Skip to main content

GDPR: Do I Need Consent To Send B2B Marketing eMails?

Thu, 17/05/2018

Before the introduction of GDPR in May 2018, many companies emailed everyone on their client and prospect databases with a polite request (with a helping of desperate pleading) for consent from the data subjects to receive marketing emails.

But with reported response rates at below 10% and with "consent fatigue" running high well before the deadline, any company which sent an email threatening that the recipient would 'never hear from us again' is now looking at a much diminished marketing database.

But businesses marketing to other businesses do not have to rely on consent as a lawful basis to process personal data (ie use email addresses for marketing). B2B marketers can use an alternative basis to process personal data; legitimate interests.

You can send business-to-business marketing emails on the basis that you have a Legitimate Interest in doing so. Before using Legitimate Interests as a reason for data processing and email marketing, you will need to carry out a Legitimate Interests Assessment.

LIA is a three part test assessing the purpose and necessity of your use of personal data and a test balancing your interest against the interests, rights and freedoms of the person whose data you are processing. After you have documented your LIA, you must then update your Privacy Policy to show that you are relying on Legitimate Interests as a basis for processing personal data.

Your third responsibility is to communicate that you are using Legitimate Interests to the data subject. We believe that this can be done by putting a statement at the end of every marketing email that you send stating something along the lines of "As a GDPR compliant company, we would like to explain why you have received this email. We believe that you have a need for business-to-business marketing data within your business. From our research, or from information that you have provided, we have identified your email address as being an appropriate point of contact within your organisation. This represents legitimate interest in line with the ICO's guidance."

You can read the ICO's guidance on Legitimate Interests.

All B2B marketers who are using bought-in email lists in eMarketing campaigns must carry out and document their Legitimate Interests Assessment. Any mailing list or email list that you have bought from a mailing list company can only be used on the basis of Legitimate Interests after 25 May 2018. Consent is now only valid if the company using the data was mentioned at the time of data collection. Unless your mailing list was researched on your behalf and your company name was mentioned to the data subject, consent (or third-party opt-in) is not valid under the terms of GDPR.

This blog was first published on 17th May 2018 (pre-GDPR) and was updated on 14th August 2018.