• Services Inbound and Content Marketing, Visual Storytelling, Marketing Automation and more
  • Who The Penguin team is comprised of seasoned B2B sales and marketing experts
  • Pricing
  • Resources We've drawn these marketing assets to make you succeed
  • Blog
  • Contact
    • 200 Continental Drive, Suite 401 Newark, DE, 19713 USA Phone number: +1 (302) 273-1730
    • 14 Haharoshet Street, Ra'anana, Israel Phone number: +972 (9) 7448854
  • Careers See what positions are available at Penguin Strategies!
GDPR And How It Affects B2B Marketing

GDPR And How It Affects B2B Marketing

Posted by The Penguin Team on Mar 27, 2018



have an admission to make. I am a recovering attorney. Before starting in B2B marketing and sales I was a practicing lawyer. When I switched careers, I knew that my legal skills would play a part but I didn’t think actual laws would come up that much.

It’s March 2018 and The EU General Data Protection Regulation (GDPR) is 2 months away, and marketing and sales teams are not prepared!

What is GDPR?

GDPR is a vast EU regulation, updated from the original 1995 regulation designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy in an increasingly data driven world.  

GDPR’s impact is largely due to its extended, global jurisdiction. If your business deals with any EU residents and you collect EU resident information, whether or not your database or HQ is in the EU, then the regulation applies to you.

The regulation affects many parts of the organizations, and there are several key areas to GDPR that must be looked at. The GDPR website provides a basic list of key changes

Before continuing I must provide a disclaimer:


Now that that is out of the way, and you know you should consult a lawyer, we wanted to share what we know about GDPR and practically, its effects on how we do inbound marketing and sales.

GDPR - Consent

The main part of GDPR that impacts marketing is the required consent to store personal information and consent to be contacted.

Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language.

The regulation also adds that It must be as easy to withdraw consent as it is to give it.

GDPR stress

 The Privacy Policy  on the website.

Most websites have a legal page. However, websites can no longer stick the Terms and Conditions and privacy policy tucked away in the footer, when an EU citizen visits your page for the first time.

They now must be greeted with a message that tells them you are collecting information about their visit and provide a privacy policy and cookie policy in plain and not overly legal language.

There must also be a purpose stated for collecting the information.  Visitors must also have the option to accept or decline acceptance.

Permission for Future Contact

If your website has landing pages that offers content in exchange for a visitor filling out a form, GDPR consent compliance is critical.

The form is where you capture personal information, which typically includes name, email, and the IP address, as well as a host of other web data that gets passed along with the form submission.

The general consensus, although there is no legal case yet to say otherwise, all forms must now contain a link to the Privacy Policy, and an opt-in checkbox.

Forms must contain clear language that indicates the contact is providing information in compliance with the terms of service and privacy policy. 

The exact language of that opt-in checkbox must be drafted in a way that consent is ‘freely given, specific, informed, and unambiguous’. Consult with your legal team for the exact language for compliance.

Reason for Collecting Data

As marketers we want to collect as much information as we can about a contact so that we can qualify the lead and pass them on to sales.

GDPR though has a section on the reason and purpose for collecting data. This aspect is often overlooked, but is also critical to the marketing team and the fields we put in out forms. All information you collect needs to be justified.

Some of the information you collect through progressive/smart forms might have been called "nice to have" per GDPR, each additional field such as "What products do you use?" or when is your next project" needs to be documented why you need that field, for example: "Sales requires that information to qualify the lead and meet clearly defined business objectives."  

This can be documented internally, and displayed on the form as additional information. It doesn’t pay to be creepy and collect every little bit of detail and information you probably will never use.

Only ask for the basics and business related questions.   

Right to be Forgotten

There are tons of important aspects of GDPR, but one other important rule is the right to be forgotten. On a top level, emails have ( at least they should have) unsubscribe links and that is one way a contact can opt-out.

With new GDPR regulations, a contact has the right to ask that the entire record be transferred to him and permanently deleted.

Most CRMS make compliance here easy. Hubspot for example allows you to export the entire contact record to a readable file, and also permanently delete a record with a few clicks.  

What to do Next?  

As of this writing GDPR is 59 days away. Your next step should be to consult with your lawyer. GDPR is serious business. With the increase in the number of data breaches, GDPR helps keep people’s identity and personal information safe; that’s a good thing.

However, from the marketers perspective, it is a significant change that cannot be ignored. With penalties in the 10’s of millions of Euros, the costs are too high.

 GDPR for Marketers Free Consultation

The Penguin Team

Written by The Penguin Team

We help B2B Technology Companies, enterprise software and hardware companies increase brand awareness, reach more qualified leads and close more customers.

Subscribe to
Penguin mailing list