Why GDPR-compliant visitor identification is essential
Let’s be clear: 98% of your website visitors remain unidentified if you don’t use an identification tool. Google Analytics shows how many sessions take place, but not which companies are behind them. That’s the difference between “traffic” and “pipeline”.
GDPR compliance isn’t optional, it’s mandatory. Incorrect tracking leads to fines of €20 million or 4% of annual turnover. Data protection authorities actively monitor and enforce a zero-tolerance policy when collecting personal data without a lawful basis.
Business-level identification falls under legitimate interest (Article 6(1)(f) GDPR). You may identify companies without consent, provided you’re transparent and only collect business data. Leadinfo identifies companies without cookies, fingerprinting, or personal data. This keeps you within GDPR boundaries.
The GDPR checklist for visitor identification
How do you know if your tool works GDPR-proof? Use these six checks:
Check 1: No cookies or tracking pixels for identification
Cookies require consent under the ePrivacy Directive. If your tool uses cookies, a cookie banner is mandatory. You cannot place cookies without visitor consent. Cookieless technology eliminates this complexity entirely.
Check 2: Collect business data only
GDPR-proof means: company name, sector, revenue, locations. No names, email addresses, or individual IPs. Tools that collect personal data fall under a different legal basis and require consent.
Check 3: EU-only hosting mandatory
Schrems II (2020) prohibits data transfers to the US. American servers don’t comply with European privacy standards. Verify that your tool hosts data exclusively in EU data centres. Leadinfo operates with servers in Ireland and Frankfurt.
Check 4: Transparency in privacy policy
You must inform visitors about data processing. State in your privacy policy that you apply company-level identification via an external tool. Link to your provider’s privacy policy.
Check 5: Opt-out option for companies
Companies must be able to unsubscribe. Leadinfo offers an opt-out page where companies are removed from the system within 48 hours. This isn’t a legal requirement, but it is best practice.
Check 6: ISO 27001 certification for data security
ISO 27001 is the international standard for information security. An annual audit by an independent party (such as LRQA) proves the provider takes security seriously. Without this certification, you face additional risk in case of a data breach.
How Leadinfo identifies 100% GDPR-proof
Leadinfo has been developed from the ground up as a cookieless platform. Identification takes place via IP ranges and ASN mapping at company level. This way you know which companies visit your website, without ever processing personal data.
The technology works as follows: each company has its own IP range linked to their network. Leadinfo recognises these ranges and links them to a database of ±220 million European company profiles. The result: you see company name, sector, revenue, number of employees, and which pages they viewed. Never names, emails, or individual behaviour.
Hosting takes place in EU data centres: Ireland (primary) and Frankfurt (backup). No data transfer occurs to the US or other countries outside the European Economic Area. This makes Leadinfo Schrems II-compliant.
Leadinfo is ISO 27001:2022 certified. LRQA conducts an annual independent audit. This guarantees that all processes around data security, access control, and incident management meet the highest standard.
Case study: From unidentified traffic to qualified leads
A Dutch SaaS scale-up gained insight into 35-40% of their B2B traffic with Leadinfo. Previously, they only knew that 2,000+ sessions took place per month, but not which companies showed interest.
After implementation, they immediately saw which ICP accounts visited their product pages. Via direct CRM integration with HubSpot, these companies were automatically created as leads within 5 minutes. The sales team received real-time Slack notifications as soon as a target account returned.
The result: ICP matching increased sales efficiency by 40%. Instead of cold outreach, the team focused on companies that already showed interest. All data remained in the EU, fully GDPR-compliant. No cookie banner, no legal risk.
The most important checks summarised
Business data only means no personal level
Company name, sector, revenue are permitted. Names, emails, individual IPs are not. This distinction is legally crucial.
EU hosting makes you Schrems II-proof
American servers don’t comply with European privacy legislation. Always verify where the data is stored.
ISO 27001 is the security standard
An independent audit proves the provider takes information security seriously. Without this certification, you face additional risk.
Opt-out respects company rights
It’s not a legal requirement, but it is best practice. Companies must be able to unsubscribe within a reasonable timeframe.
Transparency requires a clear privacy policy
Visitors must know that you apply company-level identification. Link to your provider’s privacy policy.
Frequently asked questions
How do I know if my tool is GDPR-compliant?
Check if the tool uses cookies (not GDPR-proof). Verify if hosting takes place in the EU. Ask about ISO 27001 certification. Read the privacy policy: is personal data collected? Test if opt-out is available. If one of these checks fails, you face legal risk.
What’s the difference between business data and personal data?
Business data includes company name, sector, revenue, locations. Personal data includes names, emails, IP addresses of individuals. Leadinfo exclusively collects business data. This falls under legitimate interest (Article 6(1)(f) GDPR) and requires no consent. Personal data does require consent or another lawful basis.
Do I need to ask consent for visitor identification?
No, business-level identification requires no consent. You must be transparent in your privacy policy. Companies must have an opt-out option. Since no cookies are used, a cookie banner isn’t needed. This makes implementation simpler and legally safer.
Why is EU hosting so important for GDPR compliance?
Schrems II (2020) prohibits data transfers to the US. EU hosting guarantees protection under GDPR. Leadinfo exclusively hosts in Ireland and Frankfurt. No American sub-processors or cloud providers are involved. This prevents legal risks and protects you from fines.
