On 26 March 2016 the Information Commissioner issued new guidance on Data Protection and Privacy & Electronic Communications Regulations for direct marketing.
The full guidance can be read here https://ico.org.uk/media/for-organisations/documents/1555/direct-marketing-guidance.pdf but we've extracted the sections for business-to-business marketing and they are shown below:
Business-to-business texts and emails
1. Rules on consent, the soft opt-in and the right to opt out do not apply to electronic marketing messages sent to ‘corporate subscribers’ which means companies and other corporate bodies eg limited liability partnerships, Scottish partnerships, and government bodies. The only requirement is that the sender must identify itself and provide contact details.
2. However, it serves little purpose to send unsolicited marketing messages to those who have gone to the trouble of saying they do not want to receive them.
3. Corporate subscribers do not include sole traders and some partnerships who instead have the same protection as individuals. If an organisation does not know whether a business is a corporate body or not, it cannot be sure which rules apply. Therefore we strongly recommend that organisations respect requests from any business not to email them.
4. In addition, many employees have personal corporate email addresses (eg firstname.lastname@example.org), and individual employees will have a right under section 11 of the DPA to stop any marketing being sent to that type of email address.
1. Sole traders and partnerships may register their numbers with the Telephone Preference Service (TPS) in the same way as individual consumers, while companies and other corporate bodies register with the Corporate Telephone Preference Service (CTPS). So organisations making business-to-business marketing calls will need to screen against both the TPS and CTPS registers.
The right to opt out
1. Organisations must not make unsolicited marketing calls to a person who has said that they don’t want those calls. In other words, there is a right to opt out, and organisations cannot call someone who has objected to or opted out of marketing calls.
Organisations should not make it difficult to opt out, for example by asking individuals to complete a form or confirm in writing. As soon as an individual has clearly said that they don’t want the calls, they must stop.
2. If an individual objects or opts out at any time, their details should be suppressed as soon as possible. It is important not to simply delete their details entirely, otherwise there is no way of ensuring that the organisation does not call them again.
3. Organisations must not send marketing texts or emails to an individual who has said they do not want to receive them. Individuals have a right to opt out of receiving marketing at any time. Organisations must comply with any written objections promptly to comply with the DPA – but even if there is no written objection, as soon as an individual says they don’t want the texts or emails, this will override any existing consent or soft opt-in under PECR and they must stop.
4. Organisations must not make it difficult to opt out, for example by asking individuals to complete a form or confirm in writing. It is good practice to allow the individual to respond directly to the message – in other words, to use the same simple method as required for the soft opt-in. In any event, as soon as an individual has clearly said that they don’t want the texts or emails, the organisation must stop, even if the individual hasn’t used its preferred method of communication.
5. If an individual objects or opts out at any time, their details should be suppressed from marketing lists as soon as possible. It is important not to simply delete their details entirely, otherwise there is no way of ensuring that the organisation does not contact them again.