For B2B sales, the GDPR imposes certain restrictions and requirements - you must ensure that any personal data you collect is processed in a lawful way and customers are informed of how their data is utilized.
The General Data Protection Regulation (GDPR) is a European Union law that applies to all businesses that store or process personal data on EU citizens. It replaces the former Data Protection Directive and was created to strengthen and unify data protection for all individuals within the EU.
The GDPR also applies to any business outside the EU that processes personal data of EU citizens, regardless of where the processing takes place. If you have a website and even theoretically can capture leads from Europe, you should comply with GDPR rules.
In terms of cyber security, the GDPR requires organizations to implement robust security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. It includes encryption of data, authentication measures, and regular security audits, as well as the implementation of policies to ensure employees' awareness of data protection practices.
The GDPR has had a significant impact on B2B sales. Companies are now required to be more transparent in the way they collect and use customer data, as well as provide customers with the right to access and control their data.
For website/business owners it means few things they should do:
The form should include information about who is collecting the data, what data is being collected, how the data will be used, and how long it will be stored. Here's an example of the notification from cookiebot:
When user clicks "Show details" it shows detailed information for each script:
And here's another example of cookie control by CIVIC:
When you collect email you should ask a person to confirm that he gives consent of his personal data processing. Most of the marketing software was updated to support that.
Examples of the forms:
And here’s a cool option for those who can use "legitimate interest” as the lawful basis to process and communicate - no checkboxes. But first, check with your lawyer if you can use legitimate interests for your business.
If you use chat on your website - you may want to add Welcome message/Simple chatbot to get consent:
Some services have added smart rules to identify if the visitor is from EU. Here's an excellent example of OptinMonster service that helps collecting emails with forms, popups, topbars, widgets etc.:
Using these rules you can create a form EU visitors with consent checkbox and for visitors outside EU the one without checkbox.
Is there an alternative of adding checkboxes to the form?
Yes. You can use double opt-in. The feature that is supported by most of the email services. After user submits the form he receives the email asking for his consent to receive marketing or any other emails. If he doesn't click on confirmation email he is not subscribed and doesn't receive future emails.
Next one is important for SaaS services, some eCommerce companies and others who automatically create user accounts when someone registers/purchases something:
When you get the contact you should transparently communicate on what data was collected
If you create a user account - you need to tell this to the customer.
Here’s an example of an email you can send after collecting an email:
"You’ve recently signed up for [SERVICE NAME].
[SERVICE NAME] allows you to do 1, 2 and 3.
This email is intended to help you understand how the data you have provided is used.
As part of our commitment to transparency and privacy we have created an account where you can access and control the data we hold on you.
Access your account here."
Need help to comply with GDPR? We can help
Disclaimer: This article is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information and our interpretation of the changes GDPR introduces. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy.