More than a year on from the Great GDPR Frenzy of 2018, Teach a Brand to Fish still receives questions about the GDPR implications of how we do our marketing. It seems there is still some confusion as to how (or even if) data protection applies to b2b marketing communication.
Here are the 5 most common questions we hear about what GDPR means for your B2B Marketing efforts.
1. Does GDPR even apply to B2B marketing?
All the focus is on b2c. But GDPR does apply to b2b marketing, albeit to a lesser extent than b2c marketing. Nonetheless, we have guidelines to adhere to.
2. What’s the difference between personal data and business data in B2b marketing?
Personal data belongs to an individual. It is any data collected that contains identifying information about an individual. Teach a Brand to Fish collects personal data that is limited to what is public and professional. We gather an individual’s: First Name, Surname, Job Title, LinkedIn Profile, and Company Email.
But business data may be associated with an individual, but it is not information that makes them identifiable. We gather Company/Organisation name, Business address, and business website.
3. How does TABTF gather data? Is that GDPR compliant?
TABTF gathers data that exists in and from the public domain in processes that are fair, lawful and transparent. How does this make it GDPR compliant?
We do this to ensure any, and all future engagement warrants are a legitimate interest for, and on behalf of the individual whose personal and business data, we have gathered.
We almost always make the first contact through a personalized direct mail piece that invites the individual to respond to us via email. By doing this, it allows a mutually respectful exchange that exists around a legitimate (business) interest.
4. What’s your Legal Basis for processing an individual’s data?
There are 6 Legal Bases for processing an individual’s data. Our basis is Legitimate Interests, which appears in Article 6(1)(f) of the EU General Data Protection Regulation.
It is the most flexible lawful basis for processing, and the one most abused. We are fiercely opposed to abusing Legitimate Interest and take great care in creating hyper-relevant communications with each database that results in 5% up to 40% of the Individuals that respond. This response is to our initial point of contact, thus moving us directly into a rapport.
The results of our communications associated with the databases we build continue to demonstrate that we value, respect and work hard to ensure LEGITIMATE INTERESTS. The results are supported through higher than average response rates from the individuals we put into our initial database.
When we invest the time, energy and resources to identify the 4 primary decision-makers involved in a sale, for example, CEO, CTO, CFO, Head of Learning, then build 4 databases of 100 of each job title, we can then ensure that the CEOP gets the most hyper-relevant communication that best resolves his challenge that we (you) happen to solve.
We would never blanket communicate to multiple stakeholders, neither would we solicit a sale in the first 3 to 6 marketing touchpoints – we would earn the right to make the sale.
5. How do you determine/prove Legitimate Interests?
The UK’s Information Commissioner’s Office spells this one out really well. We’ve added what you need to know below.
There are three elements to the legitimate interests basis. It helps to think of this as a three-part test.
You need to:
- identify a legitimate interest;
- show that the processing is necessary to achieve it; and
- balance it against the individual’s interests, rights and freedoms.
Legitimate interests can be your interests or the interests of third parties. They can include commercial interests, individual interests or broader societal benefits.
The processing must be necessary. If you can reasonably achieve the same result in another less intrusive way, legitimate interests will not apply.
You must balance your interests against the individuals. If they would not reasonably expect the processing, or if it would cause unjustified harm, their benefits are likely to override your legitimate interests.
Keep a record of your legitimate interests assessment (LIA) to help you demonstrate compliance if required.
You must include details of your legitimate interests in your privacy information. (Privacy Policies are not covered here)
Minimal Privacy Impact
9 times out of 10, we use mail service for the initial contact point, LinkedIn for the 2nd touchpoint, and email third. However, approx 5 to 40% have already responded to us inviting more contact by the time we’ve exhausted Linkedin. However, we are mindful not to intrude on inboxes as people are spam exhausted and feel imposed upon when they receive unsolicited, or premature sales communications.
Yes, GDPR applies to b2b marketing. You’ll want to consider how you gather and process data, and whether it’s GDPR compliant.
At Teach a Brand to Fish, we use the Legitimate Interest basis to inform how we collect data and communicate with individuals. To ensure your b2b marketing efforts are GDPR compliant under this basis, here’s a handy checklist to follow.