Privacy Law-Compliant B2B Marketing: A Guide

Privacy Law-Compliant B2B Marketing: A Guide

Is your consumer’s well-being and privacy important to you and your company? Well, it should be.

Since the birth of the industry, marketers have had ethical questions (and accusations of being unethical) fired at them from every angle. And these allegations aren’t isolated to just being directed at companies who’ve suggested that supermodels can bring about world peace with a soft drink. Customers whose privacy has not been maintained owing to lax policies have also voiced their concerns—calling for changes, ramifications, and accountability from the companies involved.

In this regard, the customer is undeniably right. No one deserves to have their privacy infringed upon, or have confidential information about them made publicly available without their consent. Consumer rights activists and government organizations have been successful in formalizing these concerns into laws, and that’s how we have the GDPR, CCPA, and countless other existing and upcoming data protection laws today.

These data protection laws hold companies, marketers, and salespeople morally responsible for their actions. But what exactly do they expect companies to do to be compliant with their demands?

Here’s our guide on how your company—specifically your marketing team—can be privacy law compliant.

Is Your Company in Violation of Global Privacy Laws?

In order to implement changes that will make your marketing and sales privacy law-compliant, you’ll need to first understand what data protection laws expect you to do differently. Here’s a list of all the major privacy laws that have been passed in recent times, their implications, and the key compliance demands highlighted in their documentation.

While there are some recurring themes across all data protection laws, it’s very difficult to distill the broad talking points into just a few short sentences. However, the section below enlists all the essential things you need to know to get started. Note that some of these might not apply to you based on the nature of your product, service, or company, and where your company, target audience, prospects, or customers are located. 

Your company might be in violation of privacy laws if

#1 You don’t follow best practices when it comes to collecting or processing data and personally identifiable information like names, addresses, emails, or phone numbers. This includes:

  • Processing the consumer’s data when they don’t have legitimate interest in your product, company, or service
  • Not informing the consumer of your intentions for processing their data at or before the point of data collection
  • Collecting emails without explicitly explaining what the information they are providing will be used for using checkboxes or other means
  • Not informing the consumer if you process their data to make automated decisions
  • Not obtaining parental consent prior to collection, use, and/or disclosure of the personal information from children under the age of 13 (COPPA)

#2 You don’t have a privacy law-compliant method to store and retrieve information about prospects and users. This includes:

  • Using cookies to store personal data other than what is absolutely necessary without their consent
  • You are using software or vendors that aren’t privacy-law compliant to store, process, and retrieve information about users

#3 You don’t have a privacy-law compliant Privacy Policy document in place. Scenarios include:

  • It isn’t easy for users to find the information that they’re looking for to give informed, meaningful consent in your privacy policy page/document
  • Critical information on what data is collected, how it’s collected, why it’s being collected/shared, and who it is shared with isn’t available in your privacy policy page/document
  • Your users aren’t explicitly informed about their 8 rights (GDPR)

#4 You haven’t followed administrative protocol mentioned in the privacy law documentation, for example:

  • You don’t give users the right to access, edit, rectify, or erase/remove/delete their information
  • You haven’t appointed or hired a Data Protection Officer (DPO) (doesn’t apply to all companies, read this post to see if you are required to hire one)
  • You haven’t performed a Data Protection Impact Assessment (DPIA) exercise (only applies if you meet this criteria)

#5 You are a vendor and you don’t have a Do Not Sell My Personal Information (DNSMPI) page (CCPA)

Important Note: While this includes most of the major things your company needs to be privacy law compliant, this does not constitute legal advice. If you’re working on being compliant with GDPR or other privacy laws, please work with data privacy, legal, and auditing teams to get the job done. Here is a blog post that will help keep you up to date on the newest data protection regulations. We will continue to regularly update this document to include the latest updates in privacy laws.

Privacy Law Compliance: Marketing Best Practices

Now that you know what privacy laws expect you to do, here are some of the best practices you should absolutely follow to be privacy law compliant.

#1 Review Your Website Forms

Privacy laws demand that you have a lawful basis for processing a user’s data, and that consumers must give you consent explicitly and freely when you collect their information for a specific purpose (e.g. product demos) or offer a non-essential service to them (e.g. sending marketing emails and newsletters).

In order to do this, you need to have non-pre-checked checkboxes under your forms that allow the user to express their consent for you to process their information.


Use plain english to indicate what the users will be signing up for by checking the boxes, and always give them the option to choose their preferences before collecting their personal information. Keep terms and conditions/privacy policy checkboxes separate from consent request checkboxes to ensure that you obtain explicit permission from your users.

#2 Provide Unsubscribe and Opt-Out Options

Canada’s Anti-Spam Legislation and US’ CAN-SPAM requires companies to opt out of receiving commercial or marketing emails. Always have an Unsubscribe and/or Edit Preferences button attached to your marketing emails so it’s easy for people to withdraw consent if they want to.

Email marketing and marketing automation software like HubSpot or MailChimp allow you to automatically append this to marketing emails, and in some cases even make it a non-removable element.

#3 Maintain Proof of Consent

Recording when each user (or their parent, in the case of COPPA) has given you consent to store, process, and use their information is a good practice that you should absolutely follow. Failure to do so might result in you and your company finding yourselves in a sticky situation when asked to demonstrate when, where, and how you’ve stored and processed the consent given to you by your users.

Companies like iubenda can help you do this effectively.

#4 Create Comprehensive Cookie Notices


As you might know already, cookies are files that are stored on a user’s computer to track and collect information on user behavior and actions. There are several different types of web cookies, you can read more about them in this post.

Most marketing software use cookies, and if you are dropping cookies in your users’ computers, then you’ll need explicit permission from your users to store your cookie to be privacy law-compliant. This is typically accomplished by displaying a cookie pop-up on your website. Under the new laws, especially GDPR, it’s important to have a detailed cookie policy that explains the type of cookies you use, why you are using it, and with whom you are sharing the cookie data.

There are several websites that allow you to generate a cookie policy document that’s customized for your website.

#5 Choose Privacy-Conscious Vendors and Software

One aspect of privacy-compliance that’s often overlooked is choosing vendors and software that’s also privacy-law compliant, like Slintel. Marketing Operations and Sales teams typically use various software, and it’s imperative that you choose the right providers if you want to improve privacy compliance in your company.

#6 Set Up Double Opt-Ins

While double opt-ins are not required by law, having it set up is a good practice that will help you spot valid and responsive subscribers much early on. A double opt-in is when you send a user an email asking them to confirm or verify their subscription. While not mandatory, double opt-ins help you remove junk/spam addresses from your database, and also ensures that you build a mailing list that has above average open and click rates. 

Other Important Notes

While the points mentioned above are the best practices that Marketing teams should follow to maintain data privacy in marketing, there are several other actions that companies need to take to become truly privacy law-compliant. Some of the key things are to:

  • Create Privacy Policy, EULA, and T&C documents that are in accordance with the expectations of data privacy laws
  • Ensuring that the users are able to reach out to you to request that their information be edited/removed from your database
  • Having an audit done to ensure that you’ve covered all your bases

Don’t Risk It!

If doing this seems like it’s too much of a hassle, then let us remind you that failure to comply is a bad idea and is not worth the risk. Though the number of companies that are reprimanded for not being privacy law-compliant is fairly low, getting caught can mean a temporary/definitive ban on data processing and a fine of up to €20 million or 4% of your business’ total annual worldwide turnover (GDPR) or some other such crippling fine along those lines. 

Make sure you follow these best practices to maintain the data privacy of your customers in your marketing!

Footnotes: Implications of Major Privacy and Data Protection Laws in 2021

Below is a list of all major privacy and data protection laws that are in existence as of March 2021, and the highlights on the implications of these laws and what’s required to comply with them.

Harsha Annadurai

Harsha Annadurai

Harsha Annadurai handles Content and Product Marketing at Slintel. He has over three years of experience working in B2B SaaS Marketing and believes that failing fast, adapting quickly, and finding linearly scalable strategies is the key to a company’s success. He’s an obsessive music, gastronomy, and sneakers enthusiast.

Add comment