<img alt="" src="http://www.lansrv070.com/88236.png" style="display:none;">


Don’t be frightened by the GDPR Fearmongers!

Posted by Jon Clarke on Thu, May 17, 2018


One who spreads the idealogy of fear through propoganda to fulfill a concealed agenda. Similar to a terrorist, but it fights with information and not direct violence. Politicians, media personas, and internet posters can all be fearmongers.

It sounds harsh, but in my humble opinion. I feel that the mountains of so called experts that have been pedalling fear for the past 12 months around the threat of GDPR, all need to take a long hard look at themselves!

Why? Well, for some time now these doom merchants have at best inferred, and at their very worst have advised B2B Marketers that GDPR will mean you have to obtain consent for all customers and future customers before they can communicate with them.

Consent Image

During the past 12 months, with the threat of the long, dark winter on the horizon. I attended many events where GDPR was on the agenda. This was no surprise, as the fear and tension across the faces of many within the B2B Marketing community was palpable. One event in London in particular springs to mind. The organisers had arranged for a keynote presentation from a member of a very prominent B2B Marketing organisation and a ‘specialist law firm’ (I will resist the urge to name names!). During their presentation, they made it clear that you will not be able to communicate with your customers come May 25th 2018 without firstly obtaining consent.

The audience, made up of nearly 50 B2B Marketing Agency and Client practitioners resembled a, whatever the collective noun for a group of rabbits staring into the headlights is. I attempted to interject and offer a different point of view, in that it is possible to consider legitimate interest as a method for compliance. Whilst there were a few puzzled expressions and the odd muted acknowledgement of this perspective. It was clear that the preaching of fear was the agenda of the day. I believe that high profile and credible people or organisations have a duty of care to get the facts straight, facilitate a balanced debate and if not sure, wait until the dust settles.


I was convinced that there was a different option on the table. Not because I wanted to initiate a self-interested, school playground argument. It was because, I had spent a significant amount of time researching what GDPR meant for B2B Marketing and Sales. This included engaging with many different experts in the industry. I have referenced some of them within this blog. We even spoke with the ICO to obtain a regulators perspective.

The final step we undertook was to engage with a specialist law firm with a practice focused entirely on the Marketing and Advertising sector. They have a deep understanding of GDPR. Furthermore, they have invested heavily into understanding what GDPR really means, how best to interpret the rules and build a risk management profile. Most importantly, we established that consent is not the only method for compliance. This is when I first came across ‘legitimate interest’.

To find out more, I would highly recommend you read; GDPR countdown – six degrees of separation from the truth about consent?

The exercise was enlightening, and at odds with the tsunami of doom that was washing around us all at the time. Even the ICO had been offering an alternative to consent, The consent is not the silver bullet for compliance blog from the ICO makes this clear.

Once we have concluded our research and engaged with our law firm. Our lawyers undertook a Privacy Impact Assessment (PIA). This involved a review of how our Customer Behaviour Platform captures and uses behavioural data.


Nexus captures behavioural data from our many different sources. The methods of capture were audited and an assessment of the type of data we obtain and what we do with it, formed part of the audit. This took form as part of a balance test to measure the impact of any invasion of individual privacy, versus the right to process data under legitimate interest as a method of compliance with GDPR.

The GDPR sets out rules relating to the protection of natural persons with regard to the processing of personal data. Under GDPR, "personal data" is defined as "any information relating to an identified or identifiable natural person”. Further, “an identifiable natural person” is defined as “one who can be identified, directly or indirectly.

GDPR provides allowances for tracking online behaviour at Recital 26 that "the principles of data protection should therefore not apply to anonymous information, namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable”.  An individual must not be individual by “singling out” that person, directly or indirectly.

Our lawyers concluded that the Nexus Companies Database:

It is our understanding that anonymised data is stripped of any identifiable information before being made available to Cyance. Cyance derive behaviour insights that are aggregated up to organisations and not on discreet individuals, using their Companies Data. Further, the data used by Cyance cannot be combined with any data (whether held by Cyance or otherwise) to enable the identification or singling out of an individual. 

We would, therefore, consider that Nexus Companies Data does not fall within the GDPR definition of personal data. An individual is not (directly or indirectly) identifiable by the Companies Data and cannot be singled out.

This process helped us to validate that our platform was GDPR compliant. Furthermore we were told by our lawyers that Nexus tracks the online behaviour of organisations, our customers want to market and sell to. By establishing their relevant needs and interests. Our customers can establish which organisations to target, when to message them and what content or offer is most likely to be relevant to them. This invaluable and actionable insight means our customers can avoid spamming their customers with irrelevant or poorly timed messages, and instead target active audiences with laser precision. This supports one of the fundamental objectives of GDPR. 

We also needed to grow our own business, which relied upon our ability to communicate, engage and sell to new customers. Obtaining consent before we did this, would at best slow us down and more likely mean we would be out of business. By using Nexus to establish who to target, based upon account-level buying behaviour. We not only transformed the volume of leads and sales, but we did so with the knowledge that we were GDPR compliant too.


Posted on Thu, May 17, 2018