GDPR: Ignorance of the law is no excuse, but compliance isn’t the end of the world
Probably no IT-related deadline since Y2K has loomed as large as the impending implementation of the GDPR, the relatively benign-sounding acronym for the EU’s General Data Protection Regulation. Some, but likely not many, marketers have had their countdown clocks set to May 25, 2018 for a few years now (indeed some estimates say as few as 15% of all marketing organizations are adequately prepared). Everyone needs to understand it and adapt accordingly and ignorance of the law excuses no one.
A very quick primer: GDPR is broad sweeping set of a rules by which the EU will strengthen and unify data protection for all individuals within that jurisdiction. To give you a sense of scale, that’s about 750 million people – twice as large as the US. At its core, GDPR requires companies to ask for explicit consent before using personal information. Think of it as a type of opt-in rule on steroids – far more encompassing than just scrubbing email lists and one-time generic opt-ins. It covers things like consumers’ right to be forgotten and to withdraw consent, which means they could request that their personal data be completely deleted from companies’ computer servers, including that collected, managed and used by B2B marketing technology providers on their behalf.
So, you’re a marketer in Palo Alto or Peoria and you’re thinking – great for Europe, but what does that have to do with me? Even though it’s being enacted “across the pond,” it’s important to understand if GDPR affects your company and the way you market your products and services. Should you pay attention? If you are selling, promoting or otherwise trying to reach customers in any of the 28 EU member countries with data you have collected or acquired about them – no matter where you are based – then the short answer is yes.
And if you need a good reason to take it seriously, the EU has 20 million of them as that’s how much the fines can be, for failure to comply (it can be even higher as the regulation allows for fines to be based on percentage of revenue as well).
GDPR Compliance doesn’t mean curtailing your marketing programs
When people think about personal data and direct marketing, email is the first thing that comes to mind. Almost every company has some sort of email program, from simple newsletters to more elaborate drip campaigns. So without sugar coating it, that’s a problem in the GDPR era. Email marketing relies on having individuals’ contact information, something that is much more restrictive in GDPR and now applies to B2B contact data. Under GDPR, the opt-in process is significantly more specific and restrictive, indicating companies need affirmative consent that is “freely given, specific, informed and unambiguous” in order to be compliant. On top of that, more specific information must be provided to the customer, including informing subscribers about exactly who is collecting the consent as well as providing information about the purposes of collecting personal data.
In short, a lot of boxes to check before you can become GDPR legal.
You can still use email marketing, but you had better have a clean house. That means both you and your marketing supplier. GDPR places equal liability on data controllers (the organization that owns the data) and data processors (outside organizations that help manage that data, such as your email marketing solution provider!). Simply put – a third-party processor not in compliance means your organization is not in compliance. The new regulation also has strict rules for reporting breaches that everyone in the chain must be able to comply with.
So maybe GDPR is a good reason to look at other ways to reach your customers, ways that are not only compliant, but – surprise, surprise – perhaps even more effective. ABM is an ideal workaround to the regulation since it’s IP-based, and not dependent on personal data. That’s not just great for avoiding the heavy hand of the law, but also for targeting anonymous buyers, whom you know frequent your web site but don’t have the courtesy to opt-in to your pesky email registration requests.
The good news is that Jabmo, born and raised in Europe, has always developed solutions to be purpose-built to adhere to privacy regulations. Being a supplier of IP-based solutions, a lot of that comes by default. The Jabmo platform drives revenues by serving personalized and relevant content to anonymous buyers at target accounts. As a complement to Marketing Automation and CRM systems, Jabmo targets employees at target accounts and tracks engagement based on company IP address, rather than something specific to an individual, like an email address.
As importantly, we can assure customers that they will be compliant with the letter of the law by using our ABM platform. The GDPR lays out 7 clear principles that companies must abide by, from consent to individuals’ data rights to monitoring and breach notification. Our solution allows marketers to adhere to the regulation and we provide on-going assessments and compliance monitoring as well.
We even have a guy who is charge of such things and this is what he has to say:
“Jabmo is now prepared to support its clients with GDPR after executing on our compliance plan that addresses personal data security, data hosting, subject data access rights, internal processes and increased transparency for our customers and their clients,” said Didier Andrieu, VP Data & Privacy at Jabmo.
Take a step back and forget GDPR for a minute. At the end of the day, it’s all about building trusted relationships. So, in fact, there are some upsides to everyone being on the same page with regard to data privacy, including a greater degree of trust by customers that their personal information will only be used in a way that they specifically want.
To get a better handle on GDPR and what it means to you, we are offering an informative webinar on the topic. You can access the webinar recording here.