Forget about the GDPR scaremongers trying to frighten you into buying more advertising like magazine display ads, banners and pay-per-click. The reality is you always need more business to keep afloat, but what is the best approach with GDPR in mind?
Customer Acquisition Costs (CAC), Lifetime Value (LTV) and Key Performance Indicators (KPIs) are all terms you know, but never before have businesses been forced to rapidly and systematically change their game to stay profitable and engaging because of an EU directive.
Why Did GDPR Happen?
Whilst I understand the necessity of Global Data Protection Regulation (GDPR), I fail to see how the EU and their advisors have acted in the interests of B2B organisations.
Was it CEOs' lack of marketing sense that brought this on or did the inexperience of marketers do it? I'm referring to spamming and repeated, unwanted emails and direct mail.
Should B2B marketers have taken the time to become better acquainted with their desired market? Should they have invested on better technologies? Or should they have got to grips with Account Based Marketing (ABM) and ensured they were speaking to the right people, about the right element of the product or offering, instead of 'blasting' everyone they could?
What about the high fines
No matter what the reason, GDPR is with us and failure to comply will cost either £20m or 4% of your global annual turnover.
Think about it. If you were to keep spamming someone against the GDPR rules and the company you are spamming were sticking to the rules, they are going to be more likely to report you.
The fact that the fines are so high means that an officious EU bureaucrat could take great pleasure in following through. And this is irrespective of what certain people are saying to the contrary. It still remains to be seen how far-reaching this legislation will be in the medium to long term, but putting practises in place to avoid a fine are now essential.
GDPR Do's & Don'ts
One of the main elements that strikes me with GDPR is that it's an ongoing process and not somehting you can simply set and forget. The main elements of the GDPR, as they relate to B2B are as follows:
- The right to be forgotten
- Obtaining permission to send emails (preferably double opt-in)
- Maintaining continuity about the reason to communicate
- The ability to hand to someone all the data you have on them within 72 hours and then deleting it no matter how many databases you're running!
I have provided a list to help you move forward over the next few months. The definition of identifiable information is as follows:
- Online identifier
- Health information
- Cultural profile
“Permission is king these days.”
Simply put, you cannot send prospecting and sales messages (via email or text) without explicit opt-in consent (or parental consent to collect data for children under 16) to your EU recipients. And the EU gives strict guidelines on how to obtain that consent:
- You can’t use pre-checked boxes on your forms
- You must keep consent requests separate from other terms and conditions
- You have to make it easy for people to withdraw consent, and you have to tell them how to do it
- You must keep evidence of consent (who, when, how)
Implement a “Privacy by Design” or “Privacy by Default” approach to collecting and processing project — only ask for the bare minimum to cover your GDPR bases. Also:
- They must have access to their own data
- They can correct their own data at any time
- They have the right to delete their information (“Right to be forgotten”)
Marketers need to be in charge of opt-ins
- Make GDPR compliance an important part of your goals
- Revisit CAN-SPAM laws and analyse your organisation’s current state of compliance
- Figure out what needs to change and prioritise
- Tackle your checklist step-by-step so you don’t get overwhelmed
- Schedule regular check-ins with key stakeholders
- Train your employees (e.g. sales representatives) and provide updates as necessary
- Work with and review your partner contracts to confirm they are also GDPR compliant
Appoint a Data Protection Officer (DPO)
The DPO's main responsibilities:
- Educate the company on important compliance requirements
- Train staff involved in data processing
- Conduct audits to ensure compliance and address issues before they arise
- Serve as the point of contact between the company and GDPR Supervisory Authorities
- Monitor performance and provide advice on the impact of data protection efforts
- Maintain comprehensive records of all data processing activities conducted by the company
- Interface and inform data subjects about how their data is used, their “Right to be Forgotten,” and what measures the company put in place to protect their personal information
You have 72 hours to report data breaches to authorities
GDPR compliance applies to data breaches too, so develop procedures to detect, report, and investigate personal data breaches. Know that you must notify the Information Commissioner’s Office (ICO) within 72 hours when a Data Protection Act (DPA) breach occurs, and you have to communicate to affected individuals soon after that. If you don’t follow these data breach protocols, your company must pay fines as well as a fine for the breach itself.
More Information from the ICO
Download your copy of the full ICO GDPR Regulations. Click below for the PDF
GDPR Business Process Management
For some organisations the management of data may be fairly straightforward, however, there will be some larger organisations who have legacy software and where access and presentation of this data is not as easy as it sounds.
The easiest way to provide multi-faceted access to multiple databases is to implement an Intelligent Business Process Management System (iBPMS) solution. This is a independent software platform that integrates with legacy solutions and can perform any number of desired functions without the need for a wholesale upgrade of your existing software systems.
For example, if a customer requested you provide them with all the data you hold on them and you have an Accounting, CRM, Service Support and marketing platform, the iBPMS can be confirgured to interrogate all four systems, extract all the data on one such client and print it out or provide it electronically for the client. Deleting may be a little more complicated, but at least you will be able to access the data quickly and within the 72 hour time scale.
It may transpire that you need to provide activity logs to confirm deletion but nevertheless, you can see why GDPR could prove a big problem for some companies unless they have a comprehansive automated system in place to manage any such requests.
For more information on iBPMS and GDPR, click on the image below to link to a webinar that covers these two subjects.
Bizagi is a leading iBPMS global solution, based in Chalfont St Peter, Buckinghamshire - www.bizagi.com
What About New Business?
With all that said, fortunately we have a strategy and approach that ensures you're covered when it comes to GDPR. The problem comes from seeking to generate new business from cold. This means you're not able to send out email blasts unless you have permission. This is where salesXchange wins in a big way because of our management and presentation of new content to your existing customers.
Take a look at the sX Social 444 B2B Marketing Framework and imagine how it would blend in with your existing structure and of course, begin to increase your income and reduce your costs.
If you want to see what your business will look like in a few months time, get in touch (call on 0800 970 9751). We'll explain how salesXchange works in both the first stage when working with existing customers and how new business is developed through longer term attraction marketing. We help you to create a balance generating new business against the backdrop of GDPR and making your business more profitable in the process.