How Has GDPR Really Changed B2B Email Marketing?
GDPR has been with us for four years this month.
Back in May 2018 we saw widespread confusion about GDPR along with predictions for the end of email marketing, career-ending fines and so much paperwork that it made email marketing unworkable.
But to be fair to the Information Commissioner’s Office (ICO) and the UK government, business-to-business marketing was given some clear opt outs of the most draconian aspects of GDPR. But these concessions did get lost in all the noise about the radical changes to marketing to consumers.
Since May 2018 the ICO has interpreted the rules as they are applied in the UK (not the same as how GDPR applies in Europe) and drawn up clear ICO guidelines for UK b2b marketers.
Here are my top five misconceptions about how GDPR affects email marketing when one business contacts another business with a sales and marketing email.
MYTH ONE The GDPR rules for consumer marketing and b2b marketing are the same
GDPR updated the rules on how 'consent' was obtained and pretty much ended cold emailing to consumers and the sale of consumer email data. BUT you may still send marketing emails to people at their business email address providing that you are selling a service which is relevant to their business. So you cannot send an email to my work address offering me a mortgage or a holiday, but you absolutely can email me about business finance, corporate travel, stationery, office furniture, recruitment, management consultancy, exhibitions, conferences, training courses, IT systems, telecoms, marketing services etc
Just make sure that you identify yourself, your company and put full contact details on the email. Marketing emails signing off with a casual
do not comply with GDPR.
You can send me one email and if I opt out, you must not email me again, so you do need to keep a file of opt-outs and remove those opt-outs from any list before you use it. This is GDPR's Right To Object which applies to all marketing communications.
MYTH TWO You must have consent to send emails to people in their place of work
There is a difference between GDPR rules for email marketing to consumers and businesses ('Corporate Subscribers'); you absolutely must have consent to send email to consumers and this cannot be third party consent where data subjects would opt in to receive email from a company and its ‘associated business partners’. GDPR rules say that third party consent is not consent at all. The old ‘opt-in lists’ are very much out.
BUT there are six bases for using personal data in GDPR; consent is one but another, which can be used by business-to-business marketers is Legitimate Interest. Broadly speaking, your company has a legitimate interest in contacting me about your products because you believe that I, as a business person, have an interest in knowing about them.
You will need to conduct a Legitimate Interests Assessment and make it available to anyone who asks to see it. You can find out more about Legitimate Interests here. It is good practice to end your email with a legitimate interests statement, saying that you are using the basis of legitimate interests to send a marketing email.
MYTH THREE You cannot buy lists of business email addresses legally
As I have said you cannot buy off-the-shelf lists of consumer email addresses but you can buy and use lists of company email addresses. These are not just generic emails such as info@ and sales@ (Electric Marketing does not provide these) but you may still buy and use personal corporate email addresses of named individuals.
As long as you contact people about business matters on the basis of Legitimate Interests, it remains legal to buy a list of business email addresses and send them an email marketing your company’s services. But I would buy from a reputable email list supplier as the there are rules for collecting, storing and transferring data which list suppliers must follow.
MYTH FOUR The fines for the slightest rule breach are ruinous
GDPR does allow for maximum fines to be applied which can run into thousands. BUT the ICO has made it very clear that it is not in the business of fining companies where it can be shown that honest mistakes have been made. The ICO is keen to educate companies on how to use the rules. Of course some fines have been handed out in the last four years but these have been to serial offenders who have not engaged with the ICO. GDPR is there to protect consumers from unscrupulous companies not to destroy legitimate businesses.
MYTH FIVE GDPR is so complex that it is not worth email marketing any more
GDPR is indeed a vast complex law but not as it applies to business-to-business email marketing.
Follow a few simple rules, (Legitimate Interests Assessment, file of opt-outs so that you don’t email anyone who has asked not to contacted) and you are good to get back to b2b email marketing again. And if you need new marketing data, well, you know where we are.
For more detailed information on GDPR and direct marketing in the UK, see the ICO's Direct Marketing Guidance leaflet. Page 44 deals specifically with business-to-business marketing.