The uncertainty around GDPR has made a noticeable mark on businesses across the UK, leaving us all scrambling for the nearest foothold on the slippery slope of compliance.
“What do we need to do?”
“When do we need to do it by?”
What Luminate Digital do, however, is cut through the noise. Our GDPR Series (ATTACH LINK) is simple, digestible and easy-to-follow.
This blog post is written in this same manner - to give all B2B businesses guidance and to calm the turbulent, confused seas of compliance. In a few short months, you’ll have the tools needed to play by the rules.
What is GDPR
GDPR, which stands for the General Data Protection Regulation, seeks to govern all data protection rights of all individuals online and in the EU marketplace.
It will come into play 25 May
In those 20 years, the whole frontier of commerce has taken on a glistening digital sheen, whereby consumers have taken to keyboards and the World Wide Web to buy, sell and share. Huge amounts of information
Indeed, looking back to 1998 feels like peering into yesteryear. The emergent technologies that were to come would afford business untold opportunities. Criminals, too - the new digital marketplace would bring many more opportunities.
All in all, the case for stricter controls has been an increasing one, growing alongside tech-savvy criminal opportunists and those of us looking to protect ourselves.
What does GDPR mean for businesses
As we said earlier, our GDPR series covers much of this in greater depth - you’d do well to take a look. We’ll recap a little here.
All businesses need to be taking greater care about how they control and process their data. Transparency and obligation are the names of the game - your business is obliged to be transparent, and by law must make changes according to how data is handled under GDPR.
As things are now, all the current law asks of individuals is that they give consent to be marketed to. This ‘consent’ has been deemed insufficient and not in favour of our human rights.
It will no longer be enough, come May 25. Under the new law, a business must record and document consent for every single purpose.
What does it mean for B2B businesses?
It may seem like the whole affair is confusing and complicated, but in terms of a B2B and B2C split, there is very little division.
In fact, the only difference between B2B and B2C marketers has now to do with email and text marketing to employees of corporate organisations.
What does need to change are the processes by which you handle the data.
We’ve set these out in eight stages of action. Here they are.
- Be aware
- Document everything
- Make it known you’re compliant
- Update privacy notices
- Prioritise the individual’s rights
- React to and report data breaches to the ICO
- Designate a data protection officer
- Undergo data protection assessments
Spread the word of GDPR across your organisation - B2B marketing relies on everyone knowing what they have to do and how they have to do it.
This is across the board,
Make GDPR known - how it affects the business, its communications with other businesses and, short of scaremongering, the potential costs of violation.
Here lies the name of the game. You have to document all the personal data you hold, where it came from and who has access to it.
We recommend you conduct an information audit throughout your entire organisation. This way, you can rest safe in the knowledge that you’re covered and compliant.
Make it known you’re compliant
A part of legal B2B marketing post-GDPR is the act of identifying your basis for processing
Lawful basis can mean any of the following: the stated consent of your subject, the legitimate interest of the data controller or a third party that processes the data.
Update privacy notices
Similar to updating your whole processes, once your privacy notices are updated you should distribute them in your organisation. The privacy notice must explain your lawful basis for processing data, explaining that the individual does have a right to complain to the Information Commissioner if they believe there’s a problem with how their data is being handled.
A privacy notice should also:
- State who you are
- What personal information you hold
- Where the information was sourced
- What purposes the information will be used for
- How long it will be held
- Prioritise individuals’ rights
- This is at the heart of GDPR, and the main area of inspiration for its overhaul.
An individual, whose data is to be used must be able to easily exercise their right to either see, correct, restrict access to or remove their information altogether.
Ensure you have steps in place to make it as simple as possible. Clear-cut, so
We’ll say it again: transparency is key.
React to data breaches
In times of crisis and a serious data breach, you should have procedures in place to detect, report and investigate a personal data breach.
If you think your organisation has become
Designate a data protection officer
This is for both B2B and B2C markets, but it’s important so we’ll say it anyway. You absolutely need to designate someone at your organisation to look after and take responsibility for data protection compliance.
As with the rest of your organisation, they need to be fully trained and know the new GDPR like the back of their hands.
Without this depth of knowledge and insight, you could potentially be opening your organisation to harm.
Undergo data protection assessments
Once you are compliant and have your processes in place, you need to test, test and test again. It has to be air-tight, foolproof and proven to work every time.
A data protection impact assessment is needed where data processing poses a risk to individuals. ‘Risk’ could mean any one of the following; discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage to an individual.
It’ll take some time for the above to sink in, but know this - where GDPR is concerned, B2B and B2C markets are very much in the same boat.
It’s all about preparation and training. You can see our eBook The GDPR Toolkit for Business if you’d like more insight.