by Byron Crowell
CEO & Founder of Solution Publishing
The General Data Protection Regulation, or GDPR, came into effect in 2018 in an effort to protect the privacy of users in the European Union. This legal framework establishes rules that marketers who advertise to EU-based users have to follow or else face penalties. Let’s take a closer look at what the GDPR means for B2B lead generation.
An overview of compliance
The GDPR framework establishes the following requirements for EU-based user data:
- You need to obtain clear consent to collect, store and use data.
- If you don’t get consent, data has to be anonymized by removing names or using nicknames.
- Users must be notified of data breaches quickly.
- You need to take the necessary steps to review and improve data security.
- You should provide a way for users to request to have their data erased.
Again, these rules apply to anyone who does business with customers in the EU. However, it might be easier to adopt these standards for your entire audience. And with half of US consumers deciding against buying a product or service due to privacy concerns, it can’t hurt to go above and beyond the data privacy requirements for your US audience.
What does the GDPR mean for sales prospecting and B2B lead generation?
Obtaining consent before emailing prospects has always been a data privacy requirement. However, the GDPR framework specifies that consent has to be unambiguous and given through a clear statement. You should review the language you use and ensure it reflects the data you collect and how you use it.
Under the General Data Protection Regulation, you can’t collect any data until a user opts in. Besides getting prospects interested in what you offer, you’ll have to gain their trust and convince them to share their personal information with you.
The opt-in process is an opportunity to create an approach that feels more personalized. Since users have to give their consent, you can add an extra step to let them choose what kind of communications they want to receive. Email marketing is particularly adapted to this approach since it’s the leading channel for delivering personalized content.
You’ll also have to update your sales funnel with a process for managing consent and deleting data in case a user withdraws their consent.
What to avoid under the GDPR
Some common marketing practices are in direct violation of the General Data Protection Regulation. Be sure to avoid:
- Using white papers, free trials, quote requests and other forms to collect email addresses and adding them to your marketing list without obtaining consent.
- Using email addresses for cold marketing without consent.
- Purchasing leads.
First-party versus third-party
Publishers fulfill the most important GDPR requirement – consent.
Publishers connect directly with their audience by offering readers relevant content of interest. This forms a first-party relationship. This interchange between publisher and reader occurs in a GDPR-compliant platform. This venue offers businesses the opportunity to place branded content directly in front of the right users, providing an opt-in process that can obtain consent.
On the other hand, a lead vendor using and offering strictly third-party data, is an entity that merely collects, stores, and uses data without having a direct connection to the original contact. They do not receive consent to use this data. These companies are not GDPR-compliant. This means that any company purchasing lead contacts from these organizations, are not receiving consent either, and run the risk of – regulatory attention.