 2018. The legislation passed in May 2016, giving 2 years for people to comply.
The UK is leaving the EU within the next 2 to 3 years [Brexit], how does this affect data in the UK?
The UK will still be in the EU when GDPR becomes effective so it will be UK law and all the organizations still have to comply in May of 2018. When the UK leaves the EU, the government has already said that it intends to comply with GDPR and maintain data protection similar to the EU in order to be able to trade with the EU. One item that needs to be negotiated (besides tariffs and trades) is the movement of data. Every business transaction among organizations between EU and the UK needs to be GDPR compliant. It is not exactly clear yet what form that will take but it has been suggested that the UK and the EU will have to have something similar in place as the US and EU Privacy Shield law in order to be able to contain the information and divine a legal body to sort out any disputes (i.e. who has jurisdiction to this?).
Which industries, overall, need the most catching up to comply with GDPR?
Every industry that stores individual person data will already have, and be very familiar, with data protection and have basic compliance but all of them will have to upgrade their systems to be GDPR compliant. It is the big consumer facing organizations that are particularly affected by it. Any organization that is involved in supporting these organizations – cloud provider, software providers, outsourcers – you may not have a direct relationship with customers but since you are involved in storing data you now have to comply with this law as well.
What permissions do marketers need to be concerned with? Do they have to worry about how they have acquired their lists?
They have to get their heads around this idea that any data they have on EU citizens is loaned to them and is not owned. They have to know the source of any data they get and the consent of it. For instance, if you are in charge of demand generation activity and if have bought lists in the past that were not from a company with proper consent you can’t blame the company you bought the list from, it is now your problem. The supply chain of any data of an EU citizen must have GDPR compliance around it.
For those companies working outside the EU, how will they be affected? Does GDPR cause limitations?
There are definitely questions from companies outside the EU and how aware they are of this and how this affects them such as e-commerce companies. Ignorance, though, is not a defense. If you are outside the EU and dealing with EU citizens (even handling second-hand data) then you are affected by this law. Make sure to check your cloud company and their compliance. In addition you’ll need to include clauses in your terms and conditions that specify how you are handling and managing the data.
Key concerns for Marketers
Marketers all over the world rely on data to drive marketing strategies and tactics. The more you know about your customers and prospects, the better decisions you can make. And the more informed you are about any hurdles, legal or otherwise, you must clear when managing your own first-party data or data generated from 3rd parties, will ensure that you are delivering the highest value you can for the business. As you move forward, it is essential to:
- Know your sources. The GDPR will make it especially important to trust the source of the data you get from partners as it no longer just impacts marketing performance, but can have wide ranging implications for the business. Here are some questions you should be asking B2B data providers to make sure you are getting maximum transparency.
- Get aligned with global regions. As Bryan mentions, this is not just for marketers sitting in the EU. It is directly relevant for any teams responsible for marketing to this region. Furthermore, it applies to every lead or inquiry generated there. Make sure you are adjusting your marketing automation, lead management and sales handoff processes accordingly worldwide (if applicable) to comply with this regulation.