Vine Blog: GDPR

This blogpost was created based on the mostly asked questions on our GDPR webinars. Read more about GDPR from our previous blogposts: GDPR from the view of B2B-marketeer.



1. Is a permission needed if sending B2B-marketing content to persons work email?

Short answer: No it’s not needed. The services promoted in the email need to have something to do with person’s job title or responsibilities.

One of GDPR’s principles is the indicated obligation. Companies have the right to send information about their products to people working with a field that has something to do with their product. When handling peronal data it’s important to follow all the settings of the regulation. Also following the rules of quality email marketing is very important.


2. Is it still allowed to buy and sell B2B-decision makers contact details for the marketing register?

Short answer: Yes it is. Outsourcing is an efficient way to keep the information of marketing register up to date, which is one of the settings in GDPR.

For example when us at Vine pass on the decision maker information from Suomen Asiakastieto to our customers, we are the middle hand in the situation. Customers who use the information are register keepers and responsible for the use of data. Also Suomen Asiakastieto is a register keeper, who takes care of the rightfulness of the information they sell.


3. Do I need to have a consent from everyone I want to send marketing emails to?

Short answer: Separate consents don’t need to be collected. “Indicated obligation” and ”contract” (for example customership) are also potential grounds for the usage of personal data.

If a consent is chosen for the grounds of the use of data, register keeper also needs to indicate the consent. The consent must be asked separate from other things in an understandable form. It’s possible to cancel the consent when ever and also this possibility needs to be informed about. The consent is not allowed to be a term for the use of service.

 

4. How to execute the right to be forgotten in real life? How to delete the information and data in a way that it doesn’t come back from another source?

Short answer: Convention becomes clear later on..

”The right to be forgotten” is one of the things about GDPR that awakens a lot of questions. The idea is that that everyone is able to have a say in the use of their own personal information. In B2B-marketing the personal details are mostly contact informations and forgetting often means unsubscribing the mailing list.

 

5. What needs to be taken in to account with the customer register? Does there need to be changes done in the marketing register?

Short answer: See the personal detal handling as a wholeness instead of just the register.

Registers where the information is been stored, are just one part of the personal data handling. To see the big picture it’s important to understand why the information has been collected in the first place and who is the one handling it. Also the rights of the register need to be taken cared of: right of a understandable and visible information, right to see and change the information if needed and also the right to object the usage of the data handling.

Outsourced, GDPR-compatible service lets you off from a lot of worries.

 

GDPR EU’s new general data protection regulation awakens a lot of discussion, confusion and misunderstandings. No wonder, because there is many fake news about this subject. Discussion is heated, because the requirements of the regulation involve practically all companies. The transition time to the regulation ends in may 25th 2018 and your companys general data protection needs to be by the book, also the marketing side of it. So how does the new regulation affect B2B marketing?

In this blog post we address GDPR from the view of a B2B marketing and we will wright more about this subject on our blog in the near future.

The goal for the new regulation is to unify the data protection policies in the EU reserve and to improve the rights of registered people considering data protection and the cofidental usage of personal data. Many requirements of the regulation are well known from the present data protection law. GDPR specifies the term of personal data, brings registered people new rights and increases the number of affirmations in the usage of personal data in different companies. Companies need to be sure, that the current processes and systems are compatible with the changes that come with GDPR.

B2B marketeer should start preparation to GDPR with the following:

1. Communicate and take care of the visibilty of your action to your customers. Most likely other functions of your company are fully employed to prepare internal processes.

2. Put your marketing register together. The time of excels is over and the outsourced services take care of many data protection regulations on behalf of you.

3. Don’t confuse the ePrivacy- preparation to the GDPR regulations. ePrivacy can cause even bigger changes to marketing, but it’s time isn’t yet.

 

DATA PROTECTION PRINCIPLES

GDPR sets the principles of data protection, that guides the register keeper to handle personal data with respect towards the registered person. Companies need to take care that the data protection principles are been followed in every step of the processing.

INDICATION OBLIGATION

Companys need to be able to indicate that they ar following the regulations when handling personal information. This is a big change, because before it was enough that the regulations are being followed. Differ from the earlier there is a big sanction if the regulation is not being followed. (20 milion euros or 4% of the revenue).

Register keeper needs to document the use of personal information and execute all the legal and technical operations, which shows that the regulation is followed. The company is the register keeper and resposible for the handling of personal data, even when the handling has been outsourced to a partner. Company must give the partner written instructions for handling personal information and data.


RISK BASED APPROACH

GDPR-regulations risk based approach means, that the regulation obligations and protective actions must be put into perspective with the risk that the personal information handling might cause to the registrated person. B2B- marketing register usually consists of contact details and there is not as big of a risk included there as there is with for example financial information.


RIGHTS OF THE REGISTERED

The meaning of GDPR-regulation is to increase the visibility of personal information handling and strenghten the registered rights to regulate the use of his personal information. Who collects data and why? What kind of data is collected and with what grounds? Who is the data handed over? How long is the information being preserved? Registerd will have the opportunity to ask for the data that has been collected from him, and the company needs to be able to deliver the information to him.

Rights such as ”right to be forgatten” are still being defined so it works in practice. How to delete the informations of a person and at the same time make sure that they don’t come back from the same source again?

GDPR will increase the common interest in the handling of personal data. Customers activate themself to use their rights and will test companies with this. Companies that are one step ahead will stand out with visibility, informativity and readiness to act. The best marketing register-solutions will offer the functions considering peronal information and data handling as selfservice, without overloading customer service.

At Vine we prepare ourselves for GDPR in our own service. With the help of us you can tackle many changes that GDPR brings with in.

 

This blogtext is sequel to our previous GDPR post: GDPR for B2B marketer.

Google finds over 8 million results with the word ”GDPR” at the moment. Discussion is heated, because the requirements of the regulation involve pretty much all companies. As usual in digitalisated world, there are a lot of fake news about GDPR. Here is a few fake news from the top of the list in Google, about GDPR and B2B marketing.


1. ”Opt-out isn’t enough anymore, there needs to be a clear permission from the user to do direct marketing (Opt-in)”

This argument isn’t valid in B2B marketing: The new regulation doesn’t prevent targeted B2B-marketing and you are still allowed to send emails to B2B decision-makers if the content involves their job description. So there is still a possibility to do direct marketing in B2B world.

2. ”Person needs to give their approval for profiling in automated personal data handling”

Many writings about GDPR mention the prohibited right for profiling. This is fake news because there isn’t anything like this prohibited in the regulation. Profiling is still permissible.

3. ”It’s prohibited to use bought marketing registers”

It’s still allowed to use bought marketing registers and you can send content to B2B decision-makers if it conserns their job description. The information is just allowed to be used for the same meaning it was collected in the first place. Register keeper must document all the use of personal details.

4. GDPR vs. ePRIVACY

It’s good to notice that GDPR is about the usage of personal details but it’s often getting mixed up with ePrivacy-regulation, which is being prepared at the moment. ePrivacy is about digital communication data protection and there are different views about this which are still very far from each other. When the time comes ePrivacy will step in to the picture, but not quite yet.

Vine fullfills all the regulations of GDPR and helps customers to do the same.

At Vine we are very strongly commited to the new data protection regulation and we have found out everything there is to know about the GDPR. We will help our customers to follow the regulation with the help of our service and information. With the help of Vine, it’s a bit more easier to follow the regulation when it comes to marketing register, data protection and marketing automation.