GDPR is getting really close now, and a new report by Forrester suggests that only a small minority of B2B marketing confident that their organisation is currently fully compliant with the new requirements.
The company interviewed 66 B2B marketing professionals in January and found that 15% think that are completely ready for implementation day on May 25. 18% have not yet settled on a strategy going forward, while the majority consider themselves to be partially ready.
The regulation marks a potentially big change for B2B marketers. Under GDPR, the common practices and use cases of digital marketing mean that B2B marketers are considered to be ‘data controllers’ under GDPR. A data controller is a person or individual that determines the purpose and manner of processing a data subject’s information.
The risks of underestimating GDPR can be serious, with the potential for big fines of up to €20 million or 4% of global turnover. Worryingly, Forrester find that many B2B marketers do not think that the regulation is a ‘relevant concern’ for them due to a number of key misconceptions.
Chief among these misconceptions is the idea that GDPR only applies to companies headquartered within the EU. This is not accurate, as the regulations give EU regulators authority over any company that sells products or services in the European market or collects data on EU citizens.
Another thing that B2B marketers do not seem to realise is that corporate employees acting on behalf of a business are also granted protection under GDPR. This means that data collected about them is also considered personal data, meaning that B2B customers, prospects, employees, consultants and business partners all have the same rights under the regulation.
The definition of what constitutes personal data is also broader than a lot of B2B marketers think. The regulation states that personal data is any information relating to an identified or identifiable natural person, which means that a corporate email of phone number are counted. IP addresses and mobile device IDs are also put under the banner of personal data.
Interestingly, only 20% of respondents reported that the marketing team in their organisation was leading GDPR preparation. For 56%, it was the legal, privacy and security teams.
The report states:
“Marketing is the direct correspondent to the needs and demands of the customer. And marketing is in the best position to factor the voice of the customer into compliance efforts.”