GDPR: Do I Need Consent To Send B2B Marketing eMails?

Before the introduction of GDPR in May 2018, many companies emailed everyone on their client and prospect databases with a polite request (with a helping of desperate pleading) for consent from the data subjects to receive marketing emails.  But with reported response rates at below 10% and with “consent fatigue” running high well before the deadline, any company which sent an email threatening that the recipient would ‘never hear from us again’ is now looking at a much diminished marketing database.

But businesses marketing to other businesses do not have to rely on consent as a lawful basis to process personal data (ie use email addresses for marketing) . B2B marketers can use an alternative basis to process personal data; legitimate interests.

You can send business-to-business marketing emails on the basis that you have a Legitimate Interest in doing so. Before using Legitimate Interests as a reason for data processing and email marketing, you will need to carry out a Legitimate Interests Assessment.

LIA is a three part test assessing the purpose and necessity of your use of personal data and a test balancing your interest against the interests, rights and freedoms of the person whose data you are processing. After you have documented your LIA, you must then update your Privacy Policy to show that you are relying on Legitimate Interests as a basis for processing personal data.

Your third responsibility is to communicate that you are using Legitimate Interests to the data subject. We believe that this can be done by putting a statement at the end of every marketing email that you send stating something along the lines of

“As a GDPR compliant company, we would like to explain why you have received this email. We believe that you have a need for business-to-business marketing data within your business. From our research, or from information that you have provided, we have identified your email address as being an appropriate point of contact within your organisation. This represents legitimate interest in line with the ICO’s guidance.”

You can read the ICO’s guidance on Legitimate Interests.

All B2B marketers who are using bought-in email lists in eMarketing campaigns must carry out and document their Legitimate Interests Assessment.

Any mailing list or email list that you have bought from a mailing list company can only be used on the basis of Legitimate Interests after 25 May 2018. Consent is now only valid if the company using the data was mentioned at the time of data collection. Unless your mailing list was researched on your behalf and your company name was mentioned to the data subject, consent (or third-party opt-in) is not valid under the terms of GDPR.

 

 

This blog was first published on 17th May 2018 (pre-GDPR) and was updated on 14th August 2018.

GDPR: Getting Your Mailing Lists Up-To-Date To Comply With GDPR

There has been a fair bit of scaremongering (and some unseemly profiteering on the back of scaremongering) surrounding GDPR.

If you are looking at files of old email addresses and wondering if you can continue to send business marketing emails, Electric Marketing’s data cleansing services can help you tidy up your b2b mailing lists and remove the records that are incorrect.

If you are unlucky enough to come to the attention of the ICO, the fact that you have taken steps to comply with the regulation that data must be up-to-date will stand you in good stead. The new regulation is clear that companies which fall foul of the new rules will be given guidance to put things right.

What the regulation does not specify is how up-to-date must your b2b data be? It does not define a time-frame for ‘up-to-date’. Given that data on large companies decays at a rate of 50% in each 12 months, Electric Marketing is working on the assumption that data that is more than a year old probably falls into the not up-to-date category. Our tests show that half of the records sold 12 months ago will now be incorrect in some way, be it a new postcode, changed phone number, new email address or change of person’s name or job title.

But the client who called Electric Marketing wondering if the data he bought in 2012 is ‘GDPR compliant’, the answer was a firm no, as you need to update it. However if you have kept your data up-to-date by calling the companies or verifying the data in some way, then yes you can still use your pre-2018 mailing lists. But you must comply with the new rules and use the mailing lists on the basis of legitimate interests.

If you have not kept your data files up-to-date consider using a data suppression file such as Electric Marketing’s Leavers Database to get rid of the egregious errors. It will be tricky to convince the ICO that your data is up-to-date if it includes defunct companies such as Monarch Airlines, Allied Domecq or Consignia. Or old London phone numbers beginning 0171.

If your data update process extends to suppressing the unsubscribes and removing the emails which bounce back, be aware that some servers do not automatically reject email addresses that are no longer valid. Your emails may be being forwarded and read by the replacement managing director. On the other hand they may be sitting unread on the target company’s email server, ready for an officious DPO to report you to the ICO for sending promotional emails to an email address that has been out of use for 2 years.

I feel I may have drifted into scaremongering myself there. But the new General Data Protection Regulation is insistent that data is current and it is a risk to store and use marketing data that has not been maintained.

 

 

This is blog was published on 15th May (pre-GDPR) and edited on 14th August 2018 (post GDPR).