The GDPR was approved in May 2016 and is set to have a huge impact on the way B2B relations are carried out.
In all honesty, no one knows exactly what it means, the legislation itself is plagued with vagaries and there seems to be little clarification on what it means for the world of B2B communications. But here’s what we do know, and how it will impact your business.
Who will be affected?
If your organisation:
– Possesses or processes data pertaining to an identifiable person
– Contacts those individuals via email, phone, SMS or post
– Tracks their engagement via e-shots, cookies, or landing pages for the purpose of profiling an individual
Then you need to start thinking seriously about how GDPR will impact on your business, and start taking immediate steps towards compliance.
What does it mean?
What is personal data?
There is no longer any difference between “business” and “consumer” data
The GDPR makes no distinction between B2C personal data and B2B personal data. It’s all personal and subject to the same rules. B2B businesses will need to update their processes to ensure the same levels of protection are given to anyone they wish to contact.
Opt-in replaces opt-out
The opt-out is a familiar part of marketing communication these days: “If you don’t want to hear from us again, tick this box or click this link”. Under the new regulation, the opt-out will be no more. Instead, opt-in consent could be required for all marketing communications and certainly for smaller businesses, sole traders, SOHO and partnership businesses. You can see this more fully explained here >>
Data controllers need to be able to prove that users gave unambiguous, informed, contextual consent and knew exactly what they were agreeing to.
Consent cannot be implied by inaction, it must be the result of a positive action by individuals. Soft opt-in may apply in some circumstances, but it’s better to be safe than sorry.
Right to be forgotten
Individuals now have the right to force data controllers to delete all information they hold on them, including any details retained on a “do not contact” list. Businesses will have to work out new processes to ensure all personal information is thoroughly and permanently erased.
Data on UK or EU citizens will be treated the same wherever in the world it’s held
The Regulations grant enforcement bodies greater powers that apply anywhere in the world, not simply in EU member countries. If you hold data on any UK or EU citizen then you’ll need to comply.
This is a Regulation and not a Directive
Directives are legal guidelines that EU countries must achieve by their own means, whereas Regulations have binding legal force and all come into effect at the same time. In other words, the GDPR is a pan-European law that won’t be influenced by the UK Parliament.
When do I have to comply?
The GDPR was published on 25th May 2016. It gave organisations 2 years to become compliant, so the deadline is 25th May 2018.
What are the consequences if I don’t?
You will be investigated by the Information Commissioner’s Office (ICO), and if you are found to be in serious breach of the new law you could be fined up to €20 million or 4% of your organisation’s global turnover.
It’s a fact the ICO is increasing its staff numbers in preparation for the GDPR, so don’t assume they lack the resources. They stand to profit hugely from this.
Implications of Brexit
The GDPR comes into effect in May 2018. The UK is highly unlikely to exit the EU formally by then, so you’ll still be subject to the legislation. Whilst the long term future of GDPR after the conclusion of Brexit negotiations isn’t certain, the ICO has highlighted that:
“With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens. The ICO’s role has always involved working closely with regulators in other countries, and that will continue to be the case… we will be speaking to government to present our view that reform of the UK law remains necessary” – ICO, 1st July 2016. See the full statement here…
So in short, a legislation on very similar lines to the GDPR is likely to be enforced in the years to come. As such, preparation is essential.
So what do I do?
Decide whether you will be impacted
If you telephone or email prospects, or possess personal data chances are you will be. And this 3-Minute Guide focuses on B2B sales and marketing: your data; email campaigns; social media; telemarketing, etc.
Find out more
Understand exactly what these changes will mean for you. Take a look at the library of resources Nett Sales has collected here…
Review your practices & plan ahead
Establish whether your current level of opt-in meets the new terms. Amend your consent terms, take on board a structured approach so that you know what data you have got and when you are likely to need to get consent. And then contact every person you wish to communicate with in the future to upgrade their consent level to the new standard and start storing consent forms.
Implement the plan now
Start preparing now while no one else is. Consent is going to become scarce in just over 6 months’ time, so being ahead of the game could be a huge advantage!
Ask for help
It’s important you get this right, so start thinking about this today and get some help with it if you need to.
See the silver lining
With all the talk of hefty fines and legal action it’s easy to see only the negatives. However, by being forced to encourage prospects to engage, you can actually use GDPR to make money, and see a marked improvement in the quality of your data. There are some ways options and ways around this, so talk to us and we’ll tell you what we suggest for you.
There aren’t going to be many more certainties in GDPR advice until the New Year, but talk to us and we’ll do what we can for you.
If you are unsure where to go from here, keep an eye out for future articles from Nett Sales, call us on 01672 50 50 50 or drop an email to firstname.lastname@example.org
Whilst this article is meant to inform, it does not constitute legal advice. If you need details about GDPR’s legal implications for your business, please get in with your legal advisor.
This article together with the help of the following pieces, some of which we have quoted directly.