SAFE PROSPECTING UNDER THE GDPR FOR B2B MARKETERS – TOP TIPS

 

We get asked lots of questions about how to ensure that our sales and marketing efforts are compliant with the data protection regulations.

It would seem sensible to answer some of these in a series of top tips articles.

First up, for no reason other than that there appears to be some degree of uncertainty surrounding it, is how to ensure that we comply with Article 14. This is all about the information we need to provide when personal data have not been obtained from the data subject. Remember that B2B contact data will include personal data as defined by the GDPR.

What this is when we are sourcing: third party lists, irrespective of their stated compliance to GDPR or otherwise; LinkedIn data; Zoominfo data and our own research into prospects’ data in the public domain.

We will focus on GDPR and the Data Protection Act 2018 here but you must also consider the PECR (Privacy and Electronic Communications Regulations) before commencing any marketing communications activity.

Our top five tips are:

If you are sourcing personal data indirectly e.g. from LinkedIn, Zoominfo, bought in mailing lists or your own research of data in the public domain and you store this for prospecting purposes (you are processing the data by doing this) you must:

  1. Determine your lawful basis for processing. For most of us, this is likely to be Legitimate Interests. You will need to complete a Legitimate Interests Assessment, if so.
  2. Establish which data could be deemed to be personal data. Which data could enable a person to be ‘identified, directly or indirectly’?
  3. Assuming that you will be using data that could enable this, provide the individual concerned with the following:
  • The identity and contact details of the controller (i.e. your organisation)
  • Contact details for your Data Protection Officer, if you have one
  • Purposes of processing (for example communicating with business prospects) and lawful basis you have chosen e.g. legitimate interests
  • The source(s) of the data
  • The categories of personal data concerned
  • Recipients or categories of recipients of the data, if any. If you are sharing this data with others who are they?
  • Transfers to a third country, and reference to appropriate or suitable safeguards. This is becoming increasingly topical. Find out where data will be held by any processors such as email marketing providers. Is this in the EEA? If not, are there adequacy provisions in place for the country concerned?
  • How long you will hold the data or the criteria used to determine that period
  • Individual Rights including: ability to stop processing; withdraw consent and right to lodge a complaint with a Supervisory Authority
  • Existence of any automated decision-making, including profiling
  1. The information can be provided in short explanatory text at the footer of an email with a link to a Privacy Notice where full details are given. Providing an easy link to object to processing (opt out/ unsubscribe) is good practice.
  2. When do you need to provide this information?
  • within a reasonable period after obtaining the personal data, but at the latest within one month
  • if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication or
  • if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.

The keyword for B2B marketers is TRANSPARENCY. Are you making it crystal clear to the prospect exactly what you are doing with their data and why?

Make sure that you document all of this too. Keep a record of the Legitimate Interests Assessment, the wording you use in explanation and the Privacy Notice to demonstrate compliance.

For more help on B2B marketing within the GDPR, Data Protection Act and PECR contact us today

Happy birthday GDPR

A year before the GDPR came into force we started training marketers and others on how to ensure compliance with the new regulation.

A year on, we thought it would be a good time to discover where some of the companies that we trained are now. We asked five simple questions:

  1. How comfortable are you that your business is now fully GDPR compliant?

Not all were certain that they were fully compliant. All saw complying with the GDPR as a ‘journey’ with the need to constantly update and review their approach. There was a fear factor or lack of confidence for some.  Issues had been experienced by some with data transfers outside the EU.

  1. What are the good things that have happened as a result of the GDPR coming into force?

All saw some positives in the GDPR coming into force a year ago. Generally, it has meant that those spoken to have become more organised with data (when and where it is held) and more stringent in tracking consent – where appropriate.  Specific comments included:

“GDPR makes us think twice – for example whether to use mailing lists. It has stopped us doing things that we shouldn’t have done in the past”

 

“Customers are clear about what we are doing with their data”

 

“Clearing out large quantities of data that we didn’t need to hold”

  1. What are the bad things that have happened?

The work, time and money spent in getting ready for the regulation was the comment from most people. Having to keep it in mind at all times and the ongoing level of administrative work was another. There were also some concerns voiced over the amount of conflicting information that still appears to be out there regarding exactly what is needed to get it right.

One person commented that, on a wider issue, the GDPR has made marketing relationships between organisations and consumers harder to develop. This echoes comments from others in recent articles.

  1. What data protection and privacy areas would you still like to improve?

All thought that there were areas where their organisations could improve. Particular mentions include: more exploration of which data could be linked to a natural person; improving physical data protection going forward; the slightly draconian wording of some of the statements being used and the need to review privacy policies.

  1. Final comments?

Last words included:

“It’s been a lot more work that we thought it would be. We started with the big picture. The detail keeps going and going.”

 

“..be good if the ico did let us know how we were doing. Not black and white.”

 

“…GDPR hasn’t had the impact I thought it would.”

 

“…found the sales team has struggled with it especially with relationship building.”

Are there many happy returns for the GDPR?

A selection of marketers that we have trained largely think so. Overall, there does seem to be benefits to both organisations and individuals although the amount of time and effort it continues to need is a concern for many.

Bax Interaction adds to its Thomas assessments portfolio

Bax Interaction adds to its Thomas assessments portfolio

Steve Bax, our MD, has been accredited as an Internationally Certified user of Thomas International’s Personal Profile Analysis (PPA) and its related instruments.

Steve commented: “The PPA is an invaluable tool  for a wide range of assessment needs in any organisation.   It provides an accurate insight into how people behave at work”.

The PPA assessment can be used for:

  • Recruiting the right person using job profiling
  • Improving communication
  • People development
  • Teambuilding

For more detail on the assessments that Bax Interaction can offer click here

 

Thomas International Psychometric Assessments

Our MD, Steve Bax, has completed training with Thomas International and is an accredited practitioner for HPTI (High Potential Trait Indicator) and a certified user of TEIQue (Trait Emotional Intelligence Questionnaire).

TEIQue is an emotional intelligence assessment designed to help individuals to understand and manage: their emotions; how well they interpret and deal with the emotions of others and how they use this knowledge to manage relationships.

HPTI helps identify leadership potential by exploring an individual’s personality traits and provides an insight into how suited they may be for a given job role or position such as senior executive leadership.

Steve talks to Kiran Kapur on Cambridge Marketing Radio about the TEIQue assessment.

TO BE BRIEF…

In our role as marketing researchers we see briefs in all shapes and sizes. Research briefs, I hasten to add.

With the massive changes we are seeing in the world of marketing research driven by the growth in: available data; engagement channels; user generated content; new methods; new technologies; analytics; concerns over privacy and so on, it is a source of bemusement at times that written research briefs are still often scant, lacking in key information, with unclear objectives or not done at all.

This may sound like a criticism of clients and prospective clients but it really isn’t. It is just surprising that the briefing process seems to be so difficult to get right.

When teaching the subject, I always say

“Without a good brief it is nearly impossible to get a good proposal”.

In the absence of a written brief we will often write one for the client and get agreement to it prior to delivering a proposal.

So here are my five key tips for writing that all important research brief:

1. State the purpose – what decisions do you need to take as a result of the research and why do they need to be taken?

2. Write a ‘shopping list’ – what information do you need to receive at the end of the research process to make those decisions? Writing a brief in this way short circuits the process of arriving at research objectives and enables the researcher or agency to deliver that information through the proposed method(s).

3. Consider the research scope – which products, services, markets, customers, clients, prospects, geographies, demographics etc. need to be researched and why – if not clear from 1. above?

4. Outline your preferred method – what are your thoughts on the method that could be used? In general, most marketers have an initial view on how the research might be undertaken, via what channels and this can be a very good guide for developing the proposal.

5. Think about timing and cost – When is the research needed by? Yes, I know “ASAP” but think about the latest date by which the results must be available to make the decisions detailed in 1?
Also, giving at least a rough guide on likely budget and insisting that the proposed costs are fully broken down so that you can see where your money would be spent is really worth considering.

Good luck with creating effective research briefs.

Radio interview with Cambridge Marketing College on Thomas HPTI (High Potential Trait Indicator) Assessments


The second part of my radio interview with Kiran Kapur, CEO of Cambridge Marketing College. This time I am talking about the Thomas International HPTI (High Performance Trait Indicator) assessment, which identifies leadership potential by exploring personality traits. The second part of the programme looks at marketing communication with the millennial generation.

Basic Social Media Mistakes

Basic Social Media Mistakes

Steve Bax‘s insight:

Good article by Keith A. Quesenberry. His key tips for success include:

1. Use broad business goals to determine your social media objectives
2. Have a multichannel social media strategy and be selective
Content needs to solve a problem, deliver a timely message or make people smile! Use emotion where appropriate.
GDPR is coming!

GDPR is coming!

The GDPR is coming.

No grace period.

Less talk more action with our new ‘GDPR Essentials’ workshops. For more details and to book click here

GDPR is not Y2K

GDPR is not Y2K

A very good pre Christmas blog by Elizabeth Denham.

GDPR is not Y2K

Her key message for organisations is:

 “By now you should be putting key building blocks in place to ensure your organisation implements responsible data practices:
1. Organisational commitment – Preparation and compliance must be cross-organisational, starting with a commitment at board level. There needs to be a culture of transparency and accountability as to how you use personal data – recognising that the public has a right to know what’s happening with their information.
2. Understand the information you have – document what personal data you hold, where it came from and who you share it with. This will involve reviewing your contracts with third party processors to ensure they’re fit for GDPR.
3. Implement accountability measures – including appointing a data protection officer if necessary, considering lawful bases, reviewing privacy notices, designing and testing a data breach incident procedure that works for you and thinking about what new projects in the coming year could need a Data Protection Impact Assessment.
4. Ensure appropriate security – you’ll need continual rigour in identifying and taking appropriate steps to address security vulnerabilities and cyber risks
5. Train Staff – Staff are your best defence and greatest potential weakness – regular and refresher training is a must”