Now that we are all getting used to GDPR, you have probably seen mailing lists advertised with the reassuring words "GDPR Compliant Data". But what does it mean for b2b mailing list data to be GDPR compliant?
- The mailing list has to be current and up-to-date. The new General Data Protection Regulation does not define 'current'. Electric Marketing is taking the view that our mailing lists, verified by telephone two or three times a year, qualify as being current.
- If the mailing list contains personal information, and names and company email addresses which contain a person's name do count as personal information, every person on the list must be informed that they are on the mailing list and be informed of the extent of the information held by the data owner. This is not the same as consent, but a mailing list owner should contact the data subject and give them the opportunity to opt out. Unlike consumer marketing where consent is required, business-to-business marketing remains an opt-out regime.
- Data must have been collected lawfully ie data must not be stolen and must have been collected for the purpose it is being used for eg data subjects should not be told that their email address will be used for research purposes only to be sent sales and marketing emails.