The General Data Protection Regulation ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas.
The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The General Data Protection Regulation (GDPR) have outlined six data protection principles that organizations need to follow.
1. Lawfulness, fairness and transparency
Organizations need to make sure their data collection don’t break the law and that they aren’t hiding anything from data subjects.
2. Purpose limitation
Personal data can only be obtained for “specified, explicit and legitimate purposes”
Organizations should only collect personal data for a specific purpose, clearly state what that purpose is, and only collect data for as long as necessary to complete that purpose.
3. Data minimisation
Data collected on a subject should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”.
Data must be “accurate and where necessary kept up to date”
The GDPR states that “every reasonable step must be taken” to erase or rectify data that is inaccurate or incomplete.
5. Storage limitation
Regulator expects personal data is “kept in a form which permits identification of data subjects for no longer than necessary”
6. Integrity and confidentiality
The GDPR states that personal data must be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures”.
The impact to B2B marketing
Under the GDPR, there are six equally valid grounds to process personal data. There are two of these which are relevant to direct B2B marketing, they are consent or legitimate interest.
"The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest."
Using legitimate interest as the basis for B2B marketing involves ensuring key conditions are met:
"The processing must relate to the legitimate interests of your business or a specified third party, providing that the interests or fundamental rights of the data subject do not override the business' legitimate interest."
"The processing must be necessary to achieve the legitimate interests of the organization."
Additionally, the GDPR states that the processing is lawful if it is "Necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual which require protection of personal information, in particular where the individual is a child".
Therefore, companies can continue to use marketing data for the purposes of B2B engagement as long as the appropriate steps are taken to ensure the data is aligned to a specific objective or campaign. One phrase that is now being used is "Correct Marketing to the Correct Person". As part of this companies will need to keep their marketing databases and CRM up to date in order to carry out valid Legitimate Balance Checks.
HelloLobby is a new way of visitor registration on company reception counter in replacement for a sign-in book sitting on the reception desk. It consists of an iPad that is used by a visitor to input their information.