Blogs & ideas

B2b email marketing and GDPR: What you need to know

Email Marketing button

By Tim Holt 4 min read

Yellow lightbulb icon
#DataHQIDEAS

Recently, a long standing client asked why we had been selling illegal B2B email marketing data. Naturally, we hadn’t, but we were very curious to know why they thought we had.

The client in question had attended a marketing seminar which examined the impending General Data Protection Regulation (GDPR) and its implications on email lists. It soon became apparent that they had received misleading information. Their understanding was that B2B email marketing data should all be ‘opted in’ and mechanisms to do this should have been in place for the past five years. We had to point out this is not the case for all B2B email marketing. B2C ‘opt-in’ rules are more stringent and this could be providing the confusion.

On a similar note, we have been asked by a few clients to complete forms and provide assurances that our B2B data complies with GDPR. This is something we’re always happy to do but it is another example of the misunderstanding that surrounds the regulations attached to B2C verses B2B data. In short, the requirement for opt-in (the consent of the data subject) applies to B2C direct email marketing to sole traders and those whose businesses that are not incorporated.

The good news is, it is clear a lot of businesses are now getting to grips with their due diligence as the subject of GDPR becomes a pressing issue. However, it is also becoming more prevalent that the regulations around business and consumer data need to be more distinctive.

Clarifying B2B Marketing List Regulations

Firstly, any B2B marketing data used for prospecting and lead generation needs to comply with the GDPR (when is applies in May 2018), the Data Protection Act (DPA) and the Privacy and Electronic Communications Regulation (PECR) (since 2003).

Looking at this in more detail. There are two classifications of organisations as far as the GDPR, DPA and PECR are concerned. These are:

1) Sole traders and partnerships

2) Corporate bodies and entities

Since sole traders (‘sole trader’ is synonymous with ‘sole proprietor’ or ‘self employed’) and those in partnerships are considered to be consumers, they need to have opted-in to receive email marketing communications. Furthermore, that consent standard should coincide with the GDPR standard of consent, so it must have been informed, freely given, unambiguous and specific. Older ‘opt-ins’ are less likely to be to this standard, so should be reviewed pending the upcoming application of GDPR.

Contacts within organisations that are incorporated in some way (i.e. Ltd, PLC, LLP, LBG or public sector organisations and also charities) do NOT need to be opted-in to receive email marketing, but you must give them the opportunity to opt-out if you send them marketing emails, and you must include the details of who you are. Wherever possible an opted-in list is always the best option and will ultimately lead to better results.

A question we often get asked is, is an info@soletrader.com email address personal or non-personal? Can this address be used legitimately for B2B email marketing? The question is, does this piece of data identify a natural living person? Is it capable of being combined with another piece of information and easily then identifying a living natural person. If so, it will be ‘personal data’ and within scope of GDPR. In this case, the answer is ‘no’. However, joe.bloggs@soletrader.com would be personal information for the purposes of GDPR, and therefore it must be processed lawfully.

It’s worth noting, if being used to conduct direct email marketing, then PECR rules apply. Is this person a sole trader? If so, we need consent/opt-in before we can email them marketing UNLESS we are relying on what is known as ‘soft opt-in’. Soft opt-in is available where you are marketing to a consumer who has recently been a customer, and you are marketing similar products and/or services. If you can demonstrate that a soft opt-in applies, you won’t need an explicit opt-in to market to that consumer. Be aware however, charities cannot rely on the soft opt-in – it is for commercial purposes.

At Data HQ, we work very closely with our main contributors to our B2B marketing database. 90% of our business email data is opted in, including any sole trader and partnership records.

The final draft of the GDPR is still in a consultation stage, but at the time of writing this, it looks like the vast majority of consumer list sales of email and telephone-marketing data will be stamped out come May 2018. Thankfully, most B2B data can be used for direct marketing without any opt-in requirement under PECR, but all personal data must ultimately be processed lawfully to comply with GDPR.

You can read our best practice and tips for B2B email here.

Further reading: Data HQ's complete guide to the GDPR

Share this blog

Our stories and ideas direct to your inbox