Skip to content

Everything You’ve Ever Wondered About B2B Compliance - Answered!

When it comes to B2B data, compliance is everything!

But how can you be sure you’re doing it correctly?

To help you understand the 2021 compliance landscape a little better, we hosted a webinar where four business and legal experts discussed everything from GDPR to B2B compliance best practices.

But, you still have loads of questions, right?

Well, we’ve brought our panel back together to answer your 9 most-asked compliance questions!


Navigate where you need to go, or scroll 👇 to start.

Does data have a shelf life? | Will B2B data ever require specific opt-in permissions in the UK? | How will Portugal’s ePrivacy rule affect the UK? | What’s the best response for - where’d you get my data? | How often should your data be updated to be GDPR compliant? | Can you keep details like the name and company of the individuals? | Will hosting data overseas infringe on GDPR? | Will the Intelligence Alliance bridge be extended? | Should you include your privacy policy in emails? | GDPR compliant data with Cognism

Listen to the webinar 

If you missed out on our 2021 B2B compliance landscape webinar or you’re keen to recap, click the button below 👇

Listen to the webinar 

B2B compliance FAQ

1 - Does data have a shelf life? 

There are different rules for how long you can keep data and for what purpose, depending on your location.

This can be anywhere from 6 months to 2 years, in accordance with when you last used the data in question.

In the UK, you can technically hold data for as long as you have a use for it.

For instance:

If you acquired data for marketing, you’re allowed to keep it for as long as you use it. But as soon as the data stops being useful for that purpose, it needs to be destroyed.

Another example would be:

A jeweller might sell you a ring every ten years. For those ten years, they have a legitimate reason for staying in touch. But after they’re up, they’d need to remove your data from their system.

James adds:

“It’s best practice to clean your data frequently. I’ve seen a number of systems with outdated data because it’s never cleaned - and that’s how you lose customers. You need to implement rules for compliance and data hygiene so you can spot and action stale data; whether that means removing it or replacing it to generate new business.”

2 - Will B2B data ever require specific opt-in permissions in the UK? 

Opt-in permissions are possible but unlikely.

The ePrivacy regulation is an EU law, and while the UK might eventually implement something similar it won’t be as stringent.

Eitan says:

“A lot of the drive around Brexit was to reduce regulation on things that are considered to have a low impact, and GDPR is already protecting people. For instance, if you’re spamming people, you’re already in breach of GDPR, so there wouldn’t be a need for an additional rule on that.”

3 - Portugal is putting forward an ePrivacy rule. So how will this affect the UK? 

Again, the privacy rules of other countries don’t have a big impact on the UK. However, we do have our own ePrivacy regulation that was meant to be released with GDPR. This is scheduled to take effect in late 2021 with a duration of implementation that’s set to last a year.

This regulation will protect the privacy of residents who are tracked via electronic communications like messaging apps. It will impact anyone who uses commercial media services, tracking cookies and customised advertising to do business.

4 - What’s the best response to give someone who asks where you got their data from? 

GDPR is about transparency, so it’s best to be honest and provide all your data sources.

With that said, you’re going to feel a lot better supplying them with these sources if you’ve procured your data through a reputable source. So make sure you have some kind of audit trail, check your supplier is legitimate and understand where the data ends up.

“If you’ve developed a relationship with this person, they become your contact, and it’s likely you’ve collected quite a bit of data from them through your conversations. You need to keep a record of the conversations and if they request you to relinquish all the data you have on them you need to do so as well as providing them with the conversations where you received that data.”

5 - How often should your data be updated to be GDPR compliant? 

There are two ways to look at this...

1. How it connects to your privacy policies

If the way you use your data changes or who you intend to share it with, then it needs to be updated along with your privacy policies.

For instance, if you were using the data for updates on your services and now you intend to use it for marketing, then your data needs to be updated.

2. How it connects to your operational systems

If you’re changing operational systems or segmenting your data over various CRMs then your data won’t need to be updated. However, you will need to update your registry to reflect this.

6 - When it comes to anonymising data, are you able to keep details like the name and company of the individuals? 

Anonymisation means losing all of an individual’s data. Because if they ask you to be forgotten, they expect you to delete all of the data you have on them.

Similarly, if you’re using this data for development then there will be a specific anonymisation pattern to follow.

Here you don’t need their phone number or email as long as you include data that looks like an email or phone number with their name, your test will still work.

7 - If you host your data in the EU but it’s backed up via the cloud in the US, will this infringe on GDPR? 

When you’re dealing with highly regulated industries like finance and pharma you will need to encrypt your data.

“Salesforce has a nice add on to ensure data protection and privacy called Shield. You do need to pay for it, but it will help combat this issue as this adds a level of encryption that even the Salesforce admin won’t be able to get past to view the data.”

8 - In the UK Intelligence Act, the Intelligence Alliance between the UK, US and Australia prevents the EU from giving the UK the adequacy decision. Is there a possibility of the bridge being extended? 

When the Prism Scandal happened and it became clear that the intelligence agencies, security services and law enforcement in the US could access whatever they wanted, it also applied to the UK but not to the same extent. This is because the UK falls under European law and has data protection and this occurred in the EU.

Eitan expands on this:

“I definitely think that’s a consideration of the adequacy decision but from what I hear it won’t be too big of an issue. DCMS were quite confident that adequacy would happen back in December but whether they extend the bridge, we can’t be sure but it’s entirely possible.”

9 - Do you need to include your privacy policy on all emails in order to be compliant? 

You don’t need to include your privacy policy in all emails, but you do need to include the option to opt-out of any marketing emails you send.

It’s always a good idea to include a link to your privacy policy at the bottom of your email, especially if you sell data. This way anyone reading it can go have a look without having to search on your website.

GDPR compliant data with Cognism 

Looking for data you can trust?

Power up your lead generation engine and identify and connect with your ideal customers right when they need you the most with Cognism - the world’s best all-in-one globally compliant prospecting solution.

Book an obligation-free demo today 👇

Request your demo now

The contents of this article are for the purposes of general awareness only. They do not constitute legal or professional advice. The content may have changed since this article was published. Readers should take appropriate professional advice for their own particular circumstances.

Read similar stories


6 things every B2B cold caller must do
6 Things Every B2B Cold Caller Must Do
Ring ring! Your phone is buzzing. On the end of the line are 3 top B2B cold callers, with 6 tips to help make your calls more successful. Click here!
Growth across borders: How not to be a naive tourist
Growth Across Borders: How Not to Be a Naive Tourist
Learn how intent data can help you tackle new market launches more confidently with Alice de Courcy (Cognism), Charles Crnoevich, and Matt Gower (Bombora).
Speed to lead: How to book record meetings from webinars
Speed to Lead: How to Book Record Meetings From Webinars
Our US team had a record-breaking sales day from webinar leads. We’re sharing the formula on how you can do the same. Read on to learn how.

Experience the Diamond difference.

See how our phone verified contact data can increase your connect rate by 7x. Book a demo today.

Skyrocket your sales

Cognism gives you access to a global database and a wealth of data points with numbers that result in a live conversation.

Find customers ready to buy

Cognism intent data helps you identify accounts actively searching for your product or service – and target key decision makers when they’re ready to buy.