European Union Data Protection

GDPR One Year Later: What Have We Learned About B2B Marketing?

by Gary Survis

It is May, 2019…and guess what? Marketers are still marketing in the EU. Over the past year, and months before May 2018, I have had a ring side seat to the challenges, learnings, and wins that marketers have experienced in the age of GDPR. It has been a journey!

In this last year, I have spoken with dozens of portfolio companies answering both straightforward and more complex questions around GDPR and B2B marketing. Now, I am certainly no lawyer, but I have been able to develop a point of view on how marketers can thrive given some of the significant challenges around B2B marketing and GDPR. Here is what I have learned:

Focus on the business, not the person

Yes, B2B marketing is alive in the EU.  Now, there have certainly been changes in tactics and approaches. Databases are cleaner, sources of contacts are stronger, privacy protection is better, and lists are almost all 100% opt-in. These I believe are mostly good things. But, there is quite a bit of flexibility in approaches given a singular fact: GDPR is about personal privacy, not business privacy. Now, while this may seem obvious, once you understand this base concept, it frees marketers to target a business aggressively and leverage “legitimate interest” as a tool to communicate with leads (more on this later).

Don’t let the lawyers market

Organizations that let the lawyers develop the rules without marketing advocating for the permissible tactics are struggling.  In my conversations with portfolio companies, it is clear that there is room to “negotiate” with legal and develop a policy that protects the firm but doesn’t shut down marketing. Successful EU marketers are the ones that successfully make the case for balancing the risk to their firm against the opportunity to drive growth for the organization through effective marketing. 

You should ask yourself two questions that may help understand this risk:

  • Am I big enough to be a target of enforcement? In most cases, the answer is no! Big privacy breaches like Equifax or Google’s use of personal data make headlines. Would an enforcement against your company be news?
  • Have you taken care of the “block and tackle?” It is important that you have made a good faith effort to take care of the basic protections:  security to protect Personally Identifiable Information, updated GDPR compliant privacy policy, procedures around opt-in and “right to be forgotten,” and a preference center for database members to tell you what type of communications they prefer. Once these are in place, if there were an EU prompt about your tactics, you will be in a solid position to answer them and likely not get fined.

Legitimate Interest is your friend

As stated previously, GDPR is focused on protecting an individual’s privacy, not a business’. Once you focus on the business, then the GDPR rules stipulate rules around the “legitimate interest” a business has in communicating with a person at another business. The goal of GDPR was not squash all business marketing but provide a way to communicate with a business and provide them information that would be considered normal in the course of typical B2B communications.

Now legitimate interest is not a free pass to break all the GDPR rules, but more a carve out to allow business to communicate with other businesses and enable them to do what is necessary to do their jobs.  And, one final note…the rules on contacting business will vary by country, so make sure you know the rules.  More on leveraging legitimate interest for B2B marketing here.

Tactics may change

I don’t want to paint an unrealistic picture, marketers need to be savvy and know what is and isn’t permissible under GDPR. First, you can do ABM in the EU, but the tactics will probably be a bit different than in the US. Specifically, you will not be able to leverage any “intent” data that is learned from tracking someone’s IP address.  But, direct mail is perfectly permissible and, arguably, more effective than emails today. Lastly, you can certainly enrich your data with additional details from third parties like Discover.org or Clearbit. What you can’t do is blast emails to list from these sources. Alternatively, it might make sense to do an opt-in campaign under the basis of legitimate interest.

So, one year later we have learned a lot. But, GDPR regulations are certainly not fully baked and continue to evolve. For B2B marketers, the best advice is to stay vigilant and keep your knowledge as fresh as possible. We will continue to monitor and pass on information as it all evolves.

Tags:,

Gary Survis

Gary Survis

Operating Partner

Gary Survis joined Insight in 2016 as a Operating Partner. Gary focuses on driving operational strategies and improvements within Insight and its portfolio companies. He leverages his experience to assist organizations in accelerating solutions in strategy, marketing, talent management, and sales…

See Gary's Full Bio

Read More Posts from Gary Survis