If you’re reading this then it’s quite likely that lead generation plays a part in your business and you’ll have been affected by the GDPR rules that came into play back in 2018. Not abiding by GDPR can have catastrophic results for businesses, which is why it is so important to ensure that you are practising GDPR-compliant lead generation.
In this article, we’ll look at all the ways that you can ensure you’re staying GDPR compliant and what are the key differences between B2B and B2C marketing when it comes to GDPR.
What is GDPR?
GDPR stands for General Data Protection Data Regulation and in its simplest terms is a European data protection law that gives people more control over how their personal data is used. This personal data is anything that makes a person identifiable, for example, their name, phone number, address, IP address and email address. The aim of GDPR is to ensure that people’s personal data is used fairly, legally and transparently.
Complimenting GDPR is ePrivacy, the legal framework that protects the confidentiality of communications and regulates the use of tracking and monitoring online. A website must ask a user to “opt-in” to cookie usage before storing cookies in the user’s browser. The user must also be told about the purpose of the cookies before they give their consent.
Who does GDPR apply to?
The GDPR applies to any organisation that processes the personal data of UK/EU citizens, regardless of where the organisation is located. Even if your organisation is based outside of the UK/EU, you will still need to comply with the GDPR if you process the personal data of UK/EU citizens.
You can find out the countries where GDPR has been regulated here.
It’s important to note that GDPR for B2B and B2C businesses do differ slightly:
GDPR for B2B
- Unlike B2C marketing, you do not have to specifically ask for consent when processing business data.*
- You can send marketing/lead generation emails to business-specific email addresses without active consent if there is a legitimate interest in your services.
The term legitimate interest refers to a business being allowed to process an individual’s data because of a legitimate interest in their business. This could be when:
- The processing of the data is of clear benefit to their business.
- There is a limited impact on the privacy of the individual.
- The individual would reasonably expect the business to use their data in this way
- The business doesn’t want to bother people with a consent request when they are unlikely to object anyway.
It’s best practice to keep a record of the legitimate reason on record when using this as a justification for retaining their data.
GDPR for B2B
In B2C marketing you must ask for active consent when processing personal data.
If a consumer does not give consent to be sent further marketing emails from you or join your mailing list then you must not keep their personal data.
*It is important to note that a Sole Trader and some other Partnerships fall under the category of B2C and should be treated in the same way as a consumer.
Failure to comply with GDPR can lead to significant consequences for your business including temporary or permanent bans on data processing, rectification, restriction or deletion of data and even hefty fines.
Fines for GDPR non-compliance
There are two versions of the GDPR that businesses in the UK need to adhere to:
- The UK GDPR, which applies to the processing of UK residents’ personal data.
- The EU GDPR, which applies to the processing of EU residents’ personal data.
The maximum fine as set by the UK GDPR and Data Protection Act 2018 for failure to comply with GDPR is £17.5 million or 4% of annual global turnover – whichever is greater.
The maximum fine as set by the EU GDPR for failure to comply with GDPR is €20 million or 4% of annual global turnover – whichever is greater.
The basics of GDPR compliance
There are some basic rules that businesses need to abide by in order to ensure they are GDPR-compliant:
- Make sure that your data is properly secure.
- Try to minimise the amount of data that you store as the more types of data that you store, the greater the risk of not complying with rules and regulations.
- Make sure that you are very clear about where you stand legally in terms of processing personal data.
- Run regular audits on how your data is collected, stored and secured.
- Ensure that your privacy policy is compliant (easy to read and understand, easily accessible and with up-to-date and correct information that is bespoke to your business).
- Keep records of your data processing activities including records of consent
What does GDPR mean for Lead Generation?
GDPR and lead generation aren’t exactly a match made in heaven, and if you collect data to generate leads, then it’s very likely that GDPR will have impacted your lead generation strategy. Whereas in the past you would have been able to send marketing material to anyone whose email address or other personal data that you had on file, you can no longer do this without the individual’s explicit consent.
As well as gaining consent, you’ll also need to state that the data collected is protected against misuse. For example, misuse could mean the unlawful selling of personal data including email addresses, names, telephone numbers and IP addresses to a third-party organisation. You’ll also have to make your privacy policies very clear and make it easy for individuals to understand that they can revoke their consent and opt out of their data being used at any time.
How to comply with GDPR in lead generation
These are the most important steps that you can take to stay GDPR compliant:
Gain consent
Regardless of what your lead generation looks like – whether it be a contact form, registering for an eBook or entering a competition – the easiest way to comply with the GDPR is by always asking for consent to use data.
This could be the use of a checkbox so that the individual can accept your terms and conditions. And don’t forget to state how you will use their data and include a link to your privacy policy!
Legitimate Interest
It’s vital that you prove the legal basis for legitimate interest and why you are collecting data. If you plan to use personal data for marketing purposes then make sure you are clear about this in your privacy policy.
The importance of visible and accessible Privacy Policies
When your privacy statement is complete, make sure that it is easily accessible and visible on your website.
Offering consent withdrawal options (unsubscribes, opt-outs, etc)
As frustrating as it can be when an individual opts out of their data being used, it’s really important to remember that it is their right to withdraw their consent at any time. Make sure that it is easy to opt out or unsubscribe.
Data protection and good data management
Ensure that you state clearly in your privacy policy the steps that you take to protect data and disclose any relationships that you have with any third-party organisations. Database maintenance including ensuring your team accurately updates your CRM regularly is vital.
Complying to GDPR regulations can feel like navigating a minefield, so if you’d like help ensuring your lead generation is always GDPR compliant, then don’t hesitate to get in touch with our friendly team. Fast Track Solutions are experts in complying with GDPR regulations and can work with you to create a qualified lead generation pipeline.
