GDPR – what the F**k is that all about?

B2B marketing is being rocked by threats of losing whole databases and being unable to market services after 25th May 2018 – just 9 months away.

Really?

No, not really.  But there are some seriously hefty fines floating around and with the Government short of money, you don’t want to be on the wrong end of a fine up to a maximum of €20 Million or 4% of worldwide turnover, whichever is the greater!

So it makes sense to pay attention to GDPR and make sure you cover off the basics.

The aim of this article is to give you an update as of now (August 2017) so that you can start making some changes that will position you well when 25 May 2018 rolls around and GDPR descends on the UK like a toxic cloud of EU Bullshit that kills your sales and marketing efforts.

Limited Scope

I’m talking here about how GDPR affects your B2B sales and marketing: your data; email campaigns; social media; telemarketing, etc.

There are different aspects to GDPR that cover other areas of business such as: holding data on staff; employment contracts; payroll; logistics and so on.  I don’t know enough about these to advise you appropriately but we do know people, so get in touch if you want help.

If you hold any data on young people or anything deeply personal on individuals, get good, expert advice as there are changes in these areas.

What are the new rules when applied to B2B marketing?

This is the easy bit.  As things stand now, GDPR rules will be broadly similar to the Data Protection Act but beefed up with massive levels of fines and a focus on compliance:

  • You can email contacts in Limited Companies, LLPs, PLCs and Government institutions without needing an opt in as long as you give them an opt out. This does not actually rely on GDPR rather PECR (Privacy and Electronic Communications Regulations).  Also see the “Disclaimer” below regarding the future of PECR.
  • You need opt in permission to email sole traders, partnerships and other unincorporated businesses / individuals based on the new GDPR requirements.
  • The rules about the opt in have changed so you have to be open about what you are going to do with their data, not use coercion to get them to opt in and not pre-fill tick boxes or make service delivery conditional upon opt in.
  • There is a load of stuff about the “right to be forgotten”, only holding data while you actually need it and profiling data but frankly the issues in the three points above are far more pressing.

As you can see, not that much has really changed for B2B marketing and that’s not surprising as we are not the target of this legislation; this is data privacy legislation so it’s focussed far more on giving citizens rights to control what data is held on them and what is done with it.  The legislation is very different to the Canadian “Can Spam” rules that were specifically targeted towards email marketing and B2B businesses.

So why the fuss?

Because most businesses are not compliant with the toothless DPA and will get caught by the much fiercer GDPR.

You should be able to carry on using most of your data without getting everyone to opt in or double opt in as long as you understand the concepts of compliance and get your data in order.

But you have to get your data in order…

Your sales and marketing

If you are anything like most B2B businesses, you have a database of contacts in a CRM with your sales people holding other data in spreadsheets and email; while marketing have their own email marketing system and hold contact data from shows and events all over the place.

Whatever the case, you have a mess of contact data in systems and files.  Not only is this data duplicated all over the place but it’s also incomplete, out of date and generally shite.

Your biggest issue in complying with GDPR therefore is to get your data into good order and up to date so that you can prove you are following the rules.

You are likely to be tripped up by:

  • Duplicate data
  • Unstructured data (spreadsheets, csv exports, etc, etc)
  • Incomplete data
  • Old data
  • Wrong data

Action

The good news is that you can actually use GDPR to make money!  Yes, really…

Imagine for the moment that your data was all held in one central CRM system with complete records de-duplicated and used by both sales and marketing types.

Not only would compliance be a breeze, but you could also make great use of the data to run campaigns, generate leads, track engagement and close sales far more effectively than you are now.  My advice is to use GDPR as a reason to get your data in order; put it into a truly effective sales system then work it hard to generate you sales.

Sorting the data

You probably need external help to get your data in order.  Fact.  The people that got you into this mess won’t be able to get you out of it; you need outside help to sort your data.

(shameless plug)

The right help will be able to get all your data into one place and de-dupe it against a sensible field like email address.  Then you need to segment your data.  Limited Companies, LLPs, PLCs and Government institutions you can ignore for now as you can carry on marketing to them under legitimate Interest/PECR.

The rest of your data is either unknown or unincorporated sole traders or partnerships.  This needs the most urgent attention as you MUST NOT email them after May next year.  A smart person will be able to help you reduce the unknowns through data appending.  Now you have a pile of contacts that you want to get opted in to your marketing.

Sensible precautions

No one expects rules on data permission to be relaxed; it is more likely rules will tighten over time.  My advice to you is to get as many of the contacts on your database as possible opted in to your communications.  Then you are covered as rules change into the future.

Finally, once you have your data in order, don’t let your team screw it up again!  Load your data into a sensible CRM system with good duplicate detection processes and make it a capital offence to store any data in a spreadsheet ever, no matter what the special case.

What now?

I hope you found this overview and action plan on GDPR useful.  It is presented “as is” and the usual disclaimers apply around taking proper advice blah blah blah…

But you have some decisions to make and action to take.  I’d love the chance to help you and maybe some of our services will be useful to you as you seek the elusive compliance gold star while creating a world class sales system on its back.  Get in touch if this sounds interesting.

Disclaimer – please do read this

The opinions I have expressed above are based on current legislation and what is known of GDPR at this point (August 2017).  However there is talk that PECR (the law we rely on to be able to carry on emailing B2B contacts without opt in) could be amended at the same time as GDPR, possibly requiring opt in for B2B emailing.

If PECR is changed, the basis on which the opinion above has been offered changes completely.

Such is the madness of this legislation!