Consumer privacy and data protection is changing how we do business. These issues have come to the US with the advent of the California Consumer Privacy Act (CCPA). Read our step-by-step article and download our complete checklist for building your strategy, preparing your website, and training your staff.
The Article in 60 Seconds
The European Union’s (EU) consumer privacy act, the General Data Protection Regulation (GDPR), took effect in May 2018. While similar in concept to the California Consumer Privacy Act (CCPA), there are no actual overlaps in compliance regulations. GDPR focuses on consumer data portability, profiling, and processing; it affects any company that collects personal data for an EU resident.
Think About This
- GDPR applies to you if your company is located in the EU and/or if your company collects, stores, or processes the personal information of an EU resident.
- GDPR was the first wave in an active movement to regulate and monitor the sharing and usage of consumer data. With current laws in Nevada and the CCPA coming soon, similar legislation is under consideration in New York and Washington, D.C. The common theme is corporate responsibility for consumer data. Even in you are not doing business in the EU, it’s wise to pay attention to this growing trend.
- The regulations went into full effect on May 28, 2018, and non-compliance is now accompanied by hefty fines.
- You can use the GDPR to your advantage. Efficiencies in data structure and integrity can translate into customer loyalty for your proactive stance on consumer privacy protection.
Consumer Data Protection Regulation Is On The Rise
It’s easy to feel inclined to ignore the GDPR if your tech business isn’t located in Europe or isn't targeting citizens of the EU, but, it’s essential to keep in mind one fact: the GDPR was designed to reflect the digital world we are living in now and to bring the importance of privacy, data, and consent to the forefront. This means that even if right now, your tech business doesn’t need to comply with the GDPR, it is where regulation is moving.
There are key differences between the CCPA and GDPR, which highlight the importance of being keenly aware of where your consumer data came from, where and how you’re using and storing it, and what you’re doing with it.
A few of the main differences between these two prevalent regulations are:
|Collection of Data||Sale of Data|
|Every company that processes personal data, without exception||For-profit companies with gross revenue >$25mil collecting data for >50k Ca. residents OR with >50% revenue from sale of personal data|
|Opt IN from consumers||
Opt OUT by consumers
GDPR & B2B Tech Sales and Marketing Best Practices
Getting your B2B tech company on a path toward GDPR compliance also means improving your sales and marketing efforts. That annoyance, frustration, and violation you feel when you receive an unsolicited email or see an online ad is the same feeling your prospects feel when it happens to them.
Ask Users to Opt-In on Forms
Do you host webinars? Write eBooks and other content offers like white papers? Do you have a “request a demo” form? I’m sure the answer is “yes” to at least one of those.
Under the GDPR, your form needs to allow a user to provide opt-in consent before you are allowed to track, retarget or mail those users. This opt-in consent should be added to the bottom of your forms, with a simple checkbox that is un-checked by default for GDPR compliance, like this example from HubSpot:
If you are not required to comply GDPR, but want to take a step forward with consent, you can use an auto-consent, with a clearly defined opt-out option, like GoToWebinar does below:
If you use HubSpot, you can easily add this type of “consent checkbox” to any form by editing your GDPR content in your settings.
Stop Emailing Your Unengaged Subscribers
Consider ignoring your non-engaged subscribers instead of continuing to hit their inboxes with content that no longer interests them.
If you use HubSpot, there is a contact property called “Sends since last engagement,” that allows you to create smart lists based on how many emails someone has received since their last engagement. Ignoring those who have been unengaged for 10+ emails is a solid start:
And, you can also automatically opt out these individuals when you go to send an email in HubSpot. Their default is 11 sends since last engagement.
If, however, you are frustrated about the amount of unengaged contacts in your system and want to keep them on board, we recommend sending an email asking them to engage. This is an excellent example from Animoto:
Notify Website Visitors of Your Cookie Usage
Internet users around the world are used to seeing banners like this one:
We normally, blindly hit “accept,” without really thinking about the purpose of these cookies. GDPR aims to change that.
If you are subject to EU regulation, consider a consent lifecycle management tool like Clym that allows you to create a cookie notification that gives website visitors a choice.Don’t Do Anything that Violates Someone’s Digital Privacy
The main difference between GDPR and the US-based regulations on the table currently is consent. GDPR requires an opt-in consent without any prefilled responses, whereas CCPA mandates clear opt-out options. Both regulations focus on allowing consumers to dictate where and how their data is being collected, stored, and used.
Even if your company is truly not subject to compliance with any consumer data legislation, it’s wise to consider what the trends mean to B2B companies. Regulating your data architecture, allocating dedicated resources, and developing response protocols are not overnight projects. Use the writing on the walls to get a head start. You might gain customer interest and loyalty in the process.
Treat your subscribers the way you’d like to be treated, and you’re already one step ahead.
The First Thing to Do After Reading this Article
Adopt the philosophy that consumer personal information is just that: personal and the consumers’. Even if you’re not ready to comply with GDPR, the suggestions listed in this blog are meant to get your business on the right track — to simplify compliance long term, while also improving your sales and marketing efforts.
Take a hard look at your data architecture. If you needed to comply with a similar regulation, what would it take? What can you do to get a head start?