Data Privacy Jun 14, 2019 2:01:16 PM 1 minute read

GDPR — Information about the new General Data Protection Regulation

The new General Data Protection Regulation has been in effect since May. We will show you what measures B2B companies need to take now.

Since 25 May, EU Member States have had to implement the new General Data Protection Regulation (GDPR). For businesses, this means that from now on they will have to respect a high level of data protection across the EU if they do not want to risk severe penalties. We have summarized the measures companies should now take and the effects the data protection regulation will have in the B2B sector.

The General Data Protection Regulation—Pan-European protection standards

The DSGVO entered into force on May 25, 2016 and must be implemented by the EU member states only now, after a two-year transitional period. It is valid throughout the EU and unifies the data protection standards in the member states. Essentially, the GDPR pursues two objectives: It is intended to strengthen consumer rights and make businesses more accountable. At the same time, the regulation prevents globally active companies such as Facebook and Google from establishing themselves in the country with the lowest data protection standards—which has so far usually been Ireland, where Facebook, for instance, has its European affiliate.
To date, only a quarter of the German companies have fully implemented the GDPR.

GDPR for companies—Who is affected?

A brief summary: The GDPR affects (almost) all companies. It applies to Internet giants as well as to bloggers or freelance photographers. This is because almost every company collects personal data on its website through which users can theoretically be identified. This includes, without limitation, the following data:

Everyone collecting such information from their website visitors or using Google Analytics must therefore take measures to avoid getting into trouble.

Data protection in the B2B sector

The impact of the GDPR on the B2B sector is more difficult to define. On principle, the regulation refers to the data of natural persons and non-legal entities. However, anyone sending out advertising within the B2B sector usually reaches employees of a company in their professional position. As their personal data is collected, the GDPR generally applies. According to the E-Commerce Association, however, article 6(1)(f) of the GDPR, which calls for a balancing of interests, is to be applied in such cases.  It should therefore be borne in mind that the General Data Protection Regulation is intended to strengthen consumer data and is not aimed at commercial customers. The data protection regulation is therefore applied with the proviso that advertising may be sent to employees in their professional capacity as long as they have not objected to the processing of their data for advertising purposes. 

Amendments by the GDPR

Compared to other EU member states, the German Federal Data Protection Act had already been quite strict, so that German companies have to make comparatively few changes. The following points must be observed:

Since the GDPR has introduced a documentation requirement, companies should be able to prove at any time that they have received the consent for data processing.

Therefore, a double opt-in procedure is recommended for lead management. This involves the interested parties actively setting a checkmark when registering, for example, for a newsletter. They then confirm their choice once again by clicking on a link they receive. These transactions are archived in the CRM or MDM system so that they can be used by the company to fulfill its obligation to provide proof. Important: If a company sends out several newsletters on specific topics, consent must be obtained for each individual newsletter.

Please note: The listed points are for information purposes only and do not constitute legal advice. Further information for companies, however, has been compiled by the Federal Government here. In legal matters, lawyers with a focus on data protection law will also be able to help you.

Many companies are worried about the General Data Protection Regulation because a violation could result in severe penalties of up to four percent of the annual turnover. However, political proposals are currently being discussed for laws to stop penalties for negligent violations for the time being. Whether this forbearance will actually be implemented by the Federal Government remains to be seen.

For the time being, companies should see the regulation as an opportunity to distinguish themselves towards their own customers. Since data scandals are currently getting high media coverage, websites that deal with data processing transparently and offensively make a positive impression.

If your website is optimized in terms of data protection, the foundation for targeted online marketing measures is laid. TrustedTargeting helps you reach three million B2B decision-makers online at any time. Find out how many of your industry decision makers you can reach.

Get informed now and generate valuable B2B leads in no time with the Trusted Targeting Tool: 1 interface - 5 ad networks - 159 segments. Reach Messe München's high-quality B2B target groups on Facebook, Google & Co. All in one marketing tool and for every expert level.