GDPR and Finding New Business in 2018
Every marketing company is writing about the Do's and Don'ts of GDPR, but we have a really big plan!
Forget about the scaremongers trying to frighten you into buying more advertising in 2018 because of GDPR, like magazine display ads, banners and pay per click. The reality is you always need more business to keep afloat, but what is the best approach for this year with GDPR in mind?
Customer Acquisition Costs (CAC), Lifetime Value (LTV) and Key Performance Indicators (KPIs) are all terms you know about, but never before have businesses been forced to rapidly and systematically change their game to stay profitable and engaging because of some EU directive.
Why Did GDPR Happen?
Whilst I understand the necessity of Global Data Protection Regulation (GDPR), I fail to see how the EU and their advisors have acted in the interests of B2B organisations.
Was it CEOs' lack of marketing sense that brought this on or did the inexperience of marketers do it? I'm referring to spamming and repeated, unwanted emails and direct mail.
Should B2B marketers have taken the time to become better acquainted with their desired market? Should they have invested in better technologies? Or should they have come to grips with Account Based Marketing (ABM) and ensured they were speaking to the right people about the right element of the product or offering instead of 'blasting' everyone they could?
What about the high fines
No matter what the reason, GDPR will 'go live' on 25th May 2018 and failure to comply will cost either 20m or 4% of your global annual turnover.
How strict will they be? Well I've heard, "not very". Do I believe them? No!
Think about it. If you were to keep spamming someone against the GDPR rules and the company you are spamming were sticking to the rules, they are going to be more likely to report you.
The fact such high fines can be dished out could mean that some officious EU bureaucrat takes great pleasure in following through irrespective of what certain people are saying to the contrary at the moment.
GDPR Do's & Don'ts
One of the main elements that strikes me with GDPR is that it's an ongoing process and not somehting you can simply set and forget. The main elements of the GDPR, as they relate to B2B are as follows:
- The right to be forgotten
- Obtaining permission to send emails (preferably double opt-in)
- Maintaining continuity about the reason to communicate
- The ability to hand to someone all the data you have on them within 72 hours and then deleting it no metter how many databases you're running!
I have provided list to help you move forward over the next few months. The definition of identifiable information is as follows:
- Online identifier
- Health information
- Cultural profile
“Permission is king these days.”
Simply put, you cannot send prospecting and sales messages (via email or text) without explicit opt-in consent (or parental consent to collect data for children under 16) to your EU recipients. And the EU gives strict guidelines on how to obtain that consent:
- You can’t use pre-checked boxes on your forms
- You must keep consent requests separate from other terms and conditions
- You have to make it easy for people to withdraw consent, and you have to tell them how to do it
- You must keep evidence of consent (who, when, how)
Implement a “Privacy by Design” or “Privacy by Default” approach to collecting and processing project — only ask the bare minimum to cover your GDPR bases. Also:
- They must have access to their own data
- They can correct their own data at any time
- They have the right to delete their information (“Right to be forgotten”)
Marketers need to be in charge of opt-ins
- Make GDPR compliance an important part of your goals for 2018
- Revisit CAN-SPAM laws, and analyse your organisation’s current state of compliance
- Figure out what needs to change and prioritise
- Tackle your checklist step-by-step so you don’t get overwhelmed
- Schedule regular check-ins with key stakeholders
- Train your employees (i.e. sales representatives) and provide updates as necessary
- Work with and review your partner contracts to confirm they are also GDPR compliant
Appoint a Data Protection Officer (DPO)
The DPOs main responsibilities:
- Educate the company on important compliance requirements
- Train staff involved in data processing
- Conduct audits to ensure compliance and address issues before they arise
- Serve as the point of contact between the company and GDPR Supervisory Authorities
- Monitor performance and provide advice on the impact of data protection efforts
- Maintain comprehensive records of all data processing activities conducted by the company
- Interface and inform data subjects about how their data is used, their “Right to be Forgotten,” and what measures the company put in place to protect their personal information
You have 72 hours to report data breaches to authorities
GDPR compliance applies to data breaches too, so develop procedures to detect, report, and investigate personal data breaches. Know that you must notify the Information Commissioner’s Office (ICO) within 72 hours when a Data Protection Act (DPA) breach occurs, and you have to communicate to affected individuals soon after that. If you don’t follow these data breach protocols, your company must pay fines as well as a fine for the breach itself.
More Information from the ICO
Download your copy of the full ICO GDPR Regulations. Click below for the PDF
GDPR Business Process Management
For some organisations the management of data may be fairly straightforward, however, there will be some larger organisations who have legacy software and where access and presentation of this data is not as easy as it sounds.
The easiest way to provide multi-faceted access to multiple databases is to implement an Intelligent Business Process Management System (iBPMS) solution. This is a independent software platform that integrates with legacy solutions and can perform any number of desired functions without the need for a wholesale upgrade of your existing software systems.
For example, if a customer requested you provide them with all the data you hold on them and you have an Accounting, CRM, Service Support and marketing platform, the iBPMS can be confirgured to interrogate all four systems, extract all the data on one such client and print it out or provide it electronically for the client. Deleting may be a little more complicated, but at least you will be able to access the data quickly and within the 72 hour time scale.
It may transpire that you need to provide activity logs to confirm deletion but nevertheless, you can see why GDPR could prove a big problem for some companies unless they have a comprehansive automated system in place to manage any such requests.
For more information on iBPMS and GDPR, click on the image below to link to a webinar that covers these two subjects.
Bizagi is a leading iBPMS global solution, based in Chalfont St Peter, Buckinghamshire - www.bizagi.com
GDPR as a Service
As with everything, "there's a service for that". Gecko Compliance is one such company, able to help walk you through the potential minefield of GDRP and they do everything online by providing a series of instructional videos. They also offer an outsourced service via their team of GDPR experts if you don't have the available internal staff.
Click on the image below to link to Gecko Compliance - GDPRaaS for more information.
Gecko Compliance are based in London, England.
What About New Business?
With all that said, fortunately we have a strategy and approach that ensures you're covered when it comes to GDPR. The problem comes from seeking to generate new business from cold. This means you're not able to send out email blasts unless you have permission. This is where salesXchange wins in a big way because of our management and presentation of new content to your existing cistomers.
If you want to see what your business will look like in a few months time, get in touch and we'll help explain how salesXchange works in both the first stage when working with existing customers and how new business is developed through longer term attraction marketing, creating a balance generating new business against the backdrop of GDPR and making your business more profitable in the process.