For B2B sales, the GDPR imposes certain restrictions and requirements - you must ensure that any personal data you collect is processed in a lawful way and customers are informed of how their data is utilized.
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union law that applies to all businesses that store or process personal data on EU citizens. It replaces the former Data Protection Directive and was created to strengthen and unify data protection for all individuals within the EU.
The GDPR also applies to any business outside the EU that processes personal data of EU citizens, regardless of where the processing takes place. If you have a website and even theoretically can capture leads from Europe, you should comply with GDPR rules.
What is GDPR in cyber security?
In terms of cyber security, the GDPR requires organizations to implement robust security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. It includes encryption of data, authentication measures, and regular security audits, as well as the implementation of policies to ensure employees' awareness of data protection practices.
How does GDPR affect B2B sales?
The GDPR has had a significant impact on B2B sales. Companies are now required to be more transparent in the way they collect and use customer data, as well as provide customers with the right to access and control their data.
Technical and organizational measures GDPR
For website/business owners it means few things they should do:
- Develop a clear data protection policy that explains how data is collected, stored, and used.
- Provide transparency to users on data processing activities, including the purpose, type of data collected, and the duration of data storage.
To not take the risk of being overwhelmed with requests you can add to your privacy statement something like this: "We reserve the right to ask you for proof of your identity and to charge you a fee of twenty US dollars ($20) to meet our costs in granting any data access request you make."
- Obtain explicit consent from users prior to collecting or processing any personal data on your website (Analytics, User action tracking, Facebook Pixel etc).
- Implement measures to ensure the security and confidentiality of personal data.
- Provide users with the ability to access, rectify, and delete their personal data.
- Allow users to submit requests to receive, transfer, or delete their personal data.
- Notify users of any data breach within 72 hours of its occurrence.
- Appoint a Data Protection Officer (DPO) if the business processes large amounts of data.
- Establish procedures for handling data subject complaints and requests.
- Comply with the “Right to be Forgotten” and ensure that all collected data is deleted upon request.
GDPR for B2B
GDPR consent form examples
The form should include information about who is collecting the data, what data is being collected, how the data will be used, and how long it will be stored. Here's an example of the notification from cookiebot:
When user clicks "Show details" it shows detailed information for each script:
And here's another example of cookie control by CIVIC:
When you collect email you should ask a person to confirm that he gives consent of his personal data processing. Most of the marketing software was updated to support that.
Examples of the forms:
And here’s a cool option for those who can use "legitimate interest” as the lawful basis to process and communicate - no checkboxes. But first, check with your lawyer if you can use legitimate interests for your business.
If you use chat on your website - you may want to add Welcome message/Simple chatbot to get consent:
Some services have added smart rules to identify if the visitor is from EU. Here's an excellent example of OptinMonster service that helps collecting emails with forms, popups, topbars, widgets etc.:
Using these rules you can create a form EU visitors with consent checkbox and for visitors outside EU the one without checkbox.
Is there an alternative of adding checkboxes to the form?
Yes. You can use double opt-in. The feature that is supported by most of the email services. After user submits the form he receives the email asking for his consent to receive marketing or any other emails. If he doesn't click on confirmation email he is not subscribed and doesn't receive future emails.
Next one is important for SaaS services, some eCommerce companies and others who automatically create user accounts when someone registers/purchases something:
When you get the contact you should transparently communicate on what data was collected
If you create a user account - you need to tell this to the customer.
Here’s an example of an email you can send after collecting an email:
"You’ve recently signed up for [SERVICE NAME].
[SERVICE NAME] allows you to do 1, 2 and 3.
This email is intended to help you understand how the data you have provided is used.
As part of our commitment to transparency and privacy we have created an account where you can access and control the data we hold on you.
Access your account here."
Need help to comply with GDPR? We can help
Disclaimer: This article is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information and our interpretation of the changes GDPR introduces. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy.