GDPR lawful data processing – why is insight so important? [Here’s Why]

GDPR lawful data processing – why is insight so important? Here’s why…

As the GDPR (General Data Protection Regulations) draw ever closer the rules around consent, and legitimate interest may feel like the proverbial elephant in the room.

The impact of GDPR on B2B activities has been hotly debated, as have the six key principles for lawful data processing.

These principles may be appropriate at different times, depending on the nature of the data flow, and the purpose of the sales activity you’re undertaking. The ICO (Information Commissioners Office) encourages companies to choose the principle that best applies to their needs – the six principles are follows:

  1. If the data subject has given consent
  2. If processing is necessary for the performance of a contract
  3. If processing is necessary for compliance of legal obligation
  4. If processing is necessary in order to protect vital interests
  5. If processing is necessary for the performance of a task
  6. If processing is necessary for the purposes of legitimate interest

Let’s look at each principle in turn, and pull out exactly why insight is vital to successfully achieving lawful data processing post-GDPR.


Consent is the most commonly known and practiced lawful data processing principle used by sales currently, but the new GDPR guidelines have much more rigid rules surrounding consent – the most notable of which is the “opt-in” process.

This cannot be ambiguous. For example, a customer that previously downloaded a white paper or ticked the box to receive further information after a webinar or conference cannot be assumed to have “opted-in”. Opt-in must be a separate, individual and “granular” process, and there must be a clear way to withdraw opt-in.

Out-reach campaigns are one of the key ways to attract new customers, and whilst multi-channel out-reach is essentially unaffected by GDPR when the target is business (corporate) subscribers, the all-important customer value rules also haven’t changed – customers are still put off by mass broadcasts.

Post-GDPR it is more important than ever that campaigns are relevant, appropriate and personalised if you don’t want customers to click that opt-out button and limit future opportunities to engage.

I recently listened to a webinar by Aberdeen Asset Management on optimising the customer journey with data-driven insight, and it was made abundantly clear that businesses utilising data (both structured and unstructured) effectively i.e. not just capturing data but converting it into actionable insights that inform customer outreach, are greatly enhancing segmentation and message delivery, and as a result are achieving superior results from outreach campaigns.

If you choose to select consent as your chosen path to GDPR compliance, then you will need a constant supply of relevant and validated insights from both structured and unstructured data sources across the internet, news and social media, that will inform all sales activities and ensure they are personalised, relevant, appropriate and deliver value in order to gain ongoing opt-in.

Performance of a Contract

This is perhaps one of the most obvious lawful data processing principles. Indeed your customers are likely to reasonably expect, and indeed welcome, the processing of data in this context. So why do you need to improve data/insight capture in the context of performing a contract? Well several reasons spring to mind.

Customer experience has been hailed as the most important aspect in both new customer generation and customer retention. Post-GDPR, data holds the key to enhancing customer relationships and experiences.

Aberdeen Asset Management reports that businesses using data to enhance customer journeys can achieve a 2.6x improvement in customer satisfaction revenue, and importantly a 21.3% improvement in their ability to handle customer issues and needs.

Insight delivers more means and opportunities to engage, and therefore superior results for customers throughout the lifecycle of a contract, which according to Aberdeen can deliver a 7.3 % uplift in customer retention.

Secondly, customer dynamics. Consumer behaviour and attitudes continue to evolve at an astonishing rate, and in often-unpredictable ways. Post-GDPR it can be easy to assume that by solely relying on data held within your own CRM solution, you can be more confident that you’re meeting the regulations.

But if you only use first-hand data you will never achieve that complete 360 degree view of the customer. Attitudes, sentiments, expectations, needs and pain points change continuously, and you need to stay on top of them if you want to achieve superior results throughout the lifetime of a contract. Sellers must be armed with the right information at the right time.

I recently heard a great example about Dell; their 22,000+ sales reps had been using a well-established CRM application for some time, but by augmenting it with insight to delve deeper into customer dynamics they were able to interact with customers in a more contextually aware, timely, and relevant manner – the result was vastly improved revenue.

Thirdly, prediction. Harnessing the power of predictive analytics and machine learning to determine in advance what a customer needs, and what product or service will have the greatest impact, opens up the opportunity to not only make decisions quicker and perform tasks faster, but to understand where the customer journey will go next.

Furthermore, utilising machine learning will enable the construction of predictive models of buying behaviours. As a result sellers will know the actions they can take in order to deliver superior results throughout the lifecycle of a contract, helping to avoid making mistakes and never missing an opportunity – in essence to never leaving a customer wanting.

I turn again to Aberdeen Asset Management, their recent study concluded that 63% of best in class CX organisations are using predictive analytics, and 52% are creating models of customer behaviour and mapping customer journeys.

Finally, uncovering new opportunities to add value. But post-GDPR, when your CRM database has potentially shrunk by up to 60% overnight, cultivating your current customer base through upselling and cross-selling will perhaps offer the truest opportunity to drive efficient and sustainable long-term B2B sales success.

Successful upselling and cross-selling must be based on a deep understanding of customers’ needs – nothing will turn a customer off quicker than offering them irrelevant products or services.

Upselling and cross-selling are great customer success tactics that can help you to build deeper mutually-beneficial relationships with customers – the customer gets more value and excellent customer experience, and you get more revenue and better customer retention rates.

Pulling out actionable insights, i.e. those that improve real-time understanding of the customer and what’s driving them at any given moment, can make a big difference to upselling and cross-selling success, and optimise the customer journey.

Using analytics can deliver a 39x improvement in customer lifetime value according to Aberdeen Asset Management.

Of course there are more examples I can give, but I think it is clear from these that if you choose this path you need to walk it with insight.

Compliance of legal obligation

Under GDPR, you should select this route if you consider the processing of data is necessary for you to comply with the law. We operate in times where crime (particularly financial and cyber-crime) are constant threats to every business, and organisations are becoming more heavily governed by regulation.

Sellers and relationship managers therefore need the ability to make informed decisions faster. In order to do so they must be able to detect loopholes, hidden relationships, identify risks, uncover threats in real-time, and highlight erroneous behaviour, in order to proactively manage their portfolio. Data and insight offer the best solution.

Take financial services for example. Fraud detection is one of the fields which has received a massive boost in providing accurate and superior results with the intervention of Artificial Intelligence (AI).

Likewise, the detection of money laundering. Most of the major banks across the globe are shifting from rule-based software systems to AI-based systems which are more robust and capable of spotting money laundering patterns.

Running analytics over a huge data sets to identify patterns of nefarious behaviour within a customer base means businesses are better able to protect customers and their own operations.

If compliance of legal obligation is the path you choose for lawful data processing, then the ability to mine multiple data sources and extract real-time insights is essential.

To my mind harnessing data promotes a risk-based approach to sales, helping you protect both your customers and your business by identifying risks as early as possible and take appropriate safeguards.

Protecting vital interests

So at first glance this seems the most unlikely path for a B2B seller seeking to achieve GDPR compliance – under the definition of lawful processing this principle should essentially be used to protect someone’s life.

But let’s take a slightly broader view, as it’s a great example of the power of insight-driven seller behaviour.Protecting the vital interests of your customers is a key part of relationship management.

Tracking real-time changes in the customer world (such as market change, legislative developments and financial and compliance issues) affords you the opportunity help them solve problems, ones that perhaps they are not even aware of yet. In doing so you can protect their vital interests and strengthen your relationship as a partner they can trust.

To give a practical example, one of our users, working for a leading insurance organisation, picked up a piece of news about a huge uptick in annual turnover with one of their existing clients – great news for the client, but the user quickly realised that it could negatively affect their current policy arrangements.

The customer risked unwittingly exposing themselves by not informing their insurer about this significant change in circumstance.

By picking up this insight quickly and acting on it the user was able to address the situation, ensuring they remained adequately covered, and prevented a possible claim situation.

Of course I am not trying to re-write the guidelines here, and in reality you’re unlikely to be in a position where you need to protect a customer’s life. But this is a great example of why monitoring customer changes and developments across news, social and corporate data channels will never leave you caught on the back foot.

Insight is an enabler to ensuring you’re always operating in the best interests of your customers at all times.

Performance of a task

The obvious example that springs to mind here is prospecting – an everyday task performed by the B2B seller but perhaps the toughest to undertake.

At first glance GDPR appears to comprehensively change the way sellers can generate and pursue leads. But look again. As I mentioned previously the rules are slightly different when the contact information you are collecting is that of corporate subscribers.

Likewise GDPR doesn’t prevent you from finding and connecting with potential customers on social media platforms such as LinkedIn.

That being said, buyers will not take kindly to cold prospecting emails, cold calls, unwanted connection requests, or unsolicited pitches – you need to tread more carefully.

The principle of providing value before asking for something has never held more importance – an accepted connection request doesn’t guarantee that a prospect is going to be interested in engaging with you, and an InMail, if used incorrectly, could still be considered spam and get quickly cast aside, running the risk of you being branded a nuisance and limiting the chances of developing a genuine relationship.

According to Celerity, some 42% of B2B sellers believe that a lack of quality data is the single biggest barrier to lead generation. No matter what task you’re performing, value is the key.

In terms of the prospecting example, you need to demonstrate to potential customers that you’re worthy of their attention – that you’re not simply sending them a connection request, direct mail or InMail, but instead an icebreaker that contains a valuable nugget of insight, and demonstrates that there’s value to be gained by engaging with you.

Having a constant supply of relevant and validated insights from both structured and unstructured data sources across the internet, news and social media ensures that every contact with a prospect is done so in a contextualised and personalised manner, meaning the seller can prospect and perform tasks with confidence.

Legitimate Interest

I have left this one until last, but it is perhaps the most important principle for the B2B seller. The most flexible of the six lawful data processing principles, GDPR legitimate interest is not focussed on a particular purpose, and therefore gives you the scope to potentially rely on it in many different circumstances.

However, if you choose this path to compliance then you must demonstrate that the way you use data is proportionate, has minimal impact, and would not come a surprise to the data subject.

In this case we talking about customers or prospects in a B2B environment, therefore it should be pretty straightforward as they are more likely to reasonably expect the lawful processing of data in a business context.

Legitimate interests might be your own businesses, or those of the customer/prospect, or a combination of the two. ICO legitimate interest guidance says that legitimate interests may be the most appropriate basis in the following circumstances:

  • When data processing is not required by law but is of a clear benefit to you or others
  • When there’s a limited privacy impact on the individual
  • When the individual should reasonably expect you to use their data in that way
  • When you cannot, or do not want to, give the individual full upfront control (i.e. consent) or bother them with disruptive consent requests when they are unlikely to reasonably object to the processing.

That said, you need to avoid presumption of needs, pain points, benefits and value, and instead always act in an insight-driven manner if you are to be able to adequately explain your reasons for processing data based on the principle of legitimate interest.

To give three legitimate interest examples:

  1. To ensure sales approaches are relevant and tailored
  2. To personalise services and improve communications/engagements, to the benefit of customers and prospects
  3. To determine the effectiveness of sales strategies and campaigns.

On a general basis, if you are communicating with the right stakeholder(s) about a product or service that they might genuinely have a need for, then you should be covered.

Having a constant supply of real-time, up-to date and validated insights is the key to ensuring that data processing for the purposes of legitimate interest is handled correctly.

But GDPR reinforces the importance of using reputable third party business intelligence sources that are not only compliant with the regulations, but can also demonstrate consistent data capture across multiple channels and best practice in terms of data quality and validation.

As the Chartered Institute if Marketing so correctly points out; “now is the ideal time to invest in new data analytics tools – perhaps even those with predictive analysis and artificial intelligence (AI).

By populating these tools with only the most important, useful and legally compliant data, organisations will be able to operate in a far smarter manner than anything that has gone before”

To conclude. GDPR will herald a new era, a more transparent data economy.

GDPR reinforces the importance of building strong, sustainable relationships with customers, and that with less data to use you will need to be smarter about how and where you capture data from. Data must be up-to-date in order to assist with lawful data processing and the demonstration of legitimate interest.

Finally, data offers the ability to uncover new opportunities in order to show the customer that you understand their evolving needs, can deliver value, and nurture relationships in a way that guarantees continued consent to sales efforts. 

So how can Artesian help?

Here’s how you can use insight generated by Artesian throughout the customer lifecycle:

Top of the funnel:

  • Build lists of prospect companies with the right corporate profile
  • Listen for ‘sales triggers’ – leading indicators of a need for your product or service
  • Use advanced search or Lead Builder to identify the best people to talk to.

During the sales cycle:

  • Receive updates when you want them, with your choice of filters
  • Utilise engagement templates to make insights easy to share
  • Before you contact a company, check out their company dashboard to see News, Social Media, Company Data, People, Market Info, and more
  • Access insights relating to your upcoming meetings on your mobile device
  • Watch out for people posting content or changing roles
  • Monitor for risk and compliance triggers

Post-Sales (servicing and account management) as above, plus:

  • Maintain focus on the most relevant information (e.g. only ask for risk or relationship triggers, to keep the relationship warm and flag any potential concerns)
  • Be alerted to upselling and cross-selling opportunities e.g. expansion, mergers, financial results and more
  • Watch out for new joiners or people moving on.

To find out more about the sales landscape post-GDPR, download our eBook here.