When I first started looking into GDPR last summer, I, along with many others, had identified that big changes were in store for direct marketing. I even thought that this may be the end of e-mail marketing as the most popular B2B marketing tactic. It then became obvious that the regulations distinguish between corporate subscribers and personal data. This is significant as it could mean that the rules for B2B direct marketing may stay largely unchanged. This Blog attempts to give you the latest low down and provide some clarity:
A key fact some people are not aware of, is that GDPR itself does not mention marketing at all, rather the two relevant documents here are:
- The Data Protection Act 1998 (DPA)
- The Privacy and Electronic Communications Regulations 2003 (PECR)
As you might have guessed, both have existed for some time but GDPR has given them extra importance since it has the power to act against offenders. One more important factor to bear in mind, is that the new e-privacy Regulation (ePR) which is currently being agreed by the EU to replace the PECR will not be completed by the time GDPR comes into effect in May. The new ePR may bring some additional changes affecting B2B marketing which are unconfirmed at present.
But what are the actual rules and what can you expect to be able to do or not in the B2B market after May 25th? Well, I did a lot of reading and found some useful Blogs but they all said slightly different things, here are a few examples:
- In May 2017, the Upfront Blog interviewed Lecturer in Law at University of Hertfordshire Henry Pearce who said: ‘At present, PECR specify that B2B email marketing and similar activities would not have to obtain the express opt-in consent of any individuals whose personal data were involved in said activities. Therefore, in the context of B2B marketing activities involving personal data, if individuals are given the option to opt-out this is sufficient to establish consent. The GDPR broadly also retains the abovementioned conditions for processing of personal data contained within the DPA, but with some important clarifications, particularly regarding individual consent.’ Read more…
What did I make of it: Whilst Mr Pearce did his best not to answer the question directly the Blog does provide good guidelines for ensuring your data system is robust.
- In July 2017, Blue Sheep Blog wrote about the new e-PR and said: ‘Although an unfinalised draft, the new e-Privacy Regulationcontains several key points relating to electronic communications that will affect B2B (and B2C) businesses, including applications to more communication services, simplified rules on Cookies and changes to soft opt ins which relates to messages to existing clients.’ On the subject of B2B data being classed as personal or not the Blog said: ‘Depending on whom you ask, you’ll hear mixed messages’. Read More…
What did I make of it: This Blog does a good job of clarifying the situation and explain the distinction between B2C and B2B data.
- In January 2018, Lead Forensics produced a Blog which related to the definition of ‘personal data’, ‘sensitive data’ and ‘business data’. Under the business data category, it read: ’GDPR only applies to data relating to individuals, not relating to businesses. So, data that is clearly related to a business such as business name and address, landline number and info@ email are all outside of GDPR ruling. However personal business email addresses can fall under a classification of “personal data”.’ Read More
What did I make of it: Very helpful infographics for those who like the information summed up clearly.
- In the light of personal business e-mails being considered ‘personal data’ you might want to read the Marketing Centre Blog which clarifies the term ‘legitimate interest’: ‘Legitimate Interest is one of the 6 lawful reasons for processing personal information defined in GDPR. The regulation states specifically that “the processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”In fact, the DMA view is that B2B marketers will be able to make use of the legitimate interest legal grounds for their marketing activity in most instances. Keep in mind, though, that the definition of legitimate interest is still a matter of debate. GDPR requires the sender to justify that a communication is in the legitimate interest of and does not risk the privacy of the individual. ‘Legitimate interest’ should not be used as a reason to ‘catch-all-and-carry-on-regardless’. You can download the DMA guidance on legitimate interest here. Read More…
What did I make of it: The Blog raises some key points and offers some useful links. It helped me understand how legitimate interest works.
So how do you settle it?
The surprising answer is, read the Direct Marketing Guide put together by the ICO (Information Commissioner’s Office – they are in charge). The document is well written in easy to understand language and includes plenty of examples. It’s not even too long.
Key points to take away:
- Whilst we await the new e-PR to be agreed by the EU parliament the main legal documents referring to B2B marketing are DPS and PECR
- There is ambiguity as to whether business e-mail addresses (for limited companies and corporates) are considered ‘personal data’
- The main justification for B2B marketing under GDPR will fall under ‘legitimate interest’ though you will have to treat this with care
- The biggest change to practice will be around data management so you need to sort this out as a matter of urgency.
As always, we will be delighted to help if we can. Do check out our GDPR support here and get in touch if you would like more information.