<img alt="" src="https://secure.leadforensics.com/107353.png" style="display:none;">

GDPR & B2B Marketing: the State of Play

Cheryl Evans

  • 06 Oct

Inbound, GDPR

Find out what GDPR means for B2B marketing.The uncertainty around GDPR has made a noticeable mark on businesses across the UK, leaving us all scrambling for the nearest foothold on the slippery slope of compliance.

“What do we need to do?”
“When do we need to do it by?”

Such questions, sputtered from businesses far and wide are met with guidelines, instructions, rules and agendas.

What Luminate Digital do, however, is cut through the noise. Our GDPR Series (ATTACH LINK) is simple, digestible and easy-to-follow.

This blog post is written in this same manner - to give all B2B businesses guidance and to calm the turbulent, confused seas of compliance. In a few short months, you’ll have the tools needed to play by the rules.

Here goes.

What is GDPR

GDPR, which stands for the General Data Protection Regulation, seeks to govern all data protection rights of all individuals online and in the EU marketplace.

It will come into play 25 May 2018, and replaces the long-outdated Data Protection Act of 1998. That provides a bit of context into the need for a new set of regulations on data protection. After all, just think about what has changed between 1998 and today.

In those 20 years, the whole frontier of commerce has taken on a glistening digital sheen, whereby consumers have taken to keyboards and the World Wide Web to buy, sell and share. Huge amounts of information is stored online, and it’s clear that the existing Regulation is wholly insufficient to handle the sophistication of e-commerce and the dangers that come with it.

Indeed, looking back to 1998 feels like peering into yesteryear. The emergent technologies that were to come would afford business untold opportunities. Criminals, too - the new digital marketplace would bring many more opportunities.

All in all, the case for stricter controls has been an increasing one, growing alongside tech-savvy criminal opportunists and those of us looking to protect ourselves.

Hence: GDPR!

What does GDPR mean for businesses

As we said earlier, our GDPR series covers much of this in greater depth - you’d do well to take a look. We’ll recap a little here.

All businesses need to be taking greater care about how they control and process their data. Transparency and obligation are the names of the game - your business is obliged to be transparent, and by law must make changes according to how data is handled under GDPR.

As things are now, all the current law asks of individuals is that they give consent to be marketed to. This ‘consent’ has been deemed insufficient and not in favour of our human rights.

It will no longer be enough, come May 25. Under the new law, a business must record and document consent for every single purpose.

What does it mean for B2B businesses?
It may seem like the whole affair is confusing and complicated, but in terms of a B2B and B2C split, there is very little division.

In fact, the only difference between B2B and B2C marketers has now to do with email and text marketing to employees of corporate organisations.

What does need to change are the processes by which you handle the data.

We’ve set these out in eight stages of action. Here they are.

  1. Be aware
  2. Document everything
  3. Make it known you’re compliant
  4. Update privacy notices
  5. Prioritise the individual’s rights
  6. React to and report data breaches to the ICO
  7. Designate a data protection officer
  8. Undergo data protection assessments

Be aware

Spread the word of GDPR across your organisation - B2B marketing relies on everyone knowing what they have to do and how they have to do it. 

This is across the board, from senior management level to all other departments. The wider knowledge base you have, the better prepared you’ll be. 

Make GDPR known - how it affects the business, its communications with other businesses and, short of scaremongering, the potential costs of violation.

Document everything

Here lies the name of the game. You have to document all the personal data you hold, where it came from and who has access to it.

We recommend you conduct an information audit throughout your entire organisation. This way, you can rest safe in the knowledge that you’re covered and compliant.

Make it known you’re compliant

A part of legal B2B marketing post-GDPR is the act of identifying your basis for processing data, and then documenting it. 

Lawful basis can mean any of the following: the stated consent of your subject, the legitimate interest of the data controller or a third party that processes the data.

Update privacy notices

Similar to updating your whole processes, once your privacy notices are updated you should distribute them in your organisation. The privacy notice must explain your lawful basis for processing data, explaining that the individual does have a right to complain to the Information Commissioner if they believe there’s a problem with how their data is being handled.

A privacy notice should also:

- State who you are

- What personal information you hold

- Where the information was sourced

- What purposes the information will be used for

- How long it will be held

- Prioritise individuals’ rights

- This is at the heart of GDPR, and the main area of inspiration for its overhaul.

An individual, whose data is to be used must be able to easily exercise their right to either see, correct, restrict access to or remove their information altogether.

Ensure you have steps in place to make it as simple as possible. Clear-cut, so its not to be accidentally missed or mistaken for something else.

We’ll say it again: transparency is key.

React to data breaches

In times of crisis and a serious data breach, you should have procedures in place to detect, report and investigate a personal data breach.

If you think your organisation has become victim of a breach, or are about to be, you need to report it to the Information Commissioner’s Office (ICO).

Designate a data protection officer

This is for both B2B and B2C markets, but it’s important so we’ll say it anyway. You absolutely need to designate someone at your organisation to look after and take responsibility for data protection compliance.

As with the rest of your organisation, they need to be fully trained and know the new GDPR like the back of their hands.

Without this depth of knowledge and insight, you could potentially be opening your organisation to harm.

Undergo data protection assessments

Once you are compliant and have your processes in place, you need to test, test and test again. It has to be air-tight, foolproof and proven to work every time.

A data protection impact assessment is needed where data processing poses a risk to individuals. ‘Risk’ could mean any one of the following; discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage to an individual.


It’ll take some time for the above to sink in, but know this - where GDPR is concerned, B2B and B2C markets are very much in the same boat.

It’s all about preparation and training. You can see our eBook The GDPR Toolkit for Business if you’d like more insight.

New Call-to-action

Resources and Insights | Luminate Digital