Everything You’ve Ever Wondered About B2B Compliance - Answered!
When it comes to B2B data, compliance is everything!
But how can you be sure you’re doing it correctly?
To help you understand the 2021 compliance landscape a little better, we hosted a webinar where four business and legal experts discussed everything from GDPR to B2B compliance best practices.
But, you still have loads of questions, right?
Well, we’ve brought our panel back together to answer your 9 most-asked compliance questions!
- James Isilay - CEO, Cognism
- Aksa Kalam - Head of Legal, Cognism
- Eitan Jankelewitz - Partner, Sheridans
- Vincent Delamarre - Chief Growth Officer & Co-Founder, Odaseva
Navigate where you need to go, or scroll 👇 to start.
Listen to the webinar
If you missed out on our 2021 B2B compliance landscape webinar or you’re keen to recap, click the button below 👇
B2B compliance FAQ
1 - Does data have a shelf life?
There are different rules for how long you can keep data and for what purpose, depending on your location.
This can be anywhere from 6 months to 2 years, in accordance with when you last used the data in question.
In the UK, you can technically hold data for as long as you have a use for it.
If you acquired data for marketing, you’re allowed to keep it for as long as you use it. But as soon as the data stops being useful for that purpose, it needs to be destroyed.
Another example would be:
A jeweller might sell you a ring every ten years. For those ten years, they have a legitimate reason for staying in touch. But after they’re up, they’d need to remove your data from their system.
“It’s best practice to clean your data frequently. I’ve seen a number of systems with outdated data because it’s never cleaned - and that’s how you lose customers. You need to implement rules for compliance and data hygiene so you can spot and action stale data; whether that means removing it or replacing it to generate new business.”
2 - Will B2B data ever require specific opt-in permissions in the UK?
Opt-in permissions are possible but unlikely.
The ePrivacy regulation is an EU law, and while the UK might eventually implement something similar it won’t be as stringent.
“A lot of the drive around Brexit was to reduce regulation on things that are considered to have a low impact, and GDPR is already protecting people. For instance, if you’re spamming people, you’re already in breach of GDPR, so there wouldn’t be a need for an additional rule on that.”
3 - Portugal is putting forward an ePrivacy rule. So how will this affect the UK?
Again, the privacy rules of other countries don’t have a big impact on the UK. However, we do have our own ePrivacy regulation that was meant to be released with GDPR. This is scheduled to take effect in late 2021 with a duration of implementation that’s set to last a year.
This regulation will protect the privacy of residents who are tracked via electronic communications like messaging apps. It will impact anyone who uses commercial media services, tracking cookies and customised advertising to do business.
4 - What’s the best response to give someone who asks where you got their data from?
GDPR is about transparency, so it’s best to be honest and provide all your data sources.
With that said, you’re going to feel a lot better supplying them with these sources if you’ve procured your data through a reputable source. So make sure you have some kind of audit trail, check your supplier is legitimate and understand where the data ends up.
“If you’ve developed a relationship with this person, they become your contact, and it’s likely you’ve collected quite a bit of data from them through your conversations. You need to keep a record of the conversations and if they request you to relinquish all the data you have on them you need to do so as well as providing them with the conversations where you received that data.”
5 - How often should your data be updated to be GDPR compliant?
There are two ways to look at this...
1. How it connects to your privacy policies
If the way you use your data changes or who you intend to share it with, then it needs to be updated along with your privacy policies.
For instance, if you were using the data for updates on your services and now you intend to use it for marketing, then your data needs to be updated.
2. How it connects to your operational systems
If you’re changing operational systems or segmenting your data over various CRMs then your data won’t need to be updated. However, you will need to update your registry to reflect this.
6 - When it comes to anonymising data, are you able to keep details like the name and company of the individuals?
Anonymisation means losing all of an individual’s data. Because if they ask you to be forgotten, they expect you to delete all of the data you have on them.
Similarly, if you’re using this data for development then there will be a specific anonymisation pattern to follow.
Here you don’t need their phone number or email as long as you include data that looks like an email or phone number with their name, your test will still work.
7 - If you host your data in the EU but it’s backed up via the cloud in the US, will this infringe on GDPR?
When you’re dealing with highly regulated industries like finance and pharma you will need to encrypt your data.
“Salesforce has a nice add on to ensure data protection and privacy called Shield. You do need to pay for it, but it will help combat this issue as this adds a level of encryption that even the Salesforce admin won’t be able to get past to view the data.”
8 - In the UK Intelligence Act, the Intelligence Alliance between the UK, US and Australia prevents the EU from giving the UK the adequacy decision. Is there a possibility of the bridge being extended?
When the Prism Scandal happened and it became clear that the intelligence agencies, security services and law enforcement in the US could access whatever they wanted, it also applied to the UK but not to the same extent. This is because the UK falls under European law and has data protection and this occurred in the EU.
Eitan expands on this:
“I definitely think that’s a consideration of the adequacy decision but from what I hear it won’t be too big of an issue. DCMS were quite confident that adequacy would happen back in December but whether they extend the bridge, we can’t be sure but it’s entirely possible.”
GDPR compliant data with Cognism
Looking for data you can trust?
Power up your lead generation engine and identify and connect with your ideal customers right when they need you the most with Cognism - the world’s best all-in-one globally compliant prospecting solution.
Book an obligation-free demo today 👇
The contents of this article are for the purposes of general awareness only. They do not constitute legal or professional advice. The content may have changed since this article was published. Readers should take appropriate professional advice for their own particular circumstances.