GDPR legislation is actually a good thing and not something to be scared of. The new legislation will encourage businesses to use best practice with their data and stop old practices like just contacting everyone with everything and not caring (you’ve all done it).
Put simply, for B2B marketing if you’re contacting someone with something they could expect to get from you then you are ok to continue to contact them. So if Bob at Bob’s Autos signed up for your email newsletter, then he’d expect to keep getting it without the need to be asked again if he really still wants it.
Of course on every email newsletter you’ve sent Bob you included an unsubscribe link didn’t you?
With the scary figures attached to breaching the GDPR regulations it’s no wonder Marketers have got really worried about the effect GDPR might have on them. That’s why the Direct Marketing Association (DMA) pushed for legitimate interest to be included to help B2B marketers keep their businesses moving.
There’s a difference between B2C and B2B when it comes the GDPR
B2C marketers need a clear OPT-IN to any marketing, this can be verbal, physical or electronic. If you don’t have consent then you need it.
B2B marketers on the other hand have a range of options open to them when it comes to GDPR. Any activities which are the legitimate interests of the business and justify direct one-to-one marketing activities to employees of other businesses are ok to carry out.
Consent is not the only basis on which you can process B2B data.
Consent is just one of 6 basis’ set out in the GDPR legislation for B2B marketing activities. Here’s the full list.
- Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
- Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
What is legitimate interest?
Legitimate interest is a legal ground on which businesses can process the personal data of their existing audience. Once legitimate interest is established and proven, you can continue marketing activities, as long as you give the option to be opted out at any point.
The UK’s legal framework for privacy in marketing is not solely covered by GDPR. It’s also defined by the existing Privacy and Electronic Communications Regulations (PECR), which will remain in force once GDPR takes effect.
PECR applies to all B2C marketing, but not all forms of B2B marketing. Staff members of limited companies, incorporated partnerships, local authorities and government institutions are all exempt from PECR. This means B2B marketers are free to use legitimate interest as a legal basis for electronic marketing for these people as long as it is under their professional capacity e.g. [email protected] and not [email protected]
Although I’ve talked mainly about email marketing all this applies to direct mail, phone and text marketing too. The exceptions are, as you would expect, anyone who’s opted out of marketing via TPS or any other official suppression service.
The best place to get advice on this is the Information Commissioners Office whose website is constantly updated with the latest details.
Just remember GDPR isn’t as scary as it might sound, so don’t have nightmares.