"Aaaaarrrrr, don't talk to me about GDPR" or "that doesn't apply to us" or "what's GDPR?". All very common responses when I talk to business owners in Automotive. Now that the 25th of May has been and gone - think millenium bug of data - I wanted to tell you what I've learned with some practical advice and 'how to' information in this GDPR overview with regards to being GDPR-friendly and approaching it in a sensible fashion that actually helps improve your business and sales.
Also, yes, the deadline to become GDPR compliant has been and gone, for EVERYBODY, but, what I'm seeing is that most Automotive companies haven't understood what they should do and mostly haven't done that much or anything at all.
I'm not a GDPR expert but I have spent at least 3-weeks solid researching GDPR and coming up with sensible updates, processes, and procedures for our clients so here's your chance to get everything I've learnt in our new blog post series.
First, this is not legal advice. It’s just what I think you could do to help become GDPR-friendly based on a lot of research. It’s up to you what you want to do. And, I’m also only considering B2B. If you have questions about what data you store and how to create all the correct legal policies then I'll put my hands up and say take a look here at our GDPR page and book a short consultation, then I'll put you in contact with our GDPR partner that handles that side of GDPR.
Also, GDPR isn’t the death of B2B sales and marketing if you know the different forms of Lawful basis for processing that can be used and you treat your contacts in an ethical way.
Questions I hear a lot are: Is private and business data different? Do I need to comply with GDPR even though I’m not in the EU and/or don’t sell to the EU?
There’s no easy way to separate private (home) and business (work) data. And, there’s no easy way to know if your contacting an EU citizen. For this reason, I’d plan to be GDPR-friendly with ALL activity.
Some examples:
All our clients use HubSpot CRM so capturing the above is made a lot easier as they have a central place to capture, track, and update this information. I'll go into more detail about that in future posts.
Here’s the ICOs description of Legitimate interests: if you are a private-sector organisation, you can process personal data without consent if you have a genuine and legitimate reason (including commercial benefit), unless this is outweighed by harm to the individual’s rights and interests. Private-sector organisations will often be able to consider the ‘legitimate interests’ basis in Article 6(1)(f) if they find it hard to meet the standard for consent and no other specific basis applies. This recognises that you may have good reason to process someone’s personal data without their consent – but you must ensure there is no unwarranted impact on them, and that you are still fair, transparent and accountable.
That's it for this post. In the next blog posts in this series, I'll walk you through various steps to help you become GDPR-friendly and they'll include: