By now we are all well aware General Data Protection Regulation (GDPR) is coming (May 2018). However, far too many companies are still lagging behind. Research and advisory firm Gartner predicts more than half of impacted companies will still be non-compliant with the GDPR by the end of 2018.
To add to the confusion, marketers should also be aware of the ePrivacy Regulation, which is an EU directive that specifically focuses on electronic communications and the right to confidentiality, data/privacy protection and more. The latter is still in draft form but already the two regulations are somewhat conflicting and it remains to be seen how they will be reconciled.
Given the plethora of articles and blogs trying to make sense of these specific regulations, I won’t delve into the regulations themselves and instead will focus on the practical implications on ABM, as this type of information-driven marketing will be affected.
The Implications of GDPR on ABM
Consent: this is the biggest item that all marketers are grappling with at the moment. Let’s be clear, consent is not new under GDPR or the ePrivacy Regulation. Article 29 Data Protection Working Party clarification of consent in 2011 already made it clear that it’s an organisation’s responsibility to prove consent as part of its general accountability. GDPR and the ePrivacy Regulation are merely (supposed to be) providing more clarity and homogenous application across the EU.
Relevance: what the regulations are clear on is that any B2B marketing communications, regardless of channel, must be about products and/or services that are relevant to the recipients’ job role. As obvious as this may seem, it implies that content that is shared with the individuals in the selected account is made ‘relevant’ to them individually, not just to the account.
Email Marketing: the regulations are ambiguous on whether corporate email addresses (e.g. joe.bloggs@company.com) should be considered as a personal email (therefore strictly opt-in) or as a corporate subscriber (therefore no opt-in required). According to the Data Protection Network, “B2B marketers would, therefore, need to make a choice between using Consent or Legitimate Interests for sending electronic communications. It is hoped that as the text goes through the committee process there will be more clarity on this”.
I recommend a cautious approach:
-
- Existing Customers: these fall under ‘soft opt-in’ which means that as long the individual has not opted out of marketing communication, an organisation is free to provide marketing materials to them.
-
- Prospect: these have to be strictly opt-in, meaning that they have made the express choice of receiving marketing materials from your organisation – and you need to be able to prove it. More importantly, data (opt-in) collection can only be done for specified purposes, so you cannot use individual corporate emails for marketing purposes if they were originally collected for an entirely different purpose.
-
- Prospect exception: having just been very clear about the need for strict opt-in, there is an exception to the rule. A very grey area. If your email programme can be considered a ‘service’, then ongoing email engagement (opens and clicks) may be enough to prove ‘an existing customer relationship’ but you have to be able to prove the value that this communication provides and the utility of those emails to the recipient.
In any case, any communication needs to be ‘transparent’, easily identifiable as marketing material and who it is from, and include a clearly marked opt-out functionality. Most importantly, they should not become a nuisance.
#GDPR: any communication needs to be ‘transparent’, easily identifiable as marketing material and who it is from, and include a clearly marked opt-out functionality. Most importantly, they should not become a nuisance. #abm Click To TweetDirect Mail & Telemarketing: these do not require an opt-in, but organisations need to offer an opt-out. More importantly, the organisation needs to show that they acquired the data fairly and lawfully and that their records are up to date.
Third Party Lists: list purchase is still viable under the new regulations, as long as the list owner has permission to use the data in question for that specific purpose. So, the list owner must have appropriate, specific and provable third-party marketing consent.
Cookie policy: most (B2B) organisations already have a cookie policy in place on their main sites, but the regulations state that where cookies are used (including microsites, blogs and landing pages) all users must be presented with simple opt-in/opt-out cookie consent choices. The important thing to note is that acceptance of the cookies cannot be a prerequisite to access information.
Practical Recommendations
Keep Informed
It’s your responsibility to check that you are meeting your obligations. Some aspects of GDPR and how it affects ABM are still unclear; you should carefully review current and future information as it is released. In particular, use the Guide to the GDPR, published by the Information Commissioner’s Office.
Perform a Data Audit
It’s impossible to meet regulatory requirements if you don’t even know what data you’re holding. Document what personal information you hold, who you hold it on, and how it is stored. Check that you are in line with the new requirements and that you aren’t holding data unnecessarily. After GDPR launches you must be able to document your legal basis for holding every scrap of personal information or risk a hefty penalty.
Also, make sure your data is up to date. Not only is this a requirement (as old data could be considered inactive and therefore no longer opt-in), but it is also good practice. Bad data kills any ABM strategy.
Update Your Privacy Notices
A big part of GDPR is that businesses must be honest and transparent about the way they handle data. Your privacy notice must be updated to ensure it accurately states what personal information you hold, your legal basis for doing so (either consent or because of a legitimate interest), and how individuals can exercise their right to complain if they don’t like what you’re doing with their data.
Increase Opt-In Efforts
Although we have already demonstrated the conflicting regulations on opt-in, it is good practice to make sure you have a growing list of the right people interested in receiving your communication. As part of your ABM programmes, include an always-on inbound content marketing strategy. An example of this is thought-leadership blogs promoted across social and search, with an opportunity to opt in to further communication.
Marketing Preference Campaign
As a tactical initiative or as part of a specific marketing programme, include a ‘marketing preference’ initiative where the recipient – both existing customers and subscribers – can (re)register their interests. This is not only good user experience practice but also helps future segmentation of your data lists.
Relevance, Resonance and Valuable Content
A lot of what the GDPR and the ePrivacy Regulation are trying to achieve is also summed up by good ABM practice – mainly, the need to be transparent and relevant to your audience.
Be selective about the audience you target.
Make sure your content is personalised and relevant to the recipient’s role.
Provide a service to them by offering value.
For practical advice on how to create relevance, resonance and value, check out our post on Content Purpose-built for ABM..
Third-Party Lists
List rental or purchase can provide access to valuable new accounts for many organisations who are launching new products or have a limited data set to market to. Third-party list usage, as mentioned, is still viable but handle with caution. There are a great many providers out there, all with varying degrees of quality. Make sure your third-party provider can demonstrate GDPR conformity – request documented proof. And if it seems too good to be true, it probably is.
So, there you have it – the practical recommendations to feed your account-based marketing strategy. Still confused? Get in touch.