Quel est l’impact du RGPD sur le marketing B2B et B2C ?

▷ What is the impact of GDPR on B2B and B2C marketing?



Today, the protection of personal data has become a real challenge for companies with the entry into force of the GDPR on May 25, 2018. Thus, the processing of personal data is more strictly regulated. You must therefore now take this into account when prospecting in order to avoid the sanctions applied by the CNIL. Let’s do a check in…

Consent, one of the main bases of the GDPR

As part of the development of its activities, a company must collect the personal data of its customers or prospects in order to implement their prospecting strategies. The process used is the same whether in the context of B2C or B2B marketing. Marketers may not collect or use personal data without the consent of their owners. This is one of the 6 legal bases of the GDPR.

Training Creation and development of a training activity

This provision is stipulated therein by Articles 4 and 7, which is already mentioned in the Data Protection Act of 1978 and updated in 2004. Consent allows the individuals to whom it relates tohave control over their data.

They have the right to know what the data that has been collected by a given company will be used for. They can decide to refuse this use if they judge that it could possibly harm them. They can also accept of their own free will, with full knowledge of the facts.

Finally, whether they accepted or refused, they are entitled to change their minds. Whether B2C or B2B, the GDPR requires companies to clearly specify and authenticate their identities, and to make an objection form available to customers who no longer wish to receive these emails, which they often consider invasive. Said form must contain a link allowing them to unsubscribe or unsubscribe.

Opt-in in B2C

Differences may appear between B2B and B2C companies in terms of consent.

In the context of consumer Business marketing (B2C) where commercial exchanges are carried out between companies and individuals, opt-in is essential. The consent of the recipient must be obtained before any form of advertising prospecting. The agreement should be clearly stated. He agrees to receive digital advertisements, newsletters of all kinds via his email, or his telephone number among others.

If the company wants to transfer the data it has to other partner companies, the customer must also give its consent. However, two exceptions must be taken into account. Consent is not mandatory for people who are the subject of prospecting and who have already made purchases from the company. This is valid if the products offered to him are the same as those previously purchased.

Opt-out in B2B

B2B marketing refers to commercial exchanges between two companies. In this caseconsent is not required, and the opt-out principle is applied. In this context, the sending of commercial emails will not require authorization from the recipient.

However, it is imperative that the latter be informed of the commercial use that will be made of his email address. In addition, the products or services that are the subject of digital marketing must be related to the professional activities of the individual contacted.

The rights of the individual in relation to the use of data

In addition to consent, the protection of personal data is the same for all residents of the European Union. This is why the transfer of data to the United States can be problematic, as laws may vary from country to country outside of Europe. Individuals whose personal data has been collected by a given company can now exercise their rights, as already mentioned in Directive 95/46/EC, repealed in 2018 when the GDPR entered into force:

  • This is the possibility, for those whose personal data has been collected for commercial purposes, to retrieve it at any time;
  • He has the right to be forgotten. This consists of asking the data controller to remove private information that could harm him from the World Wide Web;
  • The customer also has the right of opposition, which means that he can refuse the use of his data by a company or by any organization, if the objective is not for commercial purposes. The opposition must be justified. However, if the use made of it falls within the framework of commercial prospecting, the right of opposition may apply without reason;
  • When the data collected is used, it may be subject to errors. The individuals concerned can then exercise their right to rectification. This right can also intervene when it is necessary to update the personal information or when these are prohibited from collection or conservation.

The obligations of companies on the use of personal data collected

Companies that collect personal data whether through free access directories, through forms knowingly completed by the Internet user when subscribing to a newsletter, or when requesting a quote for work for example. The collection can be done through the searches he carries out or according to the sites he visits.

Marketing strategies are developed from this information from the publications of Internet users, their centers of interest. Regardless of how this data was obtained, companies are required to enter it in a well-detailed register so that it can be traced and identified later.

Whether in B2B or B2C, in addition to keeping a register, marketers should specify how long data is retained. No legal duration is fixed. But when the objectives defined by the marketing strategy implemented are achieved, the personal data recorded by the company must be deleted, anonymized or pseudonymized so that they can no longer be identified. All security measures must be put in place to prevent leaks or illicit use.

The GDPR emphasizes three elements in order to optimize the protection of user data.

  • Data controllers must ensure that only the data inherent to the products/services are collected.
  • In addition, it is imperative to specify to customers the use that will be made of it. Some companies hold sensitive data that may impact a person’s individual rights and freedoms. They involve the application of a data protection impact assessment. It is mandatory in the context of the processing of health data including the collection of sensitive data relating to so-called vulnerable people.
  • It is also required when the data collected is used to draw up the profile of people likely to be recruited for a job, or when it is intended for monitoring said people once employed. It can also be if the data is used for profiling, as is often the case for personalization processing of digital advertisements.


In conclusion, the GDPR changes the way marketing works, whether in B2B or B2C. To avoid being penalized, a company and its partners must comply with the regulations.

Leave a Comment

Your email address will not be published. Required fields are marked *