For B2B sales, the GDPR imposes certain restrictions and requirements - you must ensure that any personal data you collect is processed in a lawful way and customers are informed of how their data is utilized.

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union law that applies to all businesses that store or process personal data on EU citizens. It replaces the former Data Protection Directive and was created to strengthen and unify data protection for all individuals within the EU. The GDPR also applies to any business outside the EU that processes personal data of EU citizens, regardless of where the processing takes place. If you have a website and even theoretically can capture leads from Europe, you should comply with GDPR rules.

What is GDPR in cyber security?

In terms of cyber security, the GDPR requires organizations to implement robust security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. It includes encryption of data, authentication measures, and regular security audits, as well as the implementation of policies to ensure employees' awareness of data protection practices.

How does GDPR affect B2B sales?

The GDPR has had a significant impact on B2B sales. Companies are now required to be more transparent in the way they collect and use customer data, as well as provide customers with the right to access and control their data.

Technical and organizational measures GDPR

For website/business owners it means few things they should do:

  1. Develop a clear data protection policy that explains how data is collected, stored, and used.Here’s a good review of what you should add to your Privacy Policy statement.
  2. Provide transparency to users on data processing activities, including the purpose, type of data collected, and the duration of data storage. To not take the risk of being overwhelmed with requests you can add to your privacy statement something like this: "We reserve the right to ask you for proof of your identity and to charge you a fee of twenty US dollars ($20) to meet our costs in granting any data access request you make."
  3. Obtain explicit consent from users prior to collecting or processing any personal data on your website (Analytics, User action tracking, Facebook Pixel etc).We recommend one of these two services that ask the user for permission to use cookies to track information: https://www.cookiebot.com/en/gdpr-cookies/ or https://www.civicuk.com/solution/cookie-control-gdpr-compliance
  4. Implement measures to ensure the security and confidentiality of personal data.
  5. Provide users with the ability to access, rectify, and delete their personal data.
  6. Allow users to submit requests to receive, transfer, or delete their personal data.
  7. Notify users of any data breach within 72 hours of its occurrence.
  8. Appoint a Data Protection Officer (DPO) if the business processes large amounts of data.
  9. Establish procedures for handling data subject complaints and requests.
  10. Comply with the “Right to be Forgotten” and ensure that all collected data is deleted upon request.

GDPR for B2B

GDPR consent form examples

The form should include information about who is collecting the data, what data is being collected, how the data will be used, and how long it will be stored. Here's an example of the notification from cookiebot:

gdpr cookies form 1