The European Union’s General Data Protection Regulation took effect Friday, May 25. Although mostly viewed as setting data privacy requirements for retailers selling to individual consumers, it also affects manufacturers and distributors.

The GDPR—the European Union’s General Data Protection Regulation—requires all businesses that handle personal data for citizens of the EU’s 28 member countries to follow guidelines on how they collect, use and store that information.

Many B2B practices that collect and process consumer data must change.
Forrester Research Inc.

Although the GDPR is mostly viewed as setting requirements for retailers selling to individual consumers, it also pertains to manufacturers and distributors, experts say.

“Business consumers are protected GDPR data subjects, and many B2B practices that collect and process their data must change,” Forrester Research Inc. says in the March 2018 report, “The GDPR and the B2B Marketer,” by analysts Lori Wizdo and Matthew Camuso. “Although the law is often ambiguous and the degree of its enforcement remains unknown, the cost of noncompliance is severe. So B2B marketers must be aware and prepare.”

Businesses found to be in noncompliance with the GDPR face fines of up to 20 million euros (US$24.7 million) or up to 4% of their annual revenue, whichever figure is larger.

The complex nature of B2B e-commerce sites and digital supply chains result in various ways a business buyer may reveal personal information. While procurement managers often place online orders using corporate accounts and corporate credit cards, engineers and other professionals often place their own purchases using personal payment accounts. Moreover, it’s not just personal credit cards that are considered personal data under the GDPR.


“Many B2B marketers do not think that a corporate email address or telephone number is personal data,” Forrester says in its report. “But such contact information is personal data under the regulations. In fact, under the GDPR, personal data can now include online identifiers such as IP addresses and mobile device IDs.”

In a survey it conducted in January of 66 B2B marketers—“Global B2B Online Marketing GDPR Impact Online Survey” —Forrester found that only 15% of businesses said they were “fully compliant.” Another 62% said they were either partially compliant or expecting to be compliant within 12 months. The rest said they were either unfamiliar with the GDPR, unsure of their progress, or that the GDPR was not applicable to them.


Lori Wizdo, principal analyst, Forrester Research

Wizdo, however, encourages B2B companies to take a proactive approach to GDPR compliance regardless how much they’re concerned about its enforcement. “Firms in the vanguard are viewing the regulation as an opportunity to improve their data governance and adapt to the demands of their customers,” she says in a blog on the GDPR. “These B2B marketers are moving beyond the fear and confusion phase of GDPR compliance and rocketing toward the benefits of GDPR compliance.”


In other words, comply with the GDPR because it will result in stronger ties with customers, who expect sellers to protect their personal information.

“In its zeal to protect the individual, the legislation is challenging marketers to review their data collection and user practices,” Wizdo writes in her blog, adding: “Seize the opportunity to master customer data. And view GDPR as an opportunity to raise the standard on quality engagement” with customers.

Sign up for a complimentary subscription to B2BecNews, a twice-weekly newsletter that covers technology and business trends in the growing B2B e-commerce industry. B2BecNews is published by Vertical Web Media LLC, which also publishes, Internet Retailer and Internet Health Management. Follow B2BecNews editor Paul Demery on Twitter @pdemery.

Follow us on LinkedIn and be the first to know when new B2BecNews content is published.