Now that we are all getting used to GDPR, you have probably seen mailing lists advertised with the reassuring words “GDPR Compliant Data”. But what does it mean for b2b mailing list data to be GDPR compliant?
- The mailing list has to be current and up-to-date. The new General Data Protection Regulation does not define ‘current’. Electric Marketing is taking the view that our mailing lists, verified by telephone two or three times a year, qualify as being current.
- If the mailing list contains personal information, and names and company email addresses which contain a person’s name do count as personal information, every person on the list must be informed that they are on the mailing list and be informed of the extent of the information held by the data owner. This is not the same as consent, but a mailing list owner should contact the data subject and give them the opportunity to opt out. Unlike consumer marketing where consent is required, business-to-business marketing remains an opt-out regime.
- Data must have been collected lawfully ie data must not be stolen and must have been collected for the purpose it is being used for eg data subjects should not be told that their email address will be used for research purposes only to be sent sales and marketing emails.
So now you know what to expect of a reputable mailing list supplier. My next blog covers the steps that you, the user of bought-in b2b email lists, must take when running a GDPR compliant email marketing campaign.
Have You Invested In an eMailing List which is GDPR Compliant?
After the deluge of permissioning emails around GDPR, many people are acutely aware of which emails they have signed up to receive and which requests for permission they denied or ignored.
This means that slack marketers can no longer rely on the short memory of a target by writing something like this:
“You are receiving this email as you have subscribed in the past to receive information about our events. If you wish to update your email preferences or unsubscribe, please click the link below”.
Yes this statement is doing the right thing by offering an unsubscribe but post-GDPR this sort of email sign off is increasingly being called out by targets.
A little white lie claiming that the prospect is receiving emails because they have ‘previously signed up’ or ‘enquired in the past’ when the marketer bought in an email list and the company has no previous relationship with the data subject does not enhance your campaign. In the post-GDPR age, very few people are falling for this anymore.
I have seen this at the bottom of a few emails this month:
“This email was sent to you as a corporate subscriber within the meaning of the Privacy and Electronic Communications Regulations 2003. Your personal data are protected under the General Data Protection Regulation and Data Protection Act 2018. If you would like to know how and why you have received this message, please visit our information page.”
Electric Marketing is signing off its emails with this:
“As a GDPR compliant company, we would like to explain why you have received this email. We believe that you have a need for business marketing data within your business. We have identified your email address as being an appropriate point of contact within your organisation. This represents legitimate interest in line with the ICO’s guidance. Our Privacy Notice is available here”
Like the new regulation, our statement is a bit clunky but as we all get used to what GDPR means for business-to-business marketing, this will no doubt become shorter and snappier over time.
Before the introduction of GDPR in May 2018, many companies emailed everyone on their client and prospect databases with a polite request (with a helping of desperate pleading) for consent from the data subjects to receive marketing emails. But with reported response rates at below 10% and with “consent fatigue” running high well before the deadline, any company which sent an email threatening that the recipient would ‘never hear from us again’ is now looking at a much diminished marketing database.
But businesses marketing to other businesses do not have to rely on consent as a lawful basis to process personal data (ie use email addresses for marketing) . B2B marketers can use an alternative basis to process personal data; legitimate interests.
You can send business-to-business marketing emails on the basis that you have a Legitimate Interest in doing so. Before using Legitimate Interests as a reason for data processing and email marketing, you will need to carry out a Legitimate Interests Assessment.
Your third responsibility is to communicate that you are using Legitimate Interests to the data subject. We believe that this can be done by putting a statement at the end of every marketing email that you send stating something along the lines of
“As a GDPR compliant company, we would like to explain why you have received this email. We believe that you have a need for business-to-business marketing data within your business. From our research, or from information that you have provided, we have identified your email address as being an appropriate point of contact within your organisation. This represents legitimate interest in line with the ICO’s guidance.”
You can read the ICO’s guidance on Legitimate Interests.
All B2B marketers who are using bought-in email lists in eMarketing campaigns must carry out and document their Legitimate Interests Assessment.
Any mailing list or email list that you have bought from a mailing list company can only be used on the basis of Legitimate Interests after 25 May 2018. Consent is now only valid if the company using the data was mentioned at the time of data collection. Unless your mailing list was researched on your behalf and your company name was mentioned to the data subject, consent (or third-party opt-in) is not valid under the terms of GDPR.
This blog was first published on 17th May 2018 (pre-GDPR) and was updated on 14th August 2018.
There has been a fair bit of scaremongering (and some unseemly profiteering on the back of scaremongering) surrounding GDPR.
If you are looking at files of old email addresses and wondering if you can continue to send business marketing emails, Electric Marketing’s data cleansing services can help you tidy up your b2b mailing lists and remove the records that are incorrect.
If you are unlucky enough to come to the attention of the ICO, the fact that you have taken steps to comply with the regulation that data must be up-to-date will stand you in good stead. The new regulation is clear that companies which fall foul of the new rules will be given guidance to put things right.
What the regulation does not specify is how up-to-date must your b2b data be? It does not define a time-frame for ‘up-to-date’. Given that data on large companies decays at a rate of 50% in each 12 months, Electric Marketing is working on the assumption that data that is more than a year old probably falls into the not up-to-date category. Our tests show that half of the records sold 12 months ago will now be incorrect in some way, be it a new postcode, changed phone number, new email address or change of person’s name or job title.
But the client who called Electric Marketing wondering if the data he bought in 2012 is ‘GDPR compliant’, the answer was a firm no, as you need to update it. However if you have kept your data up-to-date by calling the companies or verifying the data in some way, then yes you can still use your pre-2018 mailing lists. But you must comply with the new rules and use the mailing lists on the basis of legitimate interests.
If you have not kept your data files up-to-date consider using a data suppression file such as Electric Marketing’s Leavers Database to get rid of the egregious errors. It will be tricky to convince the ICO that your data is up-to-date if it includes defunct companies such as Monarch Airlines, Allied Domecq or Consignia. Or old London phone numbers beginning 0171.
If your data update process extends to suppressing the unsubscribes and removing the emails which bounce back, be aware that some servers do not automatically reject email addresses that are no longer valid. Your emails may be being forwarded and read by the replacement managing director. On the other hand they may be sitting unread on the target company’s email server, ready for an officious DPO to report you to the ICO for sending promotional emails to an email address that has been out of use for 2 years.
I feel I may have drifted into scaremongering myself there. But the new General Data Protection Regulation is insistent that data is current and it is a risk to store and use marketing data that has not been maintained.
This is blog was published on 15th May (pre-GDPR) and edited on 14th August 2018 (post GDPR).
If you buy business mailing lists and email lists, you can be forgiven for thinking that you can no longer use them since the arrival of GDPR on 25th May 2018, when the new General Data Protection Regulation came into force. Much has been written decrying this Data Protection Regulation update as the end of cold email marketing. And it does herald some big changes, most notably the tightening up of how people consent to their personal data being used. But this does not rule out cold b2b email marketing or using bought-in business mailing lists to generate sales.
Since 25th May, for consent to be used as a lawful basis to process data (ie send b2b marketing emails) a person must actively consent for their data to be processed and used and the name of the company using the data must be mentioned at the time consent is given. This means that mailing list companies can no longer sell data that is “fully opted-in”. To opt in, people have to opt in directly with the company using the data. Unless your company name was mentioned when the person’s email address was collected, you can no longer rely on consent as a reason to process personal data.
But consent is not the only reason to process personal data. There are six lawful bases for processing data in the Data Protection legislation. You need to show compliance with one reason. The most useful for business-to-business direct marketers and email marketers is known as Legitimate Interests.
Legitimate interests might be your own interests, or the interests of the third party receiving the data, or a combination of the two.
Latest guidance from the Information Commissioner says that legitimate interests may be the most appropriate basis when:
“the processing is not required by law but is of a clear benefit to you or others; there’s a limited privacy impact on the individual; the individual should reasonably expect you to use their data in that way; and you cannot, or do not want to, give the individual full upfront control (i.e. consent) or bother them with disruptive consent requests when they are unlikely to object to the processing.”
Crucially for marketers, direct marketing is described in the GDPR as an activity that may indicate a legitimate interest.
We’ve put together a guide on the simple steps you need to take to use legitimate interests as your reason to continue processing data and to continue using bought-in mailing lists for your email marketing.
Legitimate Interests is not a new concept and in fact, Electric Marketing has never relied on consent as a basis for collecting and processing data. What is new is that GDPR requires us all to document how we are using data and to communicate this to users and data subjects. Which on balance, seems quite reasonable.
Now that you’ve written those GDPR policy documents and tackled your corporate mountain of old data, you might be ready to leave the legal stuff to the lawyers and get back to marketing, comms and sales. But maybe you’ve read something about PECR and some people on LinkedIn are still insisting that b2b email marketing will be over in May 2018?
What Is PECR?
PECR is the Privacy & Electronic Communications (EC Directive) Regulations 2003 which governs email marketing. As an EU Directive, the UK can choose how to interpret PECR. Crucially the UK allows businesses the freedom to email other businesses on business matters without consent. Most EU countries do not allow b2b email marketing without consent.
The EU wants to update PECR and upgrade it to a Regulation (the ePrivacy Regulation or ePR) which means that all EU nations must follow the rule to the letter and there is no flexibility on its interpretation. The European Parliament signalled its desire to update it before May 2018 and bring in the new ePrivacy Regulation on 25 May 2018. As this would bring the UK into line with the EU and likely outlaw the sale of all third party b2b mailing lists, Electric Marketing wrote to a number of government ministers and departments asking for more information.
Five weeks later, the Department of Digital, Culture, Media & Sport has emailed a reply; The Rt Hon David Davis MP Minister For Exiting The European Union, passed my letter to them.
EU Plans To Update PECR
The Department For DCMS states that is pretty much impossible for the EU to stick to their timetable of introducing ePR, the update to PECR legislation in May 2018. It points out that while the European Parliament has agreed its policy, all 28 member states are yet to officially state their position on the proposal and the final text of the ePrivacy Regulation is yet to be agreed by the European Parliament, Council and Commission.
“Our stand is that the quality of the text must be prioritised over speed”
The email from the DDCMS says that the UK government is pushing for a workable timetable for implementation, which I take to mean a two year period for business to prepare for the new ePrivacy Regulation.
What Is The UK Government’s Position On The PECR Update?
The email goes on to say
“In relation to unsolicited communication (spam emails and unsolicited calls), the UK’s position is to ensure the provisions for marketing communication are aligned with the high standard set in our domestic regime (‘PECR’) without compromising our regulator’s ability to enforce against such communication. We also aim to tighten the definition of direct marketing communications to avoid users needing to consent every time they load a webpage with ads. Elsewhere, the UK’s position is to maintain the level of flexibility for Member States in the current law.”
I believe that means the UK’s position is to continue to allow b2b email marketing without consent. But I am quoting the email from the ministerial support team at the Department for Digital, Culture, Media & Sport verbatim so that you can come to your judgement.
When Will The New PECR Regulation (ePR) Come Into Force?
Perhaps more pertinent is the question of timing; the EU needs to agree a text and pass the update to PECR before the UK leaves the EU on 29th March 2019 for the updated Regulation to become part of the European (Withdrawal) Bill and to pass into domestic legislation. If the EU passes the Regulation, it is likely that there will be a period of implementation which may be two years as with GDPR. If the ePrivacy Regulation is not passed before the UK leaves the EU, we will have to see what sort of Brexit deal is struck with regard to implementing new EU laws in the UK post-Brexit.
What Is The Government’s Policy on Data Protection Post-Brexit?
For more information, read this Government publication Future Partnership.
Electric Marketing will keep a close watch on the progress of PECR throughout 2018 and into 2019.
Our view is that the implementation of PECR reform seems a way off yet. But beyond 2020, the future for business-to-business digital marketing is not certain.
GDPR Signals The Death Of The Opt-In Mailing List: How Can You Still Use B2B Email Marketing In 2018?
The new GDPR (General Data Protection Regulation) rules that if your mailing list is opt-in, consent to opt-in to receive marketing communications must be be “freely-given, specific, informed and unambiguous”.
It is no longer permitted to use mailing lists on the basis of the old opt-in wheeze of a series of double negatives to leave a box unticked agreeing to be contacted by “the company’s marketing partners”. The ICO’s (Information Commissioners Office) guidance on interpreting GDPR specifically rules out pre-ticked boxes and states that any third party using a mailing list must be named when the consent is given.
From May 2018 a mailing list can only be opt-in if a person has ticked a box next to a statement that specifically names your company. So your client list and any one who has signed up to receive info from your company on your website are opt-in lists. Third party opt-in lists are pretty much out after May 2018 and any company or list broker promoting opt-in mailing lists is not up to speed on GDPR.
The good news is that ICO guidance also states that
You don’t always need consent. If consent is too difficult look at whether another lawful basis is more appropriate.
Electric Marketing mailing lists are compiled and used on the lawful basis of “legitimate interest“. If you have a business interest in contacting a person, you may contact them without gaining their prior consent to do so. This applies across mailing, telemarketing and email, with some key restrictions.
There are no restrictions on postal mailing. Direct marketing with envelopes and stamps is swinging back into fashion. It is expensive compared to email marketing but compares well with other forms of digital advertising.
Business-to-business telemarketing is restricted to companies which have not added themselves to the CTPS register. All Electric Marketing lists do contain the phone numbers of CTPS registered companies and they are marked up as CTPS. You can buy mailing lists excluding CTPS registered companies. It is worth noting that companies must renew their registration each year so a company’s CTPS status can change over time. You can check a company’s status by putting their phone number into our free CTPS Checker.
Email marketing for business-to-business marketing is restricted by your own list of individuals who have unsubscribed from receiving emails from your company. This is a key point of difference between consumer email marketing which definitely does require consent. The reason for the difference is that email marketing is governed by a different EU directive, known as the Privacy & Electronic Communications Regulations (PECR). PECR states that it is permitted to send emails offering business services to business people at their business email addresses, but if they ask you to stop emailing them, then you must remove them from your list and must not email them again.
So the opt-in mailing list is dead. But email marketing for business-to-business communications lives on.
List focuses on client companies with dedicated events budgets
Google “events managers” and get the names of thousands of people working in events. If you are selling to events managers, it looks as if you have a wide target market and hitting your sales figures will be stress-free.
But start contacting those events managers and find that it is one of those job titles that carries different responsibilities depending on the industry sector. Large hotels have events managers but they focus on selling the hotel as a venue to wedding organisers and training companies. Travel companies have events managers and their role is to target groups of people travelling to an event such as an international football match. All large venues, whether sports stadium or arts complex host events and the person running this is the events manager.
Those events managers do not buy in any services; their focus is revenue, sales and client servicing. Much like yours in fact.
If you are researching a mailing list of events managers, you are probably looking for a person who buys in event services; the person who chooses the venue, the caterers, the AV supplier, print, furniture, flowers, travel, hotels and all the extras that contribute to a successful event.
Electric Marketing‘s new list of events managers focuses on corporate event managers. We have weeded out the events managers working in venues, marketing agencies and trade organisations. We have excluded the charity sector and companies which organise events as their main source of revenue.
Our list of 400 events managers features companies with a turnover of over £30m. It is a targeted list that aims to bring you new business by focusing on the right sort of events managers which, as ever, are the types with a budget to spend.
Why Email Marketing is Still Key to the B2B Marketer’s Skill Set
The under-21s are an entrepreneurial lot; revelling in their command of new technology, they blog, vlog and Snapchat, they roll their eyes at Facebook (it’s where old people go online) and only check their emails if they are expecting something.
But they are keen to make money out of technology: they dream of bringing a killer app to market and riding into the top ten of the App Store.
How to achieve this? By blogging, vlogging and persuading other (more influential) bloggers and vloggers to write up the app.
Sending an email to a mailing list of ripe targets for the app is not on their to-do list.
Email marketing is targeted, fast and effective and it is falling out of favour with the new generation of marketers. Our 20somethings have grown up on mobiles and social media and cannot see that companies still require vast numbers of employees to spend time sat at their desk regularly checking and dealing with business emails. Sending an email gets your message in front of the decision maker in the company you are targeting.
Email marketing does require more planning than bashing out a blog; write the email, check the email for spelling, grammar and broken links, send it to some test email addresses to see if it contains a word that triggers filters and make sure that it does not lose its formatting on a mobile screen, test that your unsubscribe mechanism works. And finally choose who to send it to; use your existing client list, your list of leads and prospects or buy in a mailing list of executives in your target market.
If you are selling into businesses, email marketing remains the most direct and cost effective marketing tool in your arsenal. The 40something target for your killer business app is more likely to be reading his emails than reading this blog.
Microsoft announced a leap in profits last month attributing the rise to its relaunch of LinkedIn.
Since Microsoft bought LinkedIn in 2016, the corporate social media site has been flooded with innovative new functions. Microsoft has focused on the site’s main user-base – recruiters and jobseekers, and sales and marketing people. It offers packages of paid-for extras and add-ons for each of these target markets and promotes them relentlessly, largely by on-screen prompts and email.
I have been on the receiving end of a few comments on the lines of
“Can’t believe Electric Marketing is still going, now that we’re all using LinkedIn”
“Who buys email marketing lists these days?”.
But plenty of b2b marketers still buy email lists because while social media has its place, it also has its limits. Yes, you can make contact with a sales prospect on LinkedIn by inviting them to connect with you. And if they do not reply you can use the InMail service. If the prospect ignores your message, LinkedIn cannot get you any further. To persist in chasing that prospect now, you need a phone number, or an email address.
It can take 12 emails, phone calls and other contacts before a business person buys from a new supplier. You can reach out to a prospect over and over using email marketing, direct mail and telemarketing. And you can only start that process by having your prospect’s full contact details to hand.
LinkedIn understands this; it promotes its own products to its users by email. But it guards those email addresses closely; LinkedIn is mainly concerned with its profits, not yours.
Electric Marketing’s mailing lists come with full contact details. Our postal and email lists are sold on the basis of multiple use. If you have a list of leads and prospects that you have found on LinkedIn, our List Research Service can research their email addresses and full contact details for you. 25 years of experience in business-to-business marketing has taught us that re-mailing and regular emails, can build a client base and bring you sales.