data privacy

B2B email marketing and GDPR – what UK businesses need to know

businessman-2956974_1280.jpg

With the imminent advent of GDPR, UK businesses may wonder how their email marketing will be affected. Here are the four crucial things they need to know about B2B email marketing.

  1. The rules that govern electronic communications, including email, are the Privacy and Electronic Communications Regulations (PECR) (see the ICO Guide). The PECR does not cover B2B email marketing.
     
  2. The rules governing consent are found in the Data Protection Act 1998 (DPA) and in the General Data Protection Regulations (GDPR) that come into force in May 2018. The DPA and GDPR do not cover B2B email marketing.
     
  3. A business email address that contains an individual’s name, for example firstname.lastname@companyname.co.uk, will be personal data. The individual concerned has the right to opt out of further communication and, under the GDPR, to require that the sender cease processing their data. This means you must keep the data on a suppression list so that it is never used again for any purpose; if you are a commercial organisation forget what you may have read about ‘legitimate interest’, it won’t apply to you.
     
  4. So, this is what you need to know:
    A. You can send a first email, giving the person the option to opt out (this is how it works in the US for example). 
    B. The recipient can then opt out of further communications, so withdrawing consent.  They can go a step further and require that their personal data be suppressed (so you can’t use it again and you can’t pass it on to anyone else).

    This information is not legal advice and should not be treated as such.