GDPR or General Data Protection Regulation was implemented in 2018, and is considered to be the toughest privacy and security law in the world.
At its heart, GDPR compliance is about protecting the data and privacy rights of individuals and ensuring businesses are transparent about their data usage.
Though it was drafted and passed by the EU or European Union, GDPR is applicable to organisations across the world if they target or collect data related to people in the EU. As a result, digital advertisers, marketers and technology services providers across the globe have had to update their policies and practices, for example by providing opt-in or opt-out systems for their customers. This has particularly impacted inbound marketing, email marketing and first-party and third-party data usage.
Companies who violate GDPR standards risk facing hefty fines which could reach into the tens of millions of Euros.
Even big tech is not exempt from GDPR compliance. Google was fined 50 million euros in 2019 for not properly disclosing to users how it collects personal data to aid targeted advertising. And Amazon was fined 746 million euros this year for breaching regulations.
The Terms and Conditions of GDPR
GDPR is about consumer consent, and this is dependent on how the “personal data” of EU individuals is “processed”.
"GDPR is applicable to organisations across the world if they target or collect data related to people in the EU"
Personal Data is information which can be used to identify an individual. This includes but is not limited to the name, phone number or bank details of a European user, or even their cookies and IP address.
“Processing” refers to how that personal data is obtained or used.
In GDPR terminology, an entity which is a “data controller” collects or processes personal data and decides what to do with it, while a “data processor” is a third party that does not collect personal data from individuals but is given it by a controller and follows their instructions regarding how to process it.
In essence, where data is stored, what data constitutes personal data, who can access this data and how this data is used must be clear to all parties involved.
Why is this important? Because if you’re using intent data to inform your European marketing strategy, you need to make sure you ask the right questions of your intent data provider to ensure GDPR compliance.
Third-party data plays an important role in B2B marketing—in 2018, B2B marketers in the US alone spent $19 billion on the acquisition of customer data, and that was a 17% increase from the year before.
But with GDPR, there are now valid concerns about what will happen to data collection practices, particularly when it comes to tracking European buyer intent—for example, by detecting behavioural signals from third-party websites such as searches, clicks, views and shares. Such data can undoubtedly supercharge your marketing, but it must be GDPR-compliant to avoid legal risks and severe fines.
"Personal Data includes, but is not limited to, the name, phone number or bank details of a European user, or even their cookies and IP address."
While GDPR states “There’s nothing inherently wrong with sharing people’s personal data with third parties,” it also states that “you have to go about it the right way”.
Therefore, in order for third-party data to be GDPR-compliant, data controllers must follow a GDPR compliance checklist and, broadly speaking, ensure the following:
- have a lawful basis for collecting personal data (in most cases, this is consent that is properly sought and freely given by the individual)
- be transparent about data collection practices and guarantee privacy rights
- be clear about intentions (and this information must be provided when personal data is collected from the data subject)
- implement “appropriate technical and organizational measures” to protect data (such as encryption)
- be accountable (by appointing a data protection officer or assigning someone within the organisation to ensure GDPR compliance is met)
Businesses therefore face two options—either avoid using third-party data, or find an intent data provider that provides GDPR-compliant data and has a plan in place to navigate the ever-evolving landscape of data privacy.
GDPR, Intent Data, and Tracking European Intent Signals
Cyance understands that for many businesses GDPR is a concern—it’s an essential part of the evaluation process for many of the marketing professionals considering us as a platform.
"If you’re using intent data to inform your European marketing strategy, you need to make sure you ask the right questions of your intent data provider to ensure GDPR compliance"
And this is what we say:
- Cyance is 100% GDPR compliant. We can provide robust legal documentation to demonstrate this.
- We offer account-based marketing or ABM solutions, which means we profile companies, not people and their personal data.
- We are a data processor, not a data controller, and we do not own personal data.
GDPR is often the reason why leading businesses work with Cyance to identify the best accounts in Europe—they know they can trust us to deliver intent data which is 100% GDPR compliant.
That and we track over 30,000 websites from Europe and support intent discovery in multiple languages, making us the leading provider of intent data outside of the US.
Cyance is also working with a number of identity-resolution companies, publishers and display-advertising platforms to build audiences that are not third-party cookie-based but instead synced with a unique universal identifier. We view this as the best way forward in order to guarantee transparency and data privacy. We are well on target to have this technology and functionality available comfortably before any reduction in the tracking ability of cookies based on any timelines provided by Google and other key players so far.
GDPR and ABM Strategy
GDPR might result in the quantity of B2B marketing data reducing, but it will certainly result in an improvement of the quality of leads. With legitimate interest comes high intent. Such a change complements ABM, which favours a highly targeted approach.
And ABM also happens to be the most effective marketing strategy for B2B sales expansion in Europe. Sales and marketing strategies that treat “the European market” as a single market gloss over nuanced differences between market segments. By contrast, ABM, particularly 1:1 ABM, focuses on target accounts which exhibit high intent and treats them as their own individual markets.
Such an approach focuses your resources on intent most likely to result in a closed deal.
Ultimately, GDPR is a positive for both companies and end users—it brings with it heightened privacy and security, enriches customer experience, and improves the quality of B2B marketing data to better inform your business strategy.
"With legitimate interest comes high intent. Such a change complements ABM, which favours a highly targeted approach"