Privacy Law Basics for B2B

Visitor intelligence tools identify companies visiting your website. Before you deploy one, you need a working understanding of the privacy laws that govern what you can collect, store, and act on — because "it's just IP addresses" is not a legal defense.

The Core Regulations You Need to Know

GDPR (EU), CCPA/CPRA (California), PECR (UK), and PIPEDA (Canada) are the four frameworks most likely to affect your operations. Each has different scopes, thresholds, and penalties. GDPR is the most stringent: it applies to any company that processes data about EU residents, regardless of where you're headquartered. Violations can result in fines up to 4% of global annual revenue.

B2B vs B2C: The Key Distinction

Most visitor intelligence use cases operate in a gray zone. You're identifying companies, not individuals. IP addresses are generally considered business data when associated with a corporate network — not personal data. However, sole traders, remote workers, and small businesses complicate this. A rule of thumb: company-level identification is lower risk; individual-level tracking requires stronger legal basis.

What Lawful Basis Means for You

Under GDPR, you need a lawful basis to process data. For B2B visitor intelligence, "legitimate interests" is the most commonly used basis — but it requires a genuine balancing test showing your interests don't override the rights of individuals. Documenting this assessment is not optional; it's your primary defense in an audit.

Course Overview

Over 9 lessons you'll build a compliance framework for your visitor intelligence program: consent banners, data retention policies, DSAR handling, PIAs, team training, and audit preparation. By the end you'll be able to run a defensible, audit-ready program.