Request demo


Talk to more prospects,
close more deals

2021 B2B compliance landscape

February 23, 2021

We recently hosted a webinar on data compliance in 2021. If you’ve got any questions about staying compliant this year, it’s definitely worth a watch. If you’re after an overview of the webinar, you’re in the right place.

The panel for this webinar consisted of four business and legal experts:

Covering the following topics, which you can click to navigate to the relevant section:

GDPR | CCPA | Brexit | Data management and governance | B2B compliance best practices | Listen to the full webinar


Aksa Kalam kicked the webinar off with a section on GDPR compliance.

“GDPR exists to give people more control over their data, and set out ways in which companies must process the customer data they hold.” - Aksa Kalam

In this section, Aksa outlined the reasons for GDPR, and the reasons why common B2B marketing and sales practices, like cold calling and outbound email, can still be undertaken in a lawful way.

The key takeaway here is legitimate interests.

That’s processing of data, which is necessary for legitimate interests by the controller (or third party). Except where such interests are overridden by the interests, fundamental rights, or freedoms of the data subject - which require protection of personal data.

Aksa also covered the ways in which Cognism stays GDPR compliant, which include:

  • Having the appropriate privacy policy, including notices, records and assessment documentation.
  • Always making it clear where marketing emails come from, how to contact us, and where to opt-out.
  • ICO registration, a clear lawful basis to process data.
  • B2B data and secure storage of that data.
  • Ease of access for individuals to exercise their rights with respect to our processing.


“This is a California state law. It might not apply to your particular business. It depends on the proportion of your revenue coming from monetising profiles in California.” - Eitan Jankelewitz

It’s much more focused on the trading of data.

Eitan covered the ways in which Cognism stays CCPA compliant, which include:

  • An externally-facing privacy policy which has a dedicated section directed at California residents.
  • Registry as a data broker with the California Attorney General.
  • Two dedicated methods for consumers to submit CCPA rights requests, including a US toll-free number.
  • Procedures for responding to consumer rights requests, including verifying the identity of the requesters.
  • An opt-out form on the site to allow consumers to opt-out of the sales of their data. Cognism respects and implements all such opt-outs.
  • Appropriate security measures.


“The new UK data protection framework obligates businesses based outside of the UK, reaching out to UK markets, to appoint a representative in the UK.” - Aksa Kalam

There are now two legal provisions which may mandate businesses to appoint representatives: UK GDPR and EU GDPR.

At the moment, the UK is seeking adequacy from the European Commission. If it’s granted, there will be no special authorisation required and personal data will continue to flow freely from the EU to the UK.

In the event of no adequacy, we will have to rely on “appropriate guarantees” to ensure a sufficient and appropriate level of protection for personal data transferred from the EEA to the UK. These appropriate guarantees include:

  • Standard contractual clauses (SSCs).
  • Binding corporate rules (BCRs).
  • Codes of conduct or certification mechanisms.
  • Legally binding and enforceable instruments between public authorities or bodies.

Data management and governance

In this section, Vincent Delamarre discussed data management and governance.

“You have to protect your data and make sure it’s compliant. There are three things you need to be aware of: documentation and process, automating consumer rights and securing personal information.” - Vincent Delamarre

Let’s break those down a bit.

1 - Documentation and process

This starts with a compliance policy. It’s about what you consider to be personal data, and how long you plan on keeping your data. There are guidelines for this, but it’s also about how you tailor it to your situation.

2 - Automate consumer rights

You need to ensure consumers have: Right of Access, Right of Erasure and Right of Portability.

3 - Secure personal information

Consent expires after a certain amount of time, so you have to make sure data is not kept past its personal data lifecycle.

The amount of time varies depending on location and what is considered legitimate in a particular business.

The requirement is that personal data is not held any longer than necessary. When it stops being useful, best practice is to have an automation set up to remove it. This could be done after a certain amount of time or number of touch points.

Cognism offers a service called Enhance, where expired data can be updated. This will add value to your data set while meeting GDPR requirements.

The last security measure you need in place is data breach detection. You must have a system in place to alert you if there’s been a data breach. The penalties for not acting on a breach can be very severe.

B2B compliance best practices

In accordance with everything spoken about, here are a few of the best practices adopted by Cognism:

  • Notifications to data subjects.
  • Implementation of an effective system to respond to data subject requests.
  • TPS and CTPS phone number checking, to ensure compliance.
  • Appropriate training to employees, to ensure that privacy is at the forefront of employees’ minds.
  • Adequate protection procedures and agreements with third parties.
  • Regular reviews to ensure we’re always compliant with emerging and existing regulations.

Listen to the full webinar

If you’d like to go a little deeper on the topics mentioned in this recap, be sure to listen to the full recording. It’s packed with expert insights, including a section on predicting the 2021 landscape and an in-depth Q&A.

Here’s your link. 👇

Listen to the full webinar

The contents of this article are for the purposes of general awareness only. They do not constitute legal or professional advice. The content may have changed since this article was published. Readers should take appropriate professional advice for their own particular circumstances.