GDPR for B2B Tech: Sales and Marketing Tips You Need to Know [Updated]

Article by | November 19, 2019 Automation and Lead Flow

Consumer privacy and data protection is changing how we do business. These issues have come to the US with the advent of the California Consumer Privacy Act (CCPA). Read our step-by-step article and download our complete checklist for building your strategy, preparing your website, and training your staff.

The Article in 60 Seconds

The European Union’s (EU) consumer privacy act, the General Data Protection Regulation (GDPR), took effect in May 2018. While similar in concept to the California Consumer Privacy Act (CCPA), there are no actual overlaps in compliance regulations. GDPR focuses on consumer data portability, profiling, and processing; it affects any company that collects personal data for an EU resident.

Think About This

  • GDPR applies to you if your company is located in the EU and/or if your company collects, stores, or processes the personal information of an EU resident.
  • GDPR was the first wave in an active movement to regulate and monitor the sharing and usage of consumer data. With current laws in Nevada and the CCPA coming soon, similar legislation is under consideration in New York and Washington, D.C. The common theme is corporate responsibility for consumer data. Even in you are not doing business in the EU, it’s wise to pay attention to this growing trend.
  • The regulations went into full effect on May 28, 2018, and non-compliance is now accompanied by hefty fines.
  • You can use the GDPR to your advantage. Efficiencies in data structure and integrity can translate into customer loyalty for your proactive stance on consumer privacy protection.

Consumer Data Protection Regulation Is On The Rise

It’s easy to feel inclined to ignore the GDPR if your tech business isn’t located in Europe or isn’t targeting citizens of the EU, but, it’s essential to keep in mind one fact: the GDPR was designed to reflect the digital world we are living in now and to bring the importance of privacy, data, and consent to the forefront. This means that even if right now, your tech business doesn’t need to comply with the GDPR, it is where regulation is moving.

There are key differences between the CCPA and GDPR, which highlight the importance of being keenly aware of where your consumer data came from, where and how you’re using and storing it, and what you’re doing with it.

A few of the main differences between these two prevalent regulations are:



Collection of Data Sale of Data
Every company that processes personal data, without exception For-profit companies with gross revenue >$25mil collecting data for >50k Ca. residents OR with >50% revenue from sale of personal data
Opt IN from consumers Opt OUT by consumers

GDPR & B2B Tech Sales and Marketing Best Practices

Getting your B2B tech company on a path toward GDPR compliance also means improving your sales and marketing efforts. That annoyance, frustration, and violation you feel when you receive an unsolicited email or see an online ad is the same feeling your prospects feel when it happens to them.

Update Your Privacy Policy and Notify Subscribers

With GDPR, you notify individuals how their data is being stored and used. You can accomplish this with an updated privacy policy.

Bonus: An updated privacy policy is an excellent reason to email all of your subscribers to let them know of your updates, and prove your business is on the cutting-edge of technology and privacy.

Ask Users to Opt-In on Forms

Do you host webinars? Write eBooks and other content offers like white papers? Do you have a “request a demo” form? I’m sure the answer is “yes” to at least one of those.

Under the GDPR, your form needs to allow a user to provide opt-in consent before you are allowed to track, retarget or mail those users. This opt-in consent should be added to the bottom of your forms, with a simple checkbox that is un-checked by default for GDPR compliance, like this example from HubSpot:

GS180717 - GDPR - Hubspot Form - GDPRIf you are not required to comply GDPR, but want to take a step forward with consent, you can use an auto-consent, with a clearly defined opt-out option, like GoToWebinar does below:

GS180717 - GDPR - GoToWebinar Form - GDPRConsider adopting this opt-in protocol even if you’re not subject to GDPR regulation; after all, who wants to waste time on someone who is generally not interested?

If you use HubSpot, you can easily add this type of “consent checkbox” to any form by editing your GDPR content in your settings.

GS180717 - GDPR - Hubspot consent checkbox

Stop Emailing Your Unengaged Subscribers


Consider ignoring your non-engaged subscribers instead of continuing to hit their inboxes with content that no longer interests them.

If you use HubSpot, there is a contact property called “Sends since last engagement,” that allows you to create smart lists based on how many emails someone has received since their last engagement. Ignoring those who have been unengaged for 10+ emails is a solid start:

GS180717 - GDPR - Sends Since Last Engagement

And, you can also automatically opt out these individuals when you go to send an email in HubSpot. Their default is 11 sends since last engagement.

GS180717 - GDPR - Sends Since Last Engagement 2

If, however, you are frustrated about the amount of unengaged contacts in your system and want to keep them on board, we recommend sending an email asking them to engage. This is an excellent example from Animoto:

GS180717 - GDPR - Animoto

Notify Website Visitors of Your Cookie Usage


Internet users around the world are used to seeing banners like this one:

GS180717 - GDPR - Regular Cookies

We normally, blindly hit “accept,” without really thinking about the purpose of these cookies. GDPR aims to change that.

There are two types of website cookies: essential and non-essential. Essential cookies are necessary for providing the information requested by the user. All other cookies — such as analytics, cookies from advertisers or third parties, and other affiliates — are considered non-essential. Previously, being compliant simply meant letting website visitors know that you use cookies.

But according to the GDPR, because cookies can be used to uniquely identify a person, they should be treated as personal data. This means you must have consent for their use. The GDPR states that users must also have a choice in what cookies are used — which means going beyond the standard “this website uses cookies” safeguard.

Like all other types of consent under the GDPR, providing consent to a website to use cookies needs to be a clear affirmative action — such as clicking a box to say “yes.” These boxes cannot be pre-selected.

If you are subject to EU regulation, consider a consent lifecycle management tool like Clym that allows you to create a cookie notification that gives website visitors a choice.

GDPR - Custom Cookie ConsentDon’t Do Anything that Violates Someone’s Digital Privacy

The main difference between GDPR and the US-based regulations on the table currently is consent. GDPR requires an opt-in consent without any prefilled responses, whereas CCPA mandates clear opt-out options. Both regulations focus on allowing consumers to dictate where and how their data is being collected, stored, and used.

Even if your company is truly not subject to compliance with any consumer data legislation, it’s wise to consider what the trends mean to B2B companies. Regulating your data architecture, allocating dedicated resources, and developing response protocols are not overnight projects. Use the writing on the walls to get a head start. You might gain customer interest and loyalty in the process.

Treat your subscribers the way you’d like to be treated, and you’re already one step ahead.

The First Thing to Do After Reading this Article

Adopt the philosophy that consumer personal information is just that: personal and the consumers’. Even if you’re not ready to comply with GDPR, the suggestions listed in this blog are meant to get your business on the right track — to simplify compliance long term, while also improving your sales and marketing efforts.

Take a hard look at your data architecture. If you needed to comply with a similar regulation, what would it take? What can you do to get a head start?

Download our CCPA Checklist. Reviewing your privacy policy, creating data maps, and developing response protocols are all things you can do now before you need them.

Related Content

Want More HealthTech Insights?

We deliver marketing articles, resources, and more for your HealthTech company every week through our newsletter. Sign up today.