Privacy law feels intimidating, but most of the anxiety comes from confusion about what these laws actually regulate. This lesson gives you the practical foundation you need — without a law degree.
GDPR (General Data Protection Regulation) applies to any organization processing personal data of EU residents, regardless of where that organization is based. Key obligations: lawful basis for processing, privacy notice, data subject rights, and (in some cases) consent.
CCPA (California Consumer Privacy Act) applies to businesses collecting personal information of California residents that meet certain thresholds. Key obligations: right to know, right to delete, right to opt out of data sale, and non-discrimination for exercising rights.
PECR (Privacy and Electronic Communications Regulations, UK) governs cookies and electronic communications. More specific than GDPR on consent requirements for tracking technologies.
GDPR and CCPA primarily regulate personal data — information relating to an identified or identifiable natural person. A company name, domain, and firmographic attributes are generally not personal data under these regulations. An individual's name, email address, and browsing behavior are personal data.
This distinction matters enormously for visitor intelligence. In the next lesson, we'll explore exactly where company-level identification sits in this framework — and where the lines are.
Under GDPR, you need a lawful basis to process personal data. The most relevant bases for B2B are: legitimate interests (processing is necessary for a legitimate business purpose that isn't overridden by the individual's rights) and consent (the individual explicitly agreed). For B2B marketing to business decision-makers, legitimate interests is the most commonly applicable basis — though it requires a documented assessment.
For most B2B companies using visitor intelligence to identify companies (not individuals), the compliance requirements are manageable: a clear privacy policy, appropriate cookie consent, and documented data retention policies. We'll cover each in detail in this course.