You’ve probably heard of the GDPR (General Data Protection Regulation)…in fact, most big companies were so loud to announce that they were adopting the new regulations that it was impossible to avoid. For a good 2-3 week stretch starting about 90 days ago, most consumers, European or otherwise, received a handful of emails every day from well-intentioned brands trying to tell us that they take digital privacy – and, quite ironically, the universe’s hatred for spam – seriously.
If you were one of the lucky few who were able to avoid the (digital) GDPR shouting match – or blissfully ignored the noise, the GDPR is a European regulation that significantly boosts the personal protections and consumer rights regarding the digital data footprint of EU citizens. In essence, GDPR greatly increases the responsibility of organizations that collect or process personal data of Europeans online.
At the highest level, this means:
- Being crystal clear and transparent in what data you’ve collected from customers and how it is being used.
- Never sending EU customers communications (especially emails) they don’t explicitly ask for.
- Providing European consumers the ability to request the data you’ve collected from them, and delete it from your records on request.
If you’re feeling extra studious, you can view the full legislation here.
But as a B2B marketer, what does that really mean for your day to day? Here’s what we learned from sitting back, taking the measured approach and watching dozens of companies roll out their GDPR policy – while helping several of own clients in the process.
Observation 1 – Adoption is smart, even if it isn’t mandatory for your company.
Technically, GDPR only affects companies that communicate and do business with individuals in the EU. While that affects most B2B companies in today’s global economy, what about companies that only operate in the U.S., North America, or other global markets?
Our suggestion? Get compliant now. With stories like Facebook’s Cambridge Analytica scandal (and record one day stock tumble) starting to creep into top headlines with high frequency, it’s only a matter of time before the U.S. and other countries start discussing regulation in a more formal and serious manner. In fact, even before GDPR become everyone’s inbox clogging topic of the month, Canada had already taken action with their Canada Anti-Spam Law (CASL), which had similar implications for digital marketers.
For most prognosticators, including the digital folks here at DeanHouston, it’s really not a question of If GDPR will bring about spiritual successors in other global markets – the question is When. Getting prepared today will give an organization a competitive edge and prevent sudden, major shifts to digital marketing strategies as legislation starts to form. It also positions a company as a trustworthy steward for its customers’ digital data, which is something that is growing in perceived importance by the day.
Which leads us to our next big takeaway…
Observation 2 – Like all changes in legislation, there’s opportunity to be seized.
In the world of business to business, especially in the industrial products market, there is no greater driver of sales and business development opportunity than changes in regulations. For every major shift, there’s typically a solid reward for organizations that evolve to thrive in a new regulatory environment. By going through the pains and investment required to get GDPR compliant, you set yourself up for a few significant benefits – a few of which include:
- Building trust with customers and leads.
- Transparency has never been more in demand. By voluntarily engaging in GDPR, your organization sets a precedent that your company is willing to forgo potential (often invasive) marketing opportunities to respect the privacy and inboxes of its customers. Combined with a content and messaging strategy built on a foundation of education and customer empowerment, you can turn your company into a trusted resource for information – and where they go first to learn about the product categories your company sells. Once that’s accomplished, the stage is yours to sell, respectfully.
- Creating a true dialogue with customers, one that can define how your brand engages with them digitally.
- Whether it’s digital or offline, the only way marketing can succeed is by offering customers truly memorable and relevant experiences. When done online, the key to achieving this is personalization – sending a customer the educational and marketing materials that meet their specific need, at exactly the right time. At DeanHouston, we often recommend that once a GDPR compliant marketing technology stack is defined and implemented, the next step is “getting to know” our engaged customers better. By acknowledging GDPR and data privacy compliance, while asking customers to provide information regarding their interests, preferred messaging frequency and types of information they’d like, you can start your company on a path that treats digital communication as a 1:1 conversation, not just a series of generic messages that are “blasted” out without consideration of a customer’s unique needs and wants.
- Better digital data and more actionable information on your TRUE customer base.
- A foundational aspect of GDPR is only sending digital communications to customers that explicitly consent. It also includes provisions that only allow for the storage of personal data among consenting customers as well. This forces companies to reconsider their current marketing lists, often pairing them down to only the customers that are truly engaged. By eliminating the “noise” in your marketing database and reports that are created by unengaged or unqualified customers, it’s easier to recognize and analyze patterns that tell us what true customers are responding to, what they need, and ultimately, what strategies can be implemented to get them information regarding the products and solutions that meet those needs (while ideally driving sales revenue in the process).
Observation 3 – (Marketing) Compliance Doesn’t Have to Be Difficult.
Whenever the term “regulation” gets thrown around, the first thought of those who have to comply is rarely a positive one. Visions of major system overhauls and process changes often create nightmares for managers. When it comes to GDPR, marketing managers at product-focused companies can sleep easily.
While there is an element of legal due diligence, getting your website and marketing technology stack (and strategy to leverage those tools) compliant doesn’t need to be a long or prohibitively expensive undertaking.
4 Quick Steps Toward GDPR Compliance:
- Get legal engaged as soon as possible – One of the core aspects of GDPR is making sure the language in the privacy and cookies policies of your website is within all of the legal requirements of GDPR. Your regular counsel should be able to either validate your existing policies, help you create one (in the event you don’t have one already), or assist in amending your policies in accordance with legislation.
- Have a clear call-to-action and GDPR user consent box on all forms throughout your website(s) – Equal parts compliance advice and digital marketing best practice, any and all forms across your website should have a clear call-to-action that sets the expectation for “next steps” with your customer. For example, a sales request from should state “a rep will contact you directly as soon as possible to cater to your request” or a “gated” white paper download from should say, “Fill out the form below and we’ll send you the white paper immediately.” In addition, any form on your website, especially those that will trigger any automated or manual follow-up, needs to be combined with a check box (unchecked by default). This check box should include a brief statement that explains the types of content you plan to send to the customer.
- Put an “acceptance” ribbon on your website that contains a statement about cookies – It is important to make your site’s use of cookies known to people upon arrival, and to alert them that they consent to your cookies if they continue to use your site. At the most basic level, most companies are handling this through the use of a simple ribbon on their homepage that allows users to accept their cookie policy, or that continued use of the site expresses consent to the policy.
- Be ready to quickly cater to “data deletion” requests – In order to be completely compliant, companies must make it reasonably easy for customers to request that all “non-essential” data, loosely defined as any information not needed to fulfill an explicit contractual obligation, be supplied to a customer and deleted upon request as quickly as possible. This can be done through a simple statement in your policies that provides a contact email with directions on how to file this request. However, some marketing automation software providers, such as Hubspot, are offering tools to make it possible to begin automating this process from start to finish to reduce ongoing labor and complexity.
While there are several minor tactical steps that make up the 4 major steps above, your web and technical staff should be able to navigate them quickly and effectively with a bit of guidance from you and your company’s legal team.
And if you need some help getting started, you can shoot anyone here at DeanHouston, including myself, a quick message to discuss further.
Disclaimer: This is not legal advice, and we cannot answer questions about your particular situation. You should consult with your own legal counsel if you have questions about your obligations under the GDPR.
Most of DeanHouston’s client base operates in industrial B2B products, and while that’s the experience we’re speaking from here, it is worth noting that GDPR can have significant implications for software as a service or sold service companies that capture more data on a customer’s use of their service than what a marketing department would typically use. This is especially true of companies in the health care, financial or business intelligence space. While the steps below are a sound start from a marketing perspective, if your company seems to fit the description immediately above, DeanHouston recommends additional due diligence and discussions with your company’s operations leadership before taking action.