More
Template is not defined.

Quick Guide: ABM and GDPR Compliance

How does ABM’s personalized approach align with GDPR’s principles of greater privacy? And what does it mean for your account-based approach in Europe?

Share
gdpr

Chapters

Chapter 1

Introduction

Chapter 2

Data Protection Legislation is On The Rise Globally

Chapter 3

How Do I Keep My ABM Efforts GDPR-Compliant?

Chapter 4

What About Intent Data & GDPR?

Chapter 5

How Does 6sense Source Intent Data?

Chapter 6

6sense & GDPR

Introduction

Chapter 1

Introduction

In our recent look at the differences between account-based practices in EMEA and North America, it was no surprise that General Data Protection Regulation (GDPR) made the list.

While companies covet the proven results of an account-based approach, they’re also concerned — and often a little confused — about how a deanonymizing go-to-market machine complies with privacy-based laws like GDPR.

So, does account-based marketing’s personalized approach align with GDPR’s principles of greater privacy?

The short answer is that 6sense is GDPR-compliant. But if you are considering other solutions, here are some things to consider.

Chapter 2

Data Protection Legislation is On The Rise Globally

GDPR was introduced by the European Union (EU) in 2018 to help protect individuals’ personal information and standardize data protection across Europe. Despite the ruckus surrounding its introduction, GDPR didn’t appear out of nowhere; it’s a stricter version of previous laws, designed for today’s data-ubiquitous world.

Although GDPR was passed by the EU, it applies to any organization that targets or collects data related to people in the EU. It’s also worth noting that despite Brexit, the UK still follows the same rules (for now).

GDPR’s prevalence has led some to believe data privacy is only a hot topic in Europe. But concerns globally have seen an increase in GDPR-like laws across the world, including South Africa and Israel, as well as the U.S. via the California Consumer Privacy Act (CCPA).

The rules may vary from region to region, but the principles are clear: You can’t play fast and loose with prospect or customer data. Today’s sellers and marketers must be scrupulous when handling or using any personally identifiable information (PII).

Chapter 3

How Do I Keep My ABM Efforts GDPR-Compliant?

Account-based marketing (ABM) is completely GDPR-compliant when you follow the principles of “data protection by design and by default.” In plain English, this means you must:

  • Get opt-in and consent
  • Be transparent and guarantee privacy
  • Share the right to withdraw consent
  • Only collect the data you need for its intended purpose
  • Be clear about how you plan to use the data
  • Make communications relevant
  • Protect data (through encryption or other measures)
  • Only hold data as long as necessary to fulfill its intended purpose
  • Delete data whenever asked to
  • Be accountable; i.e., have a team member in charge of GDPR

You can see a full GDPR checklist here.

If we cut through all the rules, the lead headline is that rather than violating GDPR, ABM actually better aligns your marketing with its principles. 

It’s about being selective, being targeted, and providing valuable communications for prospects legitimately interested in your solution. In other words, combining GDPR and ABM is a formula for good marketing.

Chapter 4

What About Intent Data & GDPR?

Most of today’s B2B customers conduct the majority of their buying journey through anonymous online research.

Any account-based platform worth investing in today uses intent data to shine a light on this activity and match it to specific accounts. Otherwise, you’re left with the 3% of website visitors who fill in forms and self-identify on your website. It’s important to note that the data is tied to accounts, not to individuals.

Intent data is a combination of signals that are generated when people search the web, visit your site, and visit third-party sites that share data. In the case of B2B buying groups, this combined data can reveal which companies are in-market for your solution (i.e., considering a purchase).

But is intent data GDPR-compliant?

First-Party Intent Data

First-party intent data is uncovered by activities on your website, or the data you already have in your CRM. To identify the activities of potential customers, your account identification solution will need access to this data.

To remain compliant, as the controller of PII, it’s up to you to follow the appropriate steps when sharing this data — including obtaining consent where required.

Third-Party Intent Data

What about the data generated when accounts are conducting research on websites that aren’t yours, such as online trade publications, blogs, forums, and communities?

Uncovering this third-party data is essential to better understand your in-market prospects. But whether or not that data is GDPR-compliant will come down to your account identification solution provider.

If you’re intending on using an account-based approach in Europe, always check that potential providers have the appropriate safeguards to process PII and source third-party intent data in compliance with GDPR.

Turning Data Into Insights

With the right safeguards in place, providers of intent data will match an intent signal to an account. For example, intent signals might show:

  • Whether “Acme Industries” is conducting research on ABM
  • What keywords were viewed
  • When the research was conducted

The intent signal doesn’t identify anonymous visitors at the “person” level, but surfaces account-level activity, meaning there are no blurred lines with personal data.

Chapter 5

How Does 6sense Source Intent Data?

6sense captures millions of buyer interactions every day, and then uses AI and machine learning to make B2B buying predictions and provide guidance to revenue teams.

We curate high-value intent data through our AI Platform. We only source third-party intent data from vendors that have direct relationships with publishers and that implement strict policies for opt-in and consent. We also have our own direct relationships with stand-alone publishers to collect relevant first-party intent data.

Chapter 6

6sense & GDPR

You can save a lot of time, money, and stress by using a GDPR-compliant account-based platform like 6sense. We’ve implemented comprehensive policies to protect our customers’ personal data in compliance with GDPR, including:

  • 6sense completed a GDPR service readiness audit prior to the enactment of the GDPR
  • All our generally available services and features that involve the processing of EU data adhere to the data protection standards required of data processors by the GDPR
  • As part of our GDPR compliance program, we review our security and privacy policies annually to ensure we comply with law and best practices

This means our customers can deploy 6sense as a key part of their GDPR compliance plans and proceed with confidence in any region.

Ready to see 6sense in action?

Picture of The 6sense Team

The 6sense Team