Today, May 25, 2018, the protection of personal data has become a real challenge for companies as the GDPR comes into force. Thus, the processing of personal data is more strictly regulated. So now you should keep this in mind while prospecting to avoid the restrictions imposed by CNIL. Let’s check in…
Consent, one of the mainstays of GDPR
As part of the development of its activities, a company must collect personal data of its customers or prospects to implement its prospecting strategies. The process used is the same as in the context of B2C or B2B marketing. Marketers may not collect or use personal data without the consent of their owners. It is one of the 6 legal bases of GDPR.
This provision is set out therein by Articles 4 and 7 already mentioned in the Data Protection Act of 1978 and updated in 2004. Consent gives permission to the persons to whom it relates.take control of their data,
They have the right to know what the data collected by a company will be used for. They may decide to decline this experiment if they decide that it could possibly harm them. They can also accept the facts on their own free will with full knowledge of the facts.
In the end, whether they accepted or declined, they are entitled to change their mind. Whether B2C or B2B, GDPR requires companies to clearly specify and authenticate their identity and provide objection forms to customers who no longer wish to receive these emails, which they often consider offensive . The said form must contain a link that allows them to unsubscribe or unsubscribe.
Opt-in to B2C
Differences can appear between B2B and B2C companies in terms of consent.
In the context of consumer business marketing (B2C) where commercial exchanges take place between companies and individuals, opt-in is required. The recipient’s consent must be obtained prior to any form of advertising prospecting. The agreement should be clearly stated. He agrees to receive all kinds of newsletters, digital advertisements, through his email, or his telephone number.
If the Company wishes to transfer the data held by it to other partner companies, the Customer must also give its consent. However, two exceptions should be noted. Consent is not mandatory for those who are the subject of prospecting and who have already made purchases from the Company. It is valid if the products offered to him are the same as those previously purchased.
Opt-out in B2B
B2B marketing refers to the commercial exchange between two companies. in this matterconsent is not required, And the opt-out principle is applied. In this context, sending a commercial email would not require authorization from the recipient.
However, it is mandatory that the latter be notified of any commercial use to be made from his/her email address. In addition, the products or services that are the subject of digital marketing must be related to the business activities of the person contacted.
Rights of the individual with respect to the use of data
Apart from consent, the protection of personal data is the same for all residents of the European Union. This is why the transfer of data to the United States can be problematic, as laws can vary from country to country outside Europe. Individuals whose personal data has been collected by a company can now exercise their rights, as already mentioned in Directive 95/46/EC, which has been repealed in 2018 with the implementation of GDPR. was given:
- the possibility for those whose personal data is collected for business purposes, to recover it at any time;
- He has a right to be forgotten. This includes asking the data controller to remove personal information that could harm him from the World Wide Web;
- The customer also has a right of protest, which means that he can deny the use of his data by a company or an organization if the purpose is not for commercial purposes. The opposition must be justified. However, if its use falls within the framework of commercial prospecting, the right of opposition may apply without reason;
- When the collected data is used, it may be subject to errors. The persons concerned can then exercise their right of rectification. This right may also intervene when it is necessary to update personal information or when it has been restricted from collection or protection.
Liability of companies on the use of personal data collected
Personal data that companies collect, whether through free access directories, through forms intentionally filled out by an Internet user, when subscribing to newsletters, or requesting quotes for work, for example. Collections may be made through the searches it performs or the sites it visits.
Marketing strategies are developed from this information from Internet users’ publications, their centers of interest. Regardless of how this data is obtained, companies are required to enter it in a detailed register so that it can be traced and identified later.
Whether B2B or B2C, apart from maintaining a register, Marketers should specify how long the data is kept. There is no fixed legal period. But when the objectives defined by the marketing strategy implemented are achieved, personal data recorded by the company must be deleted, anonymized or pseudonymized so that they cannot be identified. All safety measures must be taken to prevent leaks or illegal use.
GDPR emphasizes three elements to optimize the protection of user data.
- Data controllers should ensure that only the data contained in the products/services is collected.
- Also, it is mandatory for customers to specify to use it. Some companies hold sensitive data that may affect a person’s personal rights and freedoms. They include the application of data security impact assessment. This is imperative in the context of the processing of health data, including the collection of sensitive data relating to so-called vulnerable people.
- This is also necessary when the data collected is used to profile people to be recruited for a job, or when it is intended for monitoring that people once employed. This can also happen when the data is used for profiling, as is often the case with the personalization processing of digital advertisements.
Finally, GDPR changes the way marketing works, be it B2B or B2C. To avoid being penalized, a company and its partners must abide by the rules.