How has GDPR affected B2B businesses?

Published Jun 24, 2019 | Written by Keith Errington


GDPR came into effect on May 25th 2018, so now, over a year later (as of the date of writing) what has its impact been? How has it affected business and marketers? And in particular B2B?

Expectations vs reality

One of the biggest fears for businesses was the level of potential fines that could be imposed under GDPR. Maximum fines under the legislation could be up to €20 million or four per cent of a company’s global turnover. There were many predictions that highlighted the huge levels of potential fines, with one report saying it might cost banks in excess of £4 billion over three years.

The reality is a little different. Total fines imposed by the EU in the first nine months were €55,955,871. This seems like a lot, but just one fine – the French authorities fine against Google – amounted to €50 million or 90 per cent of that sum.

For the rest, companies that have been fined have generally been fined small amounts that would make little impact on their balance sheets.

In the UK, not one single fine has been imposed. Whilst there have been a number of cases opened by the Information Commissioner’s Office (ICO), none have yet resulted in a fine. The approach taken by the ICO is generally one of negotiation and working with the business community to address potential problem areas rather than automatically resorting to fines and enforcement actions.

Overall, the most likely scenario is that authorities will go after big, high profile, global companies such as Google, as a highly visible lesson for everyone else.

The EU has stated that they are working through a backlog of reported cases, so we can expect more fines over the next twelve months, but they have also said that companies can reduce those fines significantly by cooperating. And in general, fines have been well below the maximum amount allowed under the legislation.

Another prediction, akin to the general alarm and panic caused by Y2K (AKA the millennium bug), is that companies would have to overhaul everything they do and change all their business practices. Whilst this smacks of hyperbole, most companies were worried about the potentially disruptive impact that becoming compliant with GDPR would have.

In the UK there was a very strong reason why this shouldn’t be the case – the vast majority of GDPR was based on existing legislation. If you were compliant with the current legislation pre-GDPR, there was actually very little you would need to do to conform to the new rules.

What GDPR did achieve was to cause businesses to focus on the issues around data protection, privacy and security of data, to ensure their practices were up to date. In the UK over 32,000 organisations have registered Data Protection Officers (DPOs) since the implementation of GDPR.

Data Breaches

Part of GDPR highlights the reporting of data breaches, and it has been very successful in this area – in the UK it is estimated that double the amount of data breaches have been reported since GDPR took effect – around 36,000. Across Europe, over 59,000 breaches have been reported during just the first eight months of GDPR.

Apart from the threat of legal action, another reason for the increase may be the creating of an easier framework within which to report them.

Impact on B2B marketing

Now that GDPR has been in place for over a year, the first studies and surveys about its effect are being produced and it seems to be generally positive. eConsultancy recently held a webinar on GDPR in B2B: One Year on where over half of the attendees said that GDPR had been good for marketing compared with 23% who disagreed.

I have often argued that the interruptive techniques of old-style marketing no longer work and that the buyer is now in control, choosing what to read and when to engage. Forcing your marketing upon unwilling victims is not a successful way forward in the modern business landscape.

What GDPR seems to have done is force some of the more reticent companies to take an inbound approach – to publish more content, to create more relevant information and to attract the customer rather than bully them. This focus on the customer’s needs rather than sales targets has paid dividends and the reluctant GDPR compliant businesses have now seen the benefits of this inbound, content-led approach.

Another benefit that was undervalued in the past but brought into the spotlight by GDPR is customer trust. Being more open and honest with customers has engendered greater trust, leading to a better business relationship and ultimately, more sales. Again, businesses that had failed to appreciate the importance of trust are now realising – through GDPR compliance – just how valuable that rare commodity is.

Perhaps the biggest changes to marketing practices have been in the area of consent. Websites, forms, databases systems and more, are all having to be changed, revised and updated to ensure that consent to collect and store personal data is freely and explicitly given and recorded. In addition, there is a time factor that needs adding into systems – as GDPR limits the length of time a business should hold on to data.

(There are also some GDPR implications for AI systems that make ‘significant’ decisions, such as for a loan – but these are rarely applicable in the realm of marketing).

So it seems that GDPR has forced companies to be more focussed, to improve their provision of content, and to examine all their systems and procedures – making them more robust, transparent and customer focused. You can probably see that all of these pressures are likely to improve a businesses’ marketing strategy and implementation.

Still work to be done

Of course, not everything is rosy – there are still many B2B businesses that are far from compliant, and many more still making the journey.

A recent survey by Hiscox for the IOD showed that over a third (39%) of SME’s still did not know who GDPR affects and 10% of SMEs erroneously think that consumers don’t have any new rights following the introduction of GDPR.

So, one year on and there is still work to be done by many businesses, but in general terms, not only has GDPR been introduced relatively smoothly into the UK’s business landscape – partly due to the acknowledgment by the ICO that companies will take time to adapt, but its implementation amongst businesses has created an increased focus on customer needs – generally improving their marketing practices and results.

Published by Keith Errington June 24, 2019
Keith Errington