More Related Content
Similar to Guide B2B Marketers Through GDPR Compliance
Similar to Guide B2B Marketers Through GDPR Compliance (20)
More from Demandbase (20)
Guide B2B Marketers Through GDPR Compliance
- 1. THE GDPR
FOR B2B MARKETERS
John Follett
Co-Founder & Analyst
Demand Metric
John Dering
Sr. Director, ABM Technology & Strategy
Demandbase
- 2. © 2018 DEMANDBASE|SLIDE 2
INTRODUCTION
John Follett
Co-Founder &
Analyst
Demand Metric
John Dering
Senior Director, ABM
Strategy & Technology
Demandbase
- 7. © 2018 DEMANDBASE|SLIDE 7
HISTORY OF THE GDPR
1984
• UK Data
• Protection
• Act
Passed
1995
• EU Data
• Protection
• Directive
• Passed
1998
• UK Data
• Protection
• Act
Updated
2000
• International
• Safe Harbor
• Privacy
• Principles
• established
2012
• EU
• Commission
• announces
• plan for the
• GDPR
2016
• EU-US
• Privacy
• Shield
• Replace
• Safe
• Harbor
• GDPR
is
• approve
d
• by EU
2018
GDPR in
effect
- 8. © 2018 DEMANDBASE|SLIDE 8
REGULATION VERSUS DIRECTIVE
The GDPR is different from the previous Data Protection Directive
because it is binding from the outset.
The result is that the GDPR creates a single set of rules and helps to
harmonize data protection laws across Europe.
Directive
• EU Member
States
decide how
to translate
into national
laws
Regulation
• Binding legal
force across
the EU
- 9. © 2018 DEMANDBASE|SLIDE 9
CHALLENGES OF THE GDPR FOR MARKETERS
The GDPR Guidelines are not always
exact to a particular situation
Individual’s
Data Privacy
Interests
Business’
Data
Processing
Interests
Data &
GDPR
- 27. © 2018 DEMANDBASE|SLIDE 27
CHALLENGES OF
THE GDPR
FOR MARKETERS
Understanding what GDPR
really means for their business
Assessing current and
future state
Developing a plan
for compliance
- 28. © 2018 DEMANDBASE|SLIDE 28
CHALLENGES OF THE GDPR FOR MARKETERS
Keys to understanding what GDPR
really means for their business
Defined who should interpret these requirements & why
Determine how your company is impacted
Translate into future marketing capabilities
Review requirements set forth by GDPR, PECR, ePrivacy
Directive, and national data protection laws
- 29. © 2018 DEMANDBASE|SLIDE 29
CHALLENGES OF THE GDPR FOR MARKETERS
Assess current state of compliance and
understand what you need to add for the GDPR
Example National Email Requirements Y N Notes
Subject line accurately reflects the purpose of the message ✓
“From,” “To,” “Reply-To,” names plainly identify your business. ✓
A valid physical postal address for your business is included (P.O. boxes are now acceptable). ✓
The “unsubscribe” link is easy to find and the recipient needs to take only one action to opt-out (for
example, clicking on a button).
✓
There are no fees, multiple landing pages, or email verifications involved to unsubscribe. ✓
The unsubscribe link is active for 30 days. ✓
The email clearly states it is an advertisement or solicitation IF the email list being used is only
permission based and has not been verified through opt-in or double opt-in processes. ✓
We don’t normally buy lists, though it’s been done
before. Our email database comes from business people
completing forms on our website or attending events for
which we are a sponsor.
Consent is captured, verified & stored for compliance ✓
We currently operate from inferred consent (e.g. form
completion, trade show scan, etc.)
Forget Me functionality – DO NOT TRACK ✓ Currently under dev
- 30. © 2018 DEMANDBASE|SLIDE 30
CHALLENGES OF THE GDPR FOR MARKETERS
Develop a plan to compliance
Data
Processing
Bases
On-going
Compliance
Handling
Historic &
Future Bases
Revise Marketing &
Data Collection
Practices Accordingly
- 31. © 2018 DEMANDBASE|SLIDE 31
THE GDPR: MAKE SURE YOU HAVE A LEGAL BASIS TO PROCESS DATA
LAWFUL BASES FOR
DATA PROCESSING
LESS LIKELY
FOR
MARKETING
MORE LIKELY
FOR
MARKETING
Contract ✓
Legal Obligation ✓
Vital Interests ✓
Public Task ✓
Legitimate Interest ✓
Consent ✓
Source: Information Commissioners Office (ICO.org.uk)
- 32. © 2018 DEMANDBASE|SLIDE 32
THE GDPR: PROCESSING SIMILARITIES
(a) Consent: Consent should be given by a clear affirmative
act establishing a freely given, specific, informed and
unambiguous indication of the data subject’s agreement to the
processing of personal data relating to him or her, such as by
a written statement, including by electronic means, or an oral
statement.
§ The GDPR sets a very high bar for consent
§ Determine if consent is needed or you can process based
on another legal basis
§ Check your consent practices to make sure they align with
the GDPR
These positions will often justify data
collection and processing for marketing
Source: Information Commissioners Office (ICO.org.uk)
- 33. © 2018 DEMANDBASE|SLIDE 33
THE GDPR: LEGITIMATE INTEREST
Does your business have a legitimate
interest in processing a person’s data?
(f) Legitimate Interests: the processing of your legitimate
interests or the legitimate interests of a third party unless there is
a good reason to protect the individual’s personal data which
overrides those legitimate interests.
- ICO: Guide to the General Data Protection Regulation (GDPR), Lawful Basis for Processing
“For example, although marketing may in general be a legitimate
purpose, sending emails in breach of electronic marketing rules
would not be legitimate. You also need to ensure you comply with the
specific rules on profiling and automated decision-making.”
- ICO – Lawful Basis Interactive Guidance Tool
- 34. © 2018 DEMANDBASE|SLIDE 34
• EU Data Privacy is not new
• Most Marketers are aware
and working toward
compliance
• Most B2B Marketers are
unsure of compliance with
their vendors
• Proper understanding and
planning for GDPR are key
for long term compliance
THE GDPR FOR
B2B MARKETERS
KEY TAKEAWAYS