Blogs & ideas

Where is b2b data marketing after the GDPR hullabaloo?

Girl At Computer Biting Pencil

By Tim Holt 4 min read

Yellow lightbulb icon
#DataHQIDEAS

With GDPR D-Day now behind us, B2B marketers are settling into their new data protection-focused routines. Those who understand how GDPR positively impacts B2B marketing lists continue to thrive with their email marketing and generate leads for their businesses. Those who have misunderstood GDPR, however, may have seen their leads dwindle, sales hit the buffers, and business growth stalling.

Recently, when visiting a business in the publishing, exhibitions and conferences sector, I heard it had scaled back its email promotion activity by 80% purely because of GDPR. Their event registrations were down by 50%, as a result. What was previously a profitable event was now turning into a loss-making venture. The reason? GDPR fear and pure misunderstanding.

So, when it comes to GDPR, cold B2B email marketing (such as renting marketing lists) and telephone marketing, what activities are legal and what aren’t?

B2B marketing activities permissible under GDPR

  1. Cold email marketing to limited companies, PLCs and corporate organisations such as public sector, charities associations etc.
  2. Cold telephone marketing to the business number of the above, except when the number is registered on CTPS/TPS or the message is pre-recorded.

B2B marketing activities not permissible under GDPR

  1. Cold email marketing to sole traders and partnerships without their prior consent to receive communication from your company.
  2. Cold telephone marketing to sole traders and partnerships without their permission to receive communication from your company.

So, in broad terms, it’s as simple as that and it has since 2003, very little has actually changed. The main difference is a few more layers of policy and process to make it clearer to data subjects why you might be processing their personal data.

What about personal data in business mailing lists?

A personal B2B email address, such as bob.smith@acme.com, is broken down into two components; the name before the @ sign and the business after the @ sign. The name is personal data (it identifies an individual) but the domain after the @ is not personal data. Neither the accompanying business name address nor business information is personal data.

To process the personal data element of any B2B marketing list you need a legal basis to do so. Our legal basis (and yours could or should be too) is ‘Legitimate Interest’. By this we mean we have a legitimate interest to process this data to fulfil services to our clients.

Yours could be a legitimate interest in making your customers and prospects aware of your product or services. This covers the legal basis for processing (holding) a person’s name on a database or email marketing system.

What about PECR?

The other consideration is the Privacy and Electronic Communications Regulation (PECR). This is separate to GDPR, but just as relevant to data protection.

So, what are the fundamentals of PECR? When using B2B email or telephone data for the limited companies, PLCs and corporate bodies, there are two rules you must apply:

  1. Email marketing must be business related, you must provide your contact details and a method for the data subject to unsubscribe.
  2. If you are calling the telephone numbers, you must check that they are not registered on the CTPS or TPS. What’s more, you must check this at least once every 28 days.

The simplest way of understanding what you can and cannot do under GDPR/PECR? Can carry on as you were before, just make sure that sole traders and partnerships are excluded from your list.

If you take on board this simple advice, the risk of being fined by the ICO is probably about 0.001%.

So, now that all the hullaballoo around GDPR has begun to die down, and for those who understand that B2B data marketing is a safe, legal activity to continue, here is a list of diligent considerations to bear in mind:

  1. Specifically request that sole traders and partnerships are excluded from the list you are buying
  2. Ask to see a copy of the LIA and the DPIA
  3. Make sure you have understood how the data is collected
  4. Make sure the data is recently verified and accurate
  5. Make sure you understand the legitimate interest
  6. Have a simple process in place to handle the odd misinformed GDPR complaint
  7. Do not ever buy business mailing lists on price, buy on quality and credibility
  8. Only buy from a company that has good data and IT security governance
  9. Only buy from a company that can evidence its data compliance


At Data HQ, we focus on supplying B2B marketing lists that businesses can trust. In the post-GDPR quagmire, you can still ensure your marketing data is fully compliant. Read more about our marketing lists services, and find out how a targeted mailing strategy will boost your business results — even after GDPR.

Further reading: Data HQ's complete guide to the GDPR

Share this blog

Our stories and ideas direct to your inbox