Forrester Says Only 15% of B-to-B Marketers Are Fully Compliant With GDPR

Less than half have even audited their data

According to a new report by Forrester, many B2B marketers aren't prepared for GDPR. Getty Images
Headshot of Marty Swant

The advertising industry’s digital day of reckoning is a little more than two months away, when the European Union’s wide-ranging regulations for data protection and privacy go into effect on May 25. So it would be rational to think, being only 10 weeks away, brands would be well on their way toward making sure they’re compliant with these new laws. However, you’d be wrong. That’s especially true with business-to-business marketers struggling to make sense of the upcoming laws while coming to understand that they’re just as accountable as their larger consumer-packaged goods marketing brethren.

According to results of a report released this week by Forrester, only 15 percent of b-to-b marketers are fully compliant with the General Data Protection Regulation (GDPR), while 18 percent are still wondering what to do. In fact, of the 66 marketing professionals surveyed in January, less than half of marketers had even even assessed all points from which they collect data.

“Maybe we’re going to play some catch-up for ignoring some good practices that should have been adopted long ago,” said Forrester analyst Lori Wizdo, who co-authored the report. “These are not unmeetable rules. They’re not unrealized rules. And it’s a challenge that needs to be accomplished, but it’s not impossible.”

The most common challenge is making sure past and current data is compliant with GDPR guidelines, with 89 percent reporting the task as either a “major challenge” or “somewhat of a challenge.” Marketers also said they’re challenged by assessing third-party data collectors and processors, communicating specific purposes of data and balancing user experience with asking for consent for collecting data.

According to Forrester, marketers have been slow to comply because they don’t think the new rules apply to businesses with headquarters outside of the EU. However, it actually applies to any marketer around the world that collects data from EU citizens. It’s also because the definition of “personal data” is much broader than many realize. For example, it applies to individuals, which means any company with employees from the EU are subject to protect its employees’ data. It also applies to even the most basic data points such as email addresses and telephone numbers. And it’s important to be compliant, as companies risk fines of 20 million Euros or 4 percent of their global revenue, whichever is bigger, if they’re not.

Not everyone is entirely behind. According to Forrester, 39 percent plan to be compliant within 12 months, while another 23 percent are at least partially compliant. Meanwhile, 7 percent said they weren’t familiar with GDPR, while another 5 percent said they weren’t sure of their company’s progress.

According to Wizdo, larger companies seemed to be much further along than smaller companies. That’s partially because they’re more likely to have a more global reach and therefore more global risk. However, she said many marketers are finally realizing their management of b-to-b data has not always been the most competent.

“There are so many parts of an organization that need to be a part of this that it’s going to help start a pivot toward this culture of privacy,” Wizdo said.

While much of GDPR seem like overregulation, Forrester said there are some benefits marketers might find meaning from. For example, it could help put more emphasis on the quality of data rather than the sheer quantity of it.

Some are already seeing payback. The report cited Beki Scarborough, vp of marketing at ForgeRock, who said rethinking how the company collects data has already increased the total number of inbound leads, including an increase in requests for contact from a white paper.

“When did the going rate for a white paper become a mailing address, telephone number and work email address?” Scarborough said, according to the report. “We knew it wasn’t the best experience, but only when we were pressed by GDPR did we change.”

NexTech, July 27-30, 2020 Don't miss Adweek NexTech, live this week, to explore privacy, data, attribution and the benchmarks that matter. Register for free and tune in.

@martyswant Marty Swant is a former technology staff writer for Adweek.