The GDPR requires all businesses that handle personal data for EU citizens to follow guidelines on how they collect, use and store that information. It’s no surprise that B2B sales and marketing teams are one of the most affected groups by this regulation.
In this article we aim to take you through some of the ways GDPR has an impact on businesses and the steps you can take to have fully compliant marketing systems.
Yes. The GDPR applies wherever you are processing personal data. This means if you can identify an individual either directly or indirectly, the GDPR will apply. Personal data includes anything that makes someone identifiable, including (but not limited to) names, phone numbers, IP addresses and personal email addresses.
Yes. Before sending a cold email you’ll need to verify that you’re allowed to contact them under the GDPR. There are six ways to establish a lawful basis to process someone’s personal data: consent, contract, legal obligation, vital interests, public task and legitimate interest.
When sending cold emails to a business email address (e.g. email@example.com), B2B companies should be able to rely on legitimate interest.
Under legitimate interest, data need to be used in a way people reasonably expect but also have a minimal privacy impact (in cases in which an individual’s right will be breached, their rights will override your legitimate interest). Simply put, you have to make sure you’re emailing the right people with a message they’ll be interested in hearing.
Alternatively, if you’ve gained verifiable consent via a signup form, you’re good to go.
Please note, however, that decisions regarding which legal basis applies can be tricky and, therefore, we strongly suggest consulting a lawyer in this regard.
Finally, keep in mind that if the email address isn’t tied to any one person (e.g. firstname.lastname@example.org), it may even fall outside the scope of “personal data”.
Do you have these 15 things in place for being fully compliant with the GDPR? Check out our list here:
The consequences for non-compliance can include fines up to €20 million or 4% of the annual worldwide turnover (whichever is greater). Not all GDPR infringements lead to fines: sanctions may include official reprimands, periodic data protection audits (which can result in being barred from using data associated with the violation — including entire email lists) and liability damages.
GDPR compliance for your site, app and organization