Suneese and GDPR

Explore by Category
By : Suneese
Recruitment 24/05/2018 04:20pm
19767 view(s)

We have been asked a number of times how our service works within the GDPR rules.

This is what we have found, which we believe would be useful for all our customers:

"As the live date for the General Data Protection Regulation (GDPR) gets ever closer, people are beginning to realise the scale and the impact it could have on their business. On the face of it, the GDPR is quite clear - you must get the explicit consent of individuals in order to communicate with them. However, in the B2B world, this isn’t quite as clear. Many are still wondering whether they can email businesses that haven’t explicitly opted-in, after 25th May 2018.

Back in January 2017, it was revealed that B2B marketers could indeed email businesses, thanks to a rare U-turn from the EU. However, “the change of heart” still left those in the B2B community wondering if they were allowed to email individuals at a business, e.g. neil@b2bcompany.com, or just the business email address, e.g. info@b2bcompany.com?

The first thing to make clear is that a business email address does fall within GDPR. In response to a specific request made to the ICO last September, a case officer said: “If a business email address includes the name of an individual it can be considered personal data. It would identify them as an individual i.e. john.smith@business.com. Therefore, any email address with an individual’s name listed within it in this way must be handled under DPA legislation, and the GDPR as of May (2018).”

That doesn’t mean, however, that you can’t send an email to an individual’s business email address without prior consent. Direct marketing is recognised as a legitimate interest under Recital 47 of the GDPR and is deemed a legal basis for processing the data. This effectively means that GDPR defers to the existing Data Protection Act in respect of B2B, with the principal requirements being to identify yourself as the sender and to provide a clear and easy way for the recipient to opt-out.

The ICO, which is responsible for upholding GDPR in the UK, say this in its direct marketing guidance: “These rules on consent, the soft opt-in and the right to opt out do not apply to electronic marketing messages sent to ‘corporate subscribers’  …… The only requirement is that the sender must identify itself and provide contact details.""

Author The marketingeye.

https://www.themarketingeye.com/blog/marketing-tips/post/gdpr_email_individual_business.html